Irish foreign affairs ministry says ‘no evidence’ of cyber breach following extortion claim

Ireland’s Department of Foreign Affairs (DFA) said there was currently “no evidence of any breach” of its IT systems following a claim by a new cyber extortion group that it had stolen data and was prepared to sell it.

The new group, calling itself Mogilevich, listed the DFA on Tuesday, claiming to offer 7GB of compromised documents for sale. The group did not provide any evidence supporting its claims of having breached the department.

Three other victims are listed on Mogilevich’s extortion site. Recorded Future News is not publishing their names as these companies have not responded to requests for comment. The group provided no evidence for the other breaches, which are also unsupported by any public evidence.

In a statement, a spokesperson for the DFA said the department was “notified by Ireland’s National Cyber Security Centre (NCSC) on Tuesday evening (27 February) of a potential cybersecurity incident.”

They added that the DFA “has been working closely with the NCSC to establish whether this allegation is authentic.”

So far, they said “there is no evidence of any breach of DFA ICT security infrastructure. The Department, in conjunction with the NCSC, will continue its investigation and, should any breach be identified, will address any issues that arise around information held by the Department.”

There are a number of indications that the Mogilevich group is inauthentic. Unlike the extortion sites used by established ransomware-as-a-service groups, Mogilevich’s site is amateurishly designed.

The group also requests a $1,000 deposit from potential affiliates — something likely to provoke enormous suspicion among professional fraudsters.

Fraudulent ransomware gangs are an established occurrence in the cybercrime world. Back in 2019, cybersecurity company Coveware named the phenomenon “Phantom Incident Extortion” in a report detailing the scam.

Such scammers are the bottom-feeders of the ransomware world, lacking both the capabilities to gain initial access to a victim’s network and then the platform to monetise that access — despite how significantly the cybercriminal ecosystem has lowered the bar for both.