Brinztech Alert: Alleged Database of Gosuslugi (Russian Government Services) is on Sale (20M Records)

Dark Web News Analysis

A threat actor on a monitored hacker forum is advertising the sale of a significant database purportedly belonging to Gosuslugi, the primary digital portal for Russian government services. The dataset is approximately 2.8 GB and contains roughly 20 million records. It is specifically segmented to include recipients of housing subsidies and pension support.

Brinztech Analysis:

• The Target: Gosuslugi (gosuslugi.ru) is the central nervous system of Russian digital governance. It handles everything from tax payments to voting and healthcare. A breach here is equivalent to a breach of the IRS, Social Security, and DMV simultaneously.
• The Data: The leak is described as highly structured (CSV, UTF-8) containing:
  • Identity PII: Full Names (Cyrillic), Dates of Birth (DOB).
  • Contact Info: Mobile Phone Numbers.
  • Social Context: The segmentation (pensioners/subsidy recipients) indicates this data might have come from a specific sub-department (e.g., the Pension Fund or Social Insurance Fund) rather than the main Gosuslugi authentication core.
• The Timeline: The leak date is listed as December 2025. Given the current date (December 11, 2025), this indicates a fresh, active breach. The initial automated flag of “future prediction” is likely incorrect; this is a zero-day leak.

Key Cybersecurity Insights

This alleged data breach presents sophisticated risks to Russian citizens, particularly vulnerable demographics:

• Pension Fraud (“Grandparent Scams”): The specific targeting of Pensioners is malicious. Attackers use the Name + DOB + Phone Number to call elderly victims.
  • Scenario: “This is the Pension Fund. Your monthly subsidy has been recalculated. To receive the arrears, please provide your Sberbank card details.” The accuracy of the personal data disarms the victim’s skepticism.
• Social Profiling & Mobilization Evasion: The dataset highlights “age-based targeting.” In the current geopolitical climate, data on age, location, and phone numbers is highly valuable for finding individuals eligible for mobilization or, conversely, for those attempting to avoid it.
• SIM Swapping & 2FA Bypass: Gosuslugi accounts are often the gateway to other services (like banking). Attackers can use the mobile numbers and PII to attempt SIM swaps, aiming to intercept the 2FA codes required to log into the real Gosuslugi portal.
• Micro-Loan Fraud: In Russia, the “Micro-Finance Organization” (MFO) sector is rife with fraud. Criminals use stolen PII (Name + Passport/DOB) to take out high-interest online loans in the victim’s name.

Mitigation Strategies

In response to this claim, Russian citizens and the Ministry of Digital Development should take immediate measures:

• 2FA Hardening: Users must ensure Two-Factor Authentication (2FA) is enabled on their Gosuslugi account. If possible, switch from SMS OTP to TOTP (app-based codes) to mitigate SIM swapping risks.
• Credit History Freeze: Citizens should check their credit history via the National Bureau of Credit Histories (NBKI) to ensure no unauthorized micro-loans have been opened in their name.
• Scam Awareness for Seniors: Families should proactively warn elderly relatives: “The Pension Fund will never call you to ask for card details or transfer codes.”
• Digital Hygiene: Be wary of emails or SMS claiming “New Subsidy Available” that lead to third-party sites. Always log in directly to gosuslugi.ru to check for official notifications.

Secure Your Business with Brinztech — Global Cybersecurity Solutions Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com