Hackers claim to breach Russian state agency managing property, land records

A group of hackers with unknown ties has claimed responsibility for breaching a Russian government agency, Rosreestr, which is responsible for managing property and land records.

The group, which calls itself Silent Crow, created a Telegram channel in December to announce the breach, and Rosreestr is the only incident it has posted about. As evidence of the hack, the group publicly released a portion of a database containing names, dates of birth, addresses, phone numbers, email addresses and individual insurance account numbers of Russian citizens.

In a statement earlier this week, Rosreestr denied that its systems were breached but said it is investigating the hackers' claims.

Russian investigative journalists from the Agentstvo news outlet reported that they reviewed data from a dozen randomly selected entries in the leaked database and confirmed that all chosen identities were legitimate. Some individuals also had property addresses that matched their home addresses.

The alleged attack on the agency came just weeks after a suspected Russian threat actor targeted dozens of Ukrainian databases, which store official records, including citizens' biometric data, business records, property ownership, real estate transactions, legal and court decisions and tax records.

Access to these registers was temporarily suspended, leaving citizens unable to access essential services linked to their digital records. On Thursday, two weeks after the attack, Ukraine’s Ministry of Justice announced that it had resumed the operation of one of the country’s main state registers, as well as several online services that rely on information from these registers.

It remains unclear whether the reported attack on Rosreestr is a retaliation for the hack of Ukraine’s state registers.

According to Russian investigative journalists, it is possible that Silent Crow is merely a pseudonym for a more well-known hacker group that doesn’t want to be identified with the incident. If this is true, the scope of the leaked data could be extensive, said Andrey Soshnikov, editor-in-chief of the Russian publication Sistema, which focuses on investigations in the fields of technology and cybersecurity.

Rosreestr has often been used by independent media and opposition activists to uncover information about real estate owned by local state officials. Following some of these reports, the names of officials and their relatives were either hidden or removed from the registry. Under a new law adopted in 2023, details about Russian property owners can now only be disclosed with their consent.

Silent Crow has not revealed what it plans to do with the allegedly hacked data, but depending on its motivation, the threat actor could either sell it or hand it over to Moscow’s enemies.

The group’s Telegram channel was blocked shortly after they announced the hack, and it is not yet clear where the data was transferred. However, the hackers warned that they were preparing for another attack.

“Rosreestr has become a striking example of how large government institutions can collapse in just a matter of days,” the group said.