The cybersecurity community is on edge after an unidentified threat actor operating under the username ‘UAE’, claimed responsibility for a massive data breach attack involving the United Arab Emirates government. In a BreachForums post, the threat actor threatened to leak the data from the alleged UAE attack, unless a ransom of 150 bitcoins (USD 9 million) was paid.
The victims in the alleged UAE attack include major UAE government bodies such as the Telecommunications and Digital Government Regulatory Authority, the Federal Authority for Nuclear Regulation, and the Executive Council of Dubai, along with key government initiatives such as Sharik.ae and WorkinUAE.ae. Various ministries are also affected, including the UAE Ministry of Health and Prevention, Ministry of Finance, and the UAE Space Agency.
In the post, the threat actor claimed to have access to the personally identifiable information (PII) of various government employees, and shared a few samples that included names, emails, phone numbers, roles, and genders of top officials.
Threat Actor Shared Alleged Samples from UAE Attack
The sample screenshots shared by the threat actor allegedly display internal data from several major UAE government bodies. Additionally, the threat actor claimed to have acquired access to personally identifiable information (PII) of top government officials, displaying samples that list names, roles, and contact details.
The possession alleged samples by the threat actor, raises concerns over the security of government personnel and the integrity of national operations. The abrupt emergence of the hacker adds complexity to the incident, casting doubt on the veracity of the claims but potentially indicating a high-stakes risk scenario.
The implications of such a breach are severe, potentially affecting national security, public safety, and the economic stability of the UAE. The global cybersecurity community is closely watching the developments, emphasizing the need for a swift and decisive government investigation to confirm the extent of the intrusion and mitigate any potential damage.
Experts Advice Caution and Skepticism Regarding UAE Attack
The hacker’s emergence from obscurity with no prior credibility or record of such activities, casts doubt over the legitimacy of the claims.
Neither the UAE government nor the affected agencies have yet responded to these claims, nor has there been any independent confirmation of the breach. The Cyber Express team has reached out to the Telecommunications And Digital Government Regulatory Authority (TDRA) in Dubai for further information regarding the attacks.
The extensive list of affected entities and the nature of the alleged stolen data would suggest a highly sophisticated and coordinated attack, which seems incongruent with the profile of a lone, unestablished hacker.
As this story develops, it will be crucial to monitor responses from the UAE government and the cybersecurity community. It is critical for all stakeholders, including government officials and cybersecurity experts, to collaborate urgently to address this potential crisis, ensuring the protection of sensitive government data and maintaining public trust in national security measures.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
