Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Hackers Arrested for ‘infiltrating’ Ukraine’s Health Database

Hackers Arrested for ‘infiltrating’ Ukraine’s Health Database

The Security Service of Ukraine (SSU) has arrested a team of actors who illegally infiltrated the information system of the National Health Service of Ukraine (NHSU) and entered false vaccination entries for other people.

The actors found clients in the Sumy region through a team of doctors who participated in the scheme and offered to create false COVID-19 vaccination certificates for anyone who paid them 3,000 hryvnias ($114).

By hacking into the NHSU system and entering false data, the actors enabled their ‘clients’ to pass any COVID-19 vaccination checks requiring QR code scans.

Also Read: How does ransomware happen? Here are 7 ways to prevent them

Snapshot from the police raid
Snapshot from the police raid
Source: SSU

It is unclear if the actors were skilled hackers or healthcare insiders who used their work credentials to access the NHSU database.

“The attackers illegally “infiltrated” the information system of the National Health Service of Ukraine (NHSU), which allowed them to enter false information into the mobile application “Action” about the “vaccination” of residents of the region,” says the SSU’s statement.

Ukrainian police said the actors modified health records up to 200 times a month, but it is unclear how long this scheme was conducted.

For their crimes, the arrested individuals are facing proceedings under Part 2 of Art. 361, part 3 of Art. 358 (unauthorized interference in the work of electronic computers and sale of forged documents) of the Criminal Code of Ukraine.

Also Read: Ways to protect HR data and avoid penalties for data breaches

Cybercriminals abuse the “Action” app

The government in Ukraine recently launched a central information app called “Action,” where citizens can store vaccination certificates and other essential documents.

The app’s goal was to promote the adoption of smart ID technology in the country and push forgeries to obsolescence.

Last week, BleepingComputer found a fake “Action” app being sold on local Telegram channels allowing users to generate any certificate they need to move without restrictions or enjoy other benefits.

Post promoting the clone Action app
Post promoting the clone Action app on Telegram

The app is sold for 120 hryvnias ($4.5) and is mainly used to create fake vaccination certificates, driver’s licenses, and student cards for public transport ticket discounts.

While the fake “Action” doesn’t change the NHSU database and will not pass QR code scan checks, it’s perfect for “glance” checks when entering a public space.

The Prosecutor General of Ukraine, Iryna Venediktova, responded to this wave of false vaccination certificates on her personal Facebook account.

As she warns, fraudsters “should not expect any mercy from her” and underlined that these violations are not minor and justice won’t treat them as such.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us