COVID vaccine

The Security Service of Ukraine (SSU) has arrested a team of actors who illegally infiltrated the information system of the National Health Service of Ukraine (NHSU) and entered false vaccination entries for other people.

The actors found clients in the Sumy region through a team of doctors who participated in the scheme and offered to create false COVID-19 vaccination certificates for anyone who paid them 3,000 hryvnias ($114).

By hacking into the NHSU system and entering false data, the actors enabled their 'clients' to pass any COVID-19 vaccination checks requiring QR code scans.

Snapshot from the police raid
Snapshot from the police raid
Source: SSU

It is unclear if the actors were skilled hackers or healthcare insiders who used their work credentials to access the NHSU database.

"The attackers illegally "infiltrated" the information system of the National Health Service of Ukraine (NHSU), which allowed them to enter false information into the mobile application "Action" about the "vaccination" of residents of the region," says the SSU's statement.

Ukrainian police said the actors modified health records up to 200 times a month, but it is unclear how long this scheme was conducted.

For their crimes, the arrested individuals are facing proceedings under Part 2 of Art. 361, part 3 of Art. 358 (unauthorized interference in the work of electronic computers and sale of forged documents) of the Criminal Code of Ukraine.

Cybercriminals abuse the “Action” app

The government in Ukraine recently launched a central information app called "Action," where citizens can store vaccination certificates and other essential documents.

The app's goal was to promote the adoption of smart ID technology in the country and push forgeries to obsolescence.

Last week, BleepingComputer found a fake "Action" app being sold on local Telegram channels allowing users to generate any certificate they need to move without restrictions or enjoy other benefits.

Post promoting the clone Action app
Post promoting the clone Action app on Telegram

The app is sold for 120 hryvnias ($4.5) and is mainly used to create fake vaccination certificates, driver's licenses, and student cards for public transport ticket discounts.

While the fake "Action" doesn't change the NHSU database and will not pass QR code scan checks, it's perfect for "glance" checks when entering a public space.

The Prosecutor General of Ukraine, Iryna Venediktova, responded to this wave of false vaccination certificates on her personal Facebook account.

As she warns, fraudsters "should not expect any mercy from her" and underlined that these violations are not minor and justice won't treat them as such.

Related Articles:

Misconfigured Firebase instances leaked 19 million plaintext passwords

Ukraine arrests hackers trying to sell 100 million stolen accounts

Ukraine claims it hacked Russian Ministry of Defense servers

Epic Games: "Zero evidence" we were hacked by Mogilevich gang

New IDAT loader version uses steganography to push Remcos RAT