$2,500 for an Entire Country. Database of Armenian Residents Sold on the Dark Web
Data on fines and court cases of Armenian residents may have been exposed due to malicious software.
Data on fines and court cases of Armenian residents may have been exposed due to malicious software.
Information about the sale of a database allegedly linked to Armenia's state postal and notification services has appeared on a cybercriminal forum. This was reported by the resource Daily Dark Web. According to the publication's authors, the database contains about 8 million records related to official notifications, including messages from the Compulsory Enforcement Service, the Patrol Police, and judicial bodies.
The seller priced the archive at $2,500 and describes it as a consolidated collection of government mailings. At the time of publication, these claims had not been verified by independent sources, and the database itself, according to the seller, was still up for sale.
Armenian authorities promptly responded to the reports and publicly denied information about a breach of the central government email system. An official statement emphasized that the leak is not related to state postal infrastructure. Preliminary data suggests the published files may have been obtained from the electronic civil litigation system cabinet.armlex.am. An internal investigation is currently underway to confirm the data source and establish the method of extraction.
Regardless of the technical details of the incident, the potential consequences for citizens could be severe. Databases linked to official notifications typically contain names, contact information, case numbers, details about fines, enforcement measures, or court proceedings. Such data falling into the wrong hands opens up opportunities for targeted phishing, fraud, extortion, or disinformation campaigns disguised as official communications.
Researchers paid particular attention to the alleged data seller, known under the pseudonym dk0m. This member of the cybercriminal underground has held a high reputation on English-language forums since 2024 and specializes in selling data related to government structures.
Unlike hacktivists acting on political motives, dk0m is focused exclusively on financial gain. Their typical approach involves using infostealer logs — malware that steals saved passwords and session cookies from victims' browsers. This data is then filtered to find access to government portals. Previously, the same seller has been credited with selling credentials and databases from ministries in Argentina, Ukraine, and Brazil, often publishing convincing document samples to confirm authenticity.
Screenshots that emerged as early as August 2024 indicated that the attacker might have already possessed data related to Armenia at that time. It is possible that the current announcement is an attempt to monetize information obtained earlier.
The situation is complicated by the broader geopolitical and cybersecurity landscape. Armenia has been operating in a tense cyber environment for several years, where the interests of cybercriminals, intelligence agencies, and politically motivated groups intersect. While authorities rightly reject the version of a central mail breach, they effectively acknowledge that unauthorized data leakage could have occurred in another segment of the state digital ecosystem. For ordinary citizens, this is little consolation, as a leak remains a leak regardless of which specific component failed.
If the database offered for sale is indeed genuine, its value lies not only in its volume but also in the trust associated with the data it contains. Information linked to courts, police, or enforcement services significantly simplifies social engineering. Recipients of such messages may trust emails or notifications containing real case and fine numbers, increasing the risk of panic and rash actions. In the context of the active development of digital public services, such incidents can undermine trust in the electronic state as a whole.
