Substitute while the actions of the article are loading
For more than a decade, US cybersecurity experts have warned of Russian hacking, which is increasingly using the workforce of financially motivated criminal gangs to achieve political goals, such as strategically leaking campaign emails.
Fruit ransom groups have closed pandemic patients, the Colonial Pipeline key fuel pipeline and schools over the past year and a half; published sensitive documents by corporate victims; and in one case promised to step up attacks on US infrastructure if Russian technology is cracked in retaliation for invading Ukraine.
Yet the third month of the war saw Russia, not the United States, fight an unprecedented wave of hacking that intertwined government, political volunteerism, and criminal activity.
Digital attackers have robbed the country’s personal financial data, damaged websites and passed decades of government emails to activists against secrecy abroad. A recent study found that more passwords and other sensitive data from Russia were thrown into the open network in March than information from any other country.
The published documents include a cache from the regional office of media regulator Roskomnadzor, which reveals topics its analysts have been most concerned about on social media – including anti-militarism and drug legalization – and has reported to the FSB’s Federal Intelligence Service. was the arrest of some who complain about government policies.
A separate treasure from VGTRK, or All-Russia State Television and Radio Broadcasting Co., has uncovered 20 years of emails from the state media chain and is “big” with expected impact, said a researcher from cybersecurity firm Recorded Future, who spoke on condition of anonymity. to discuss his work on dangerous hacker circles.
The broadcast cache and some of the other notable booty came from a small hacktivist group formed when war began to seem imminent, called Network Battalion 65.
“Federation government: lack of honor and outright war crimes have won you a special award,” read a note left on the victim’s web. “This bank has been hacked, redeemed and soon sensitive data will be released on the Internet.”
In its first in-depth interview, the group told The Washington Post via encrypted chat that it does not receive guidance or assistance from government officials in Ukraine or elsewhere.
“We pay for our own infrastructure and dedicate our time outside of work and family responsibilities to that,” an unnamed English spokesman said. “We do not want anything in return. It’s just the right thing to do. “
Christopher Painter, a former senior US diplomat on cyberspace, said the rise in such activities risks escalating and interfering with covert government operations. But so far, it seems to be helping US goals in Russia.
“Are the goals worthy?” “Yes,” Painter said. “An interesting trend is that they are now the target of all this.”
Painter warned that Russia still has offensive capabilities, and US officials have called on organizations to prepare for an expected Russian cyber attack, which may be considered deployed at the moment of maximum effect.
But perhaps the most important victim of the wave of attacks is the myth of Russian cyber supremacy, which for decades has helped scare hackers in other countries – as well as criminals within its borders – from targeting a nation with such a great operation.
“The sense that Russia is banned has somewhat faded, and hacktivism is one of the most accessible forms of striking against an unjust regime or its supporting infrastructure,” said Emma Best, co-founder of Distributed Denial of Secrets, who confirmed and published, among others. regulatory and broadcasting books.
While many hackers want to inform the public about Russia’s role in areas, including propaganda and energy production, Best said that the secondary motivation after the invasion was the “symbolic” panting “of Putin and some of the oligarchs.”
“He has been cultivating the image of a strong man for decades, but not only is he unable to stop the cyberattacks and leaks that are hitting his government and key industries, but he is the one causing it.”
Volunteer hackers received the first boost of its kind from the Ukrainian government, which endorsed the efforts and proposed targets through its IT Army channel in the Telegram. Hackers from the Ukrainian government are believed to be acting directly against other Russian targets, and officials have disseminated hacked data, including the names of troops and hundreds of FSB agents.
“There are government agencies in Ukraine that are interested in some of the data and are actively helping some of these operations,” said an analyst at Flashpoint, who spoke on condition of anonymity because of the sensitivity of his work.
Ordinary criminals with no ideological interest in the conflict also joined the act, taking advantage of busy security teams to grab money when the aura of invincibility falls, researchers said.
Last month, a quarterly survey of e-mail addresses, passwords and other sensitive data published on the open network identified more victims’ accounts, possibly Russian, than those in any other country. Russia led the study for the first time, according to Lithuanian private virtual network and security firm SurfShark, which uses key information to alert affected customers.
The number of alleged Russian credentials, such as emails ending in .ru, jumped in March to cover 50 percent of the world’s total, double the previous month and more than five times more than published in January.
“The United States is first and foremost. Sometimes it’s India, “said SurfShark data researcher Agneska Sablovskaya. “It was really surprising for us.
The criminal business could also become political, and it definitely happened with the war in Ukraine.
Shortly after the invasion, one of the most ferocious ransom gangs, Conti, announced that it would unite to protect Russian interests in cyberspace.
The bet received the opposite effect in a spectacular way, because like many Russian-speaking criminal groups he had branches in Ukraine.
One of them then published more than 100,000 internal gang chats, and later the source code for its main program, making it easier for security software to detect and block attacks.
The 65th Battalion went further. It modified the leaked version of Conti’s code to avoid new discoveries, improved encryption, and then used it to lock files in government-related Russian companies.
“We have decided that it is best to give Russia a taste of its own medicine. “Conti causes (and still causes) a lot of heartache and pain to companies around the world,” the group said. As soon as Russia puts an end to this nonsense in Ukraine, we will completely stop our attacks.
Network Battalion 65, meanwhile, has demanded ransomware payments, although it has embarrassed victims on Twitter for poor security. The group said it had not yet received the money, but would donate everything it raised to Ukraine.
Network Battalion received state broadcasts of emails and other treasures and gave them to DDoSecrets, making it one of the most important of the hacktivist providers on this site, along with a pro-Western group called AgainstTheWest and some who embraced the Anonymous brand. -large, freer and recently reviving team that welcomes everyone.
In an April 3 interview with a researcher known as Dissent Doe, who runs DataBreaches.net, the leader of AgainstTheWest said the group was formed in October and consisted of six English-speaking hackers, all privately hired but experienced in intelligence.
The original goal was to steal state secrets, government software (in the form of source code), private documents and the like. However, we also had the idea that we should act against China to attack the West in cyber espionage campaigns over the years, “said the hacker.
After hitting targets in China, AgainstTheWest moved on to those in North Korea, Iran and Russia.
The leader said the group did not act directly for any of the intelligence agencies, but declined to say whether it had been assisted by any of them. “We are doing our job in the hope that this will benefit Western intelligence. We share all private documents with each US / EU government. ”
The group has made other documents public through DDoSecrets. Best received a request from a U.S. military account for access beyond what she posted, but declined.
Painter, a former State Department and Justice Department expert, said he was concerned that some volunteer hackers could go too far and damage civilian infrastructure or provoke a serious reaction, and warned that others could hide additional reasons.
“In the normal course of events, you don’t want to encourage vigilant hackers,” Painter said. But then he agreed: “We are not in the normal course of events.
Add Comment