Armenia probes alleged sale of 8 million government records on hacker forum

Hackers are offering for sale what they claim is a large trove of Armenian government-related data, prompting officials in Yerevan to open an investigation into a potential breach.

The alleged seller, using the alias dk0m, said it gained access to a government notification system used to distribute official communications, including legal and administrative notices.

The dataset, advertised on an underground forum for $2,500, is said to contain about 8 million records linked to official notifications, including communications from police and judicial bodies.

In a statement on Saturday, the Public Relations and Information Center of Armenia (PRIC) — a government-linked strategic communications body — denied that the country’s government email infrastructure had been breached, but said attackers may have accessed data from another state platform.

“A preliminary review suggests that the leaked files were obtained from the electronic civil litigation platform,” PRIC said, adding that an internal probe is under way to confirm the source of the data and how it was accessed.

Cybersecurity researchers at CyberHUB-AM, a non-governmental group focused on digital security, said dk0m is a known broker on underground cybercrime forums, with a history of selling government-related data dating back to at least 2024.

According to the researchers, the actor typically relies on infostealer malware — tools designed to harvest saved credentials and session cookies from infected devices — to identify access to sensitive government portals before packaging and reselling the data.

They noted that dk0m has previously advertised data linked to ministries in countries including Argentina, Ukraine and Brazil, often sharing samples or database structures to bolster credibility.

Screenshots dating back to August 2024 suggest the actor may already have possessed Armenian government-related data, raising the possibility that the latest offer is an attempt to monetize material obtained earlier, the group said.

If the dataset is authentic, researchers warned it could expose Armenian citizens to heightened cyber risks.

“Official-looking data tied to courts, enforcement services or police structures significantly lowers the barrier for social engineering attacks,” CyberHUB-AM said.

“Citizens could be targeted with highly convincing scam messages referencing real case numbers, fines or enforcement actions, increasing the likelihood of panic-driven responses or compliance.”