A Lithuanian cosmetic surgery clinic was recently the victim of a cyber-attack; exposing thousands of clients…literally. A group calling themselves the Tsar Team hacked into the Grozio Chirurgija servers and stole over 25,000 private photos (including nude ones). After stealing the private files, the group demanded ransoms from the patrons of the clinic. Although the number of affected clients is unknown, the victim-base is 60 countries wide and dozens have come forward to report the blackmailing.
However, the pictures were only the tip of the iceberg. Tsar Team obtained sensitive data ranging from passport scans to national insurance numbers. Before targeting the individual clients, the group attempted to demand a ransom from the clinic itself. Their price for the entire database was 300 bitcoin – over $6 million dollars in USD. Despite the Tsar Team’s desperate efforts for cash, it was clear the clinic and its clients weren’t going to satisfy their demands.
In retaliation of their failed advances, the Tsar Team released several hundred of the private images back in March. After months of silence, the unaffected felt they were safe from the fire. They were wrong. On May 30th, 2017 the Tsar Team released the rest of the clinic’s database. Although little is known on this hacker group, rumors are beginning to surface the web. A blogger at The Guardian writes,
“Tsar Team is another name for the hacking group known to security researchers as APT28 or “Fancy Bear”, which has been linked to hacks on the Democratic National Committee, En Marche and the Konrad Adenauer Foundation. It is not yet known whether the hackers that attacked Grozio Chirurgija are linked to APT28, or if they’re an unrelated group that adopted the same name for disinformation purposes.”