Back

Cyber Fraud Gang to Stand Trial for Stealing 900,000 Hryvnias from Victims

Severity: Medium (Score: 48.9)

Sources: Antikor.Info, Unn.Ua

Published: 2026-06-04 · Updated: 2026-06-05

Keywords: prykarpattia, hryvnias, cyber, nearly, five, stealing, retirees

Summary

Five individuals from Prykarpattia are set to face trial for stealing 900,000 hryvnias from 33 victims, including retirees and military personnel. The group gained unauthorized access to victims' online banking accounts using social engineering techniques and purchased stolen databases on Telegram. The theft occurred between 2024 and 2025, with funds withdrawn in small amounts to evade detection. The organized crime group was dismantled in January 2026 by local police and cybercrime units. The indictment has been sent to court, charging the suspects with unauthorized access to information systems, theft, and money laundering. Key Points: • Five men charged with stealing 900,000 hryvnias from 33 victims in Prykarpattia. • Attackers used social engineering and purchased stolen banking credentials on Telegram. • The organized crime group was exposed in January 2026 by local law enforcement.

Detailed Analysis

**Impact** Thirty-three individuals, including retirees and military personnel from various regions of Ukraine, were affected by the theft of approximately 900,000 hryvnias. The financial losses were incurred through unauthorized withdrawals from online banking accounts of a state-owned bank. The criminal activity primarily impacted personal banking customers in the Ivano-Frankivsk region, with funds laundered and distributed among five suspects. There are no reported direct operational impacts on the bank or other sectors. **Technical Details** The attackers purchased databases containing logins, passwords, and PINs via Telegram and used social engineering techniques during nighttime to confirm account access. They conducted small-value transactions (up to 500 UAH) to avoid detection and used third-party accounts to launder stolen funds. The group exploited mobile banking platforms but no specific malware, CVEs, or infrastructure details were provided. The attack chain involved initial access through credential compromise, followed by account takeover, fund withdrawal, and money laundering. **Recommended Response** Financial institutions should monitor for unusual small-value transactions, especially those occurring at night, and implement multi-factor authentication to mitigate credential-based access. Users must be educated about social engineering risks and advised to secure their login credentials. Law enforcement and cybersecurity teams should track and block known Telegram channels selling stolen credentials. No specific patches or malware signatures were identified for immediate deployment.

Source articles (2)

  • Five men to stand trial in Prykarpattia for stealing funds from retirees and military personnel — Unn.Ua · 2026-06-04
    Five residents of Prykarpattia will be tried for stealing 900,000 hryvnias from 33 individuals. They hacked the banking accounts of military personnel and retirees. An indictment has been sent to cour…
  • In Prykarpattia, a gang of cyber fraudsters who stole nearly 900000 hryvnias from bank ... — Antikor.Info · 2026-06-04
    Cyber fraud amounting to nearly 900 thousand hryvnias: police from the Carpathian region referred the case of an organized criminal group to court. This was reported by the police of the Ivano-Frankiv…

Timeline

  • 2024-01-01 — Criminal activities began: The group started stealing funds from victims' bank accounts using cyber fraud techniques.
  • 2025-01-01 — Criminal activities continued: The group continued their operations, affecting more victims and increasing the total stolen amount.
  • 2026-01-01 — Criminal group exposed: Law enforcement agencies dismantled the organized crime group, halting their fraudulent activities.
  • 2026-06-04 — Indictment sent to court: The indictment against the five suspects has been officially submitted to the court for trial.

Related entities

  • Data Breach (Attack Type)
  • Ukraine (Country)
  • T1078 - Valid Accounts (Mitre Attack)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed