Armenian authorities opened an investigation after a threat actor using the alias dk0m advertised for sale a dataset allegedly containing nearly 8 million government-related records tied to a state notification system used to distribute official legal and administrative communications. The data was marketed on an underground forum for $2,500 and was described as including notifications and communications associated with police and judicial bodies; officials in Yerevan publicly denied that the country’s government email infrastructure had been breached while acknowledging the possibility that another state platform was accessed.
Armenia’s Public Relations and Information Center (PRIC) said a preliminary review indicates the leaked material may have originated from the electronic civil litigation platform, and that an internal probe is ongoing to confirm the source and access path. Researchers at CyberHUB-AM assessed dk0m as a recurring data broker active since at least 2024 and reported the actor commonly uses infostealer malware to harvest credentials/session data and identify access to sensitive government portals before repackaging and reselling datasets; screenshots reportedly dating to August 2024 were cited as supporting evidence. The alleged exposure could increase social engineering risk by enabling highly credible scams referencing real case numbers, fines, or enforcement actions.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
4 events from the most recent confirmed update back to the earliest known activity.
CyberHUB-AM researchers assessed that dk0m likely used infostealer malware to obtain credentials and session cookies for sensitive government portals before repackaging the data for resale. They warned that, if authentic, the dataset could be used for convincing social-engineering scams referencing real case numbers, fines, or enforcement actions.
Armenian officials in Yerevan opened an investigation into the claimed sale of the records. The Public Relations and Information Center denied a breach of government email infrastructure but said a preliminary review suggested the data may have come from the electronic civil litigation platform instead.
A threat actor using the alias dk0m offered for sale about 8 million alleged Armenian government-related records on an underground hacker forum for $2,500. The actor claimed the data came from a government notification system used to distribute official legal and administrative communications.
CyberHUB-AM researchers said screenshots dated August 2024 indicate Armenian-related government data may already have been in the threat actor dk0m's possession by that time. The material was described as including police and judiciary communications.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
2 references tracked. Mallory keeps watching after this page renders.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.