In a rapidly unfolding cybersecurity incident, Armenia’s government has been thrust into the spotlight after claims emerged that a hacker, operating under the alias dk0m, is attempting to sell a massive database of government-related records. Allegedly containing over 8 million entries, this dataset includes sensitive information from Armenia’s judicial and law enforcement systems. The data, which includes official notifications and legal communications, was offered for sale on an underground cybercrime forum for $2,500. While the Armenian authorities have denied that their central email system was compromised, they are investigating the source and extent of the breach. The incident has raised alarms about the potential for cybercrime, identity theft, and social engineering attacks targeting Armenian citizens.
The Alleged Breach
The controversy began on January 9, 2026, when reports surfaced that dk0m, a well-known figure in the dark web community, had claimed responsibility for acquiring and selling a large collection of Armenian government data. The hacker, who has a history of selling sensitive data from various governments, purportedly gained access to Armenia’s notification system, which is used to distribute legal and administrative communications. The dataset allegedly contains personal and case-related information, including details from police, courts, and judicial bodies. The hacker offered the records for sale on a dark web forum for $2,500, claiming to have extracted data from multiple government departments. The sale was advertised as a comprehensive database of government-related communications, including official notices regarding legal proceedings, fines, and enforcement actions.
Investigating Claims: The Evidence
Though the claims made by dk0m are yet to be independently verified, cybersecurity experts have been quick to weigh in. Researchers from CyberHUB-AM, a leading Armenian cybersecurity organization, investigated the situation and discovered that dk0m had previously advertised data from various countries, including Argentina, Ukraine, and Brazil. This history of selling government-related data lends some credibility to the hacker’s claims. Additionally, screenshots from as early as August 2024 indicate that dk0m may have already been in possession of Armenian government data long before the January 2026 sale attempt.
The dataset allegedly consists of 8 million records, many of which are tied to the judicial and law enforcement systems in Armenia. Cybersecurity analysts warn that such data could easily be used to facilitate highly convincing social engineering attacks. By using real case numbers, court references, and other official-looking details, cybercriminals could trick citizens into compliance through phishing schemes, extortion, or fraud. The presence of such data on the dark web represents a significant risk to both the public and the integrity of Armenia’s digital infrastructure.
Armenia’s Response to the Breach Claims
In response to the claims, the Government of Armenia was quick to deny that its central email system had been compromised. In a statement issued on January 11, 2026, Armenia’s Public Relations and Information Center (PRIC) assured the public that the country’s email infrastructure had not been breached. However, they acknowledged that the data leak was likely sourced from another government platform, the electronic civil litigation portal, known as cabinet.armlex.am.
PRIC emphasized that an internal investigation was underway to confirm the source of the leak and determine how the data was accessed. While the government rejected the idea that its central email system was compromised, they did not dismiss the possibility that a vulnerability elsewhere in the digital ecosystem had been exploited. This statement has left some questions unanswered, particularly regarding the method by which dk0m allegedly gained access to such a vast collection of government data.
The Role of dk0m and Infostealer
dk0m is a hacker known for specializing in the sale of government data. According to reports, the hacker typically employs infostealer malware to harvest sensitive data from compromised devices. Infostealers are malicious programs designed to extract saved passwords, session cookies, and other sensitive information from users’ browsers. By identifying credentials for government portals and services, dk0m has been able to gain unauthorized access to official systems and gather valuable data for resale on dark web forums.
This pattern of behavior, which involves the use of malware to obtain government credentials, is not new for dk0m. The hacker has been active on dark web forums since at least 2024 and is well-known for selling high-value datasets from various ministries around the world. What makes this case particularly concerning is the potential scale of the leak. If the claims of 8 million records are accurate, this breach could have serious ramifications for the security of Armenia’s digital infrastructure and the safety of its citizens.
Ongoing Investigations
As of January 13, 2026, Armenian authorities continue to investigate the breach, working to confirm the authenticity of the claims and determine how the data was accessed. The government has urged citizens to remain vigilant against suspicious communications that may arise from this breach.
The geopolitical context surrounding this breach adds an additional layer of complexity. Armenia has long been in a hostile cyber environment, with frequent cyberattacks and politically motivated hacks. While the Armenian government has firmly rejected claims of a breach to its central email system, it has been cautious in its response, acknowledging the possibility of unauthorized access to other parts of its digital infrastructure. The international nature of the cybercrime community, combined with Armenia's strategic position in a geopolitically sensitive region, means that this incident is likely to have broader implications for regional security and diplomatic relations.
Conclusion
The Armenian government has denied claims of a breach of its central email system, following allegations that a hacker, dk0m, is selling a database containing over 8 million government-related records. While dk0m asserts that the data was extracted from a government notification system, authorities have pointed to a potential leak from the electronic civil litigation platform. The government is currently investigating the incident, but as of now, the authenticity of the claim remains unverified. This potential breach highlights the growing threat of cybercrime and its potential to disrupt not only the security of national institutions but also the daily lives of ordinary citizens. As hackers continue to exploit vulnerabilities in digital systems, both individuals and governments must remain vigilant in safeguarding their data.
0 Comments