Brinztech Alert: Verified Accounts for Russia’s Gosuslugi Government Portal on Sale

Dark Web News Analysis: Verified Gosuslugi Accounts on Sale on Hacker Forum

A threat actor is advertising the sale of verified user accounts for Gosuslugi, the official Russian government services portal. The sale, posted on a hacker forum, is a critical national security event, as Gosuslugi accounts are a central hub for a citizen’s official and personal data. The seller is a professional operator, using multiple secure and encrypted communication platforms (Tox, Telegram, Session, Signal) to conduct sales. The asset being sold is not just a list of passwords, but complete, verified accounts:

• Type of Asset: Verified user accounts for the Gosuslugi portal.
• Access Level: Full access to a citizen’s personal and government data, including social services, tax records, official documents, and more.
• Status: The accounts are advertised as “verified,” meaning they have likely passed official government identity checks, making them extremely valuable for criminals.

Key Cybersecurity Insights

The sale of verified accounts for a national e-government portal is a worst-case scenario, providing attackers with a “digital master key” to a citizen’s entire life.

• “Verified” Accounts are a “Digital Master Key” to a Citizen’s Life: Gosuslugi is a centralized portal for nearly all official citizen interactions in Russia, from paying taxes and receiving benefits to accessing medical records and renewing passports. A verified account is a digital master key. An attacker in control of this account can effectively impersonate a citizen in all of their official dealings, leading to catastrophic and irreversible identity theft, financial fraud, and even property theft.
• A Powerful Tool for State-Level Espionage and Surveillance: Foreign intelligence agencies are a likely customer for these verified accounts. They can be used to track individuals of interest (e.g., government officials, dissidents, military personnel), gather deep intelligence on the Russian population, or use the accounts to carry out malicious activities under a false, legitimate identity.
• Use of Multiple Secure Platforms Indicates a Sophisticated Seller: The seller’s use of a wide range of encrypted messaging apps is a sign of a professional and security-conscious criminal operation. They are taking significant steps to protect their identity and manage their sales, which indicates that this is a serious and credible threat, not a low-level scam.

Critical Mitigation Strategies

This threat requires an urgent, nation-level response from the Russian government to protect its citizens from systemic fraud and identity theft.

• For the Russian Government: Mandate Multi-Factor Authentication (MFA) Immediately: This is the most critical and direct technical defense. The government must mandate the use of strong MFA (preferably not SMS-based) for all Gosuslugi accounts. This adds a crucial security layer that makes it significantly harder for criminals to use stolen passwords to take over accounts.
• For the Russian Government: Launch a Public Awareness Campaign and Enhance Monitoring: The government needs to launch an urgent and widespread public awareness campaign, warning all citizens of this threat. They must instruct all users to immediately change their passwords and enable MFA. Concurrently, they must enhance their monitoring of all account activity for suspicious logins or anomalous behavior.
• For Russian Citizens: Secure Your Gosuslugi Account Now: This is the most critical advice for potential victims. All Gosuslugi users should immediately change their password to a long, strong, and unique one. Most importantly, they must enable the strongest form of MFA available to them to protect their digital identity.

Secure Your Organization with Brinztech As a cybersecurity provider, we can protect your business from the threats discussed here. Contact us to learn more about our services.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. For general inquiries or to report this post, please email us: contact@brinztech.com