An official website of the United States government
Here's how you know
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

News | Dec. 22, 2022

CID Lookout: Email addresses compromised using Raccoon Infostealer

The Department of the Army Criminal Investigation Division’s Cyber Directorate is warning the Army community about a malware enabling cybercriminals to steal important identification information from users.

According to Special Agent-in-Charge Marc Martin, Army CID’s Cyber Field Office, criminals used a type of Malware-as -a-service known as the Raccoon Infostealer, to steal the personal data of millions of victims across the globe.

MAAS, the paid use, or rental of malicious software for the purposes of executing cyber-attacks, enabled cybercriminals to steal millions of unique credentials and other forms of identification such as email addresses, bank account information, cryptocurrency addresses, credit card numbers, etc., from millions of victims from 2018 to early 2022.

“Cybercriminals were able to spread the Racoon Infostealer malware to victims using phishing emails, such as fake messages about the COVID 19 pandemic, or other topics that may be of interest to a victim,” said Martin. “These malicious phishing emails led to unsuspecting victims installing the malware on their systems.”

Martin said once the malware is inserted on a system, a cybercriminal can interact with the infected systems in real-time and obtain personal information such as user passwords and other sensitive data.

The author of the Racoon Infostealer malware, Ukrainian national Mark Sokolowski, is under investigation by the San Antonio FBI Cyber Task Force, which includes agents from Army CID and other law enforcement partners. With assistance from Dutch authorities, Sokolovsky was arrested in March while in the Netherlands. Around that same time, Italian authorities seized and took the Raccoon Infostealer server offline which was in Italy. Army CID played an instrumental role in the legal coordination between our Italian partners and the Department of Justice by providing a native Italian speaking CID agent to serve as the interpreter.

“This indictment demonstrates the resolve and close cooperation of the Army Criminal Investigation Division and the Federal Bureau of Investigation working jointly to protect and defend the United States,” said Special Agent-in-Charge Marc Martin, Army CID’s Cyber Field Office. “Army CID would also like to thank our law enforcement partners in Italy and the Netherlands.”

Due to the enormity of Raccoon Infostealer compromises, the FBI established a Raccoon Infostealer Disclosure portal for individuals to determine if their email address was compromised. Individuals can go to the website, https://raccoon.ic3.gov/home, and input their email address to determine whether it is contained within the U.S. government’s repository of Raccoon Infostealer stolen data. If the email address has been compromised, additional resources and information from the FBI’s Internet Crime Complaint Center (IC3) will be provided.

Only one email address may be submitted at a time. However, there is no cap on how many email addresses an individual can query.

“Everyone should ensure that they are practicing good cyber hygiene to decrease their chances of falling victim to cybercriminals,” said Martin.

Tips for better online security:
▪ Enabling multi-factor log in authentication
▪ Utilizing the longest password or passphrase possible
▪ Not using the same password for multiple accounts or websites
▪ Change passwords often
▪ Ensure antivirus/malware protection on devices is up to date
▪ Avoid opening attachments and links from unknown email senders
▪ Be mindful of information posted to social media to avoid social engineering attack.

Cybercrime Prevention Flyers are produced as part of the CID Cyber Lookout program to promote internet safety for the collective Army family and to provide recommendations to strengthen your cyber security posture and prevent cybercrime before it occurs.

For more information about computer security, other computer-related scams, and to review previous cybercrime alert notices and cyber-crime prevention flyers visit the Army CID Cyber Directorate at https://www.cid.army.mil/mcu-advisories.html. To report a crime to Army CID, visit www.cid.army.mil.