Updated on 2022-11-23: Moldovan Government Officials Hit by Cyberattack
Hackers appear to have compromised communications between several Moldovan government officials. Private conversations of the country’s Minister of Justice, the Defense and National Security Advisor to the President, and the former Minister of Internal Affairs have been leaked.
- This is a complex story with not a lot of verification, but I wanted to highlight one important quote: “The Justice Ministry confirmed the leak but added that some messages were grossly modified or taken out of context.” This is a good one to highlight to CXOs and board members: doing company business over apps that have “zero revenue” models, or only get revenue through sponsored messages and in-app purchases is an enormous risk. The risk is not just eavesdropping, it is fake messages being sent out as coming from your company.
- If you’ve seen the movie RED with Bruce Willis, you’re thinking of the end-quotes pertaining to Moldova. In this case, it’s their leadership which finds themselves in an uncomfortable position under “hot pursuit.” Essentially their Telegram accounts were compromised. Beyond my usual pitch to implement MFA everywhere, I would also add understanding who and how information you’re sending over a service can be accessed. If you have any doubts, implement your own encryption (such as S/MIME for email) rather than relying on service provided encryption, particularly if it’s not truly end-to-end. When in doubt, use enterprise vetted services, on their issued devices.
Read more in
Overview: Major hack-and-leak info-op unfolding in Moldova
A major hack-and-leak influence operation is currently unfolding in the small Eastern European state of Moldova, where a newly-registered website named Moldova Leaks has released the private correspondence of at least two political figures and promises to release more.
Selected private Telegram conversations from Sergiu Litvinenco, Moldova’s Minister of Justice, were leaked last week, and new conversations were released this week from Dorin Recean, the current Defense and National Security Advisor to the President and former Minister of Internal Affairs of Moldova.
In one of the leaked Telegram conversations, Litvinenco implied that the Anticorruption Prosecutor contest was rigged in favor of Veronica Dragalin winning the post—which she currently occupies.
The leaked messages unsurprisingly caused a major political scandal in Moldova, being picked up by the pro-Russian political opposition parties as clear-cut evidence that Litvinenco was corrupt and a reason to ask the Parliament for his and Dragalin’s dismissal.
Multiple of Litvinenco’s conversations were leaked, and members of pro-Russian political parties, including those under active corruption and abuse of power investigations, issued statements on social media to confirm the authenticity of their exchanges with the Moldovan Justice Minister.
But Litvinenco and the Moldovan government called the leak a part of Russia’s hybrid war to destabilize the local pro-European government.
The Justice Ministry confirmed the leak but also said that some messages were grossly modified or taken out of context.
“The purpose of this fake is to divert the public’s attention from the real problems faced by criminal groups in the Republic of Moldova and their connections with foreign services,” the official said on Facebook.
Litvinenco also added that the Telegram account of Moldova’s President Maia Sandu was also compromised as part of the attack, and she might be the figure at the top of the Moldova Leaks chart listed on the hackers’ website.
It is currently unknown who is behind the Moldova Leaks website, but Litvinenco said his ministry has already started a formal investigation into the hack, which will also look at the Minister of Internal Affairs, which the official said has the technical capabilities to obtain such conversations at its disposal—suggesting that investigators don’t rule this out as an insider attack.
But even if this could be the work of some hacker-for-hire mercenary group, several infosec figures believe this is the work of Russia’s GRU agency, which has executed hack-and-leak operations in the past to push Russia’s political interests abroad.
And as a former part of the Soviet Union, Russia has quite an interest in keeping Moldova under its sphere of influence and not letting it align with the EU and Romania.
A Washington Post investigation found that Russia’s FSB intelligence agency has funneled tens of millions of US dollars through its state-backed companies to Moldova’s pro-Russian political parties, and especially to PSRM, the party of Igor Dodon, Moldova’s former President.
Dodon, who was caught on video accepting bribes, was indicted earlier this year for treason, accepting money from criminal organizations, and illegal enrichment, charges filed by Litvinenco and under Sandu’s clear political agenda to rid the country of corrupt politicians.
But the WaPo report also pointed to a change in Moscow’s political financing in Moldova, with the Kremlin turning its favors and funding power to Șor, a new pro-Russian political party led by Ilan Șor, none other than the prime suspect at the heart of a major financial scandal when $1 billion went missing from three Moldovan banks back in 2014.
Three days before he was sanctioned by the US Treasury Department for corruption and promoting Russia’s interests abroad, Șor’s party organized an anti-EU and anti-government protest in Moldova’s capital.
While the Moldova Leaks website might not be an effort to protect Dodon’s reputation, they appear to be related to supporting Șor.
Coincidentally—or not—the leak site was put up on the same day the Moldovan government accepted a motion from Justice Minister Litvinenco to review the constitutionality of the Șor party and possibly have it outlawed for putting the country’s sovereignty and independence at risk.