Stolen Government and Police Department Emails Auctioned on the Darknet for $40
In a concerning development, cybercriminals are no longer just reselling access to hacked accounts; they're actively marketing specific use cases, such as submitting fraudulent subpoenas or bypassing verification procedures for social platforms and cloud providers.
This shift in strategy has resulted in a higher ratio of malicious attachments and links being clicked on. The selling of these accounts allows for impersonation of law enforcement and government employees through their own emails. Buyers receive complete SMTP/POP3/IMAP credentials for the accounts, granting them full control.
These compromised, active, and trusted inboxes are being offered for immediate malicious use via encrypted messaging platforms like Telegram or Signal. In some cases, criminal marketplaces advertise access to official law enforcement portals on platforms such as TikTok and X for additional data retrieval.
Threat actors use simple methods such as credential stuffing, exploiting password reuse, infostealer malware, and targeted phishing to compromise law enforcement and government accounts. The Abnormal AI report, published on August 14, states that these compromised law enforcement and government email accounts are being sold on the dark web.
The affected officials hail from various countries, including the US, UK, India, Brazil, and Germany, with agencies such as the FBI among those affected. Emails from domains such as .gov and .police are more likely to evade technical defenses and less likely to raise suspicion among recipients.
The commoditization of institutional trust has broadened the appeal of these accounts and lowered the barrier to entry for impersonation-based attacks. The compromised accounts offer attackers opportunities to conduct sophisticated fraud and data theft schemes, including sending fake subpoenas and accessing sensitive information through emergency data requests.
It's important to note that there is no publicly available, credible information from the provided search results about specific darknet service providers offering access to active government and official email accounts for officials from the USA, UK, India, Brazil, and Germany, nor about the costs such access would entail. However, the Abnormal AI researchers noted a marked shift in strategy in the selling of these compromised accounts on the dark web, suggesting that this issue warrants close attention and vigilance.
