Yet the third month of war sees Russia, not the United States, grappling with an unprecedented wave of hacking that mixes government activity, political voluntarism and criminal action.
Digital attackers plundered the country’s personal financial data, defaced websites and delivered decades of government emails to anti-secrecy activists abroad. A recent survey showed that more passwords and other sensitive data from Russia were dumped on the open web in March than information from any other country.
Released documents include a cache from a regional office of media regulator Roskomnadzor who revealed the topics his social media analysts were most concerned about — including anti-militarism and drug legalization — and that he was filing reports with the FSB’s federal intelligence service, which has arrested some who complain about government policies .
A separate treasure of VGTRK, or All-Russia State Television and Radio Broadcasting Co., on display 20 years of emails from the state-owned media channel and is “a big” expected impact, said a researcher from cybersecurity firm Recorded Future who spoke on condition of anonymity to discuss his work on dangerous hacking circles.
US government and energy companies close ranks, fearing Russian cyberattacks
The broadcast cache and some of the other notable loot were obtained by a small hacktivist group formed as war began to seem inevitable, called Network Battalion 65.
“Federation Government: Your lack of honor and flagrant war crimes have earned you a special award,” read a note left on a victim’s network. “This bank is hacked, ransomed and soon sensitive data will be dumped on the internet.”
In its first in-depth interview, the group told the Washington Post via encrypted chat that it receives no direction or assistance from government officials in Ukraine or elsewhere.
“We pay for our own infrastructure and dedicate our time to it outside of jobs and family obligations,” an unnamed spokesperson in English said. “We don’t ask for anything in return. It’s just the right thing to do.
Christopher Painter, a former top US diplomat on cyber issues, said the upsurge in such activity risks escalating and interfering with government covert operations. But so far, it appears to be helping US goals in Russia.
“Are the goals worthy? Yes,” Painter said. “It’s an interesting trend that they’re now the target of all of this.”
Painter warned that Russia still had offensive capabilities, and US officials urged organizations to prepare for an expected Russian cyber assault, perhaps intended to be deployed in a moment of maximum leverage.
But perhaps the biggest casualty of the wave of attacks has been the myth of Russian cyber-superiority, which for decades has helped scare away hackers in other countries – as well as criminals abroad. within its borders – far from targeting a nation with such a formidable operation.
“The feeling that Russia is outlawed has somewhat faded, and hacktivism is one of the most accessible forms of hitting on an unjust regime or its supporting infrastructure,” said Emma Best, co-founder of Distributed Secrets Denialwho validated and published the regulator and disseminated treasures, among others.
While many hackers want to educate the public about Russia’s role in areas such as propaganda and energy production, Best said a secondary motivation after the invasion is “the token ‘gasp’.” of Putin and some of the oligarchs.
“He has cultivated a strongman image for decades, but not only is he unable to stop the cyberattacks and leaks that plague his government and key industries, he is the one behind them. “
Willing hackers received a one-time boost from the Ukrainian government, which endorsed efforts and suggested targets via his IT Army channel on Telegram. Ukrainian government hackers are believed to be working directly against other Russian targets, and officials have distributed hacked data, including the names of troops and hundreds of FSB agents.
“There are public institutions in Ukraine interested in some of the data and actively helping some of these operations,” said an analyst from security firm Flashpoint who spoke on condition of anonymity due to the sensitivity of his work.
Ordinary criminals with no ideological stake in the conflict have also stepped in, taking advantage of preoccupied security teams to seize cash as the aura of invincibility falls, researchers said.
Last month, a quarterly survey of email addresses, passwords and other sensitive data posted on the open web identified more victim accounts likely to be Russian than those from any other country. Russia leads the investigation for the first time, according to Lithuanian virtual private network and security firm SurfShark, which uses the underlying information to warn affected customers.
The number of alleged Russian credentials, such as those for email addresses ending in .ru, jumped in March to encompass 50% of the global total, double the previous month and more than five times as many posts than in January.
“The United States is first most of the time. Sometimes it’s India,” said Agneska Sablovskaja, Data Researcher at SurfShark. “It was really surprising for us.”
Russian government websites face ‘unprecedented’ wave of hacking attacks, ministry says
The crime business can also become political, and this is certainly the case with the war in Ukraine.
Shortly after the invasion, one of the fiercest ransomware gangs, Conti, said it would rally to protect Russian interests in cyberspace.
The commitment backfired spectacularly, because like many Russian-speaking criminal groups, it had branches in Ukraine.
One of them later posted over 100,000 internal gang chats, and later the source code of its main programwhich makes it easier for security software to detect and block attacks.
Network Battalion 65 went further. He modified the leaked version of the Conti code to evade further detection, improved the encryption, then used it to lock files at government-linked Russian companies.
“We decided it was best to give Russia a taste of its own medicine. Conti has caused (and still causes) a lot of heartache and pain for businesses around the world,” the band said. “As soon as Russia stops this stupidity in Ukraine, we will completely stop our attacks.”
Meanwhile, Network Battalion 65 has demanded ransomware payments even though it has shameful victims on Twitter to have poor security. The group said it had not yet received any money but would donate whatever it collected to Ukraine.
Network Battalion obtained the state-spread emails and other treasures and gave them to DDoSecrets, making it one of the largest of several hacktivist vendors on this site, alongside a pro group -westerner named AgainstTheWest and some who have embraced the brand of Anonymous, a larger, looser and recently reborn collective that welcomes everyone.
In an April 3 interview with a researcher Known as Dissent Doe who runs the DataBreaches.net website, the head of AverseTheWest said the group formed in October and was made up of six English-speaking hackers, all privately employed but with backgrounds in matter of intelligence.
The original objective “was to steal state secrets, government software (in the form of source codes), private documents, etc. However, we also had the idea that we should take action against China for attacking the West in cyber espionage campaigns over the years,” the hacker said.
After hitting targets in China, AgainstTheWest moved on to those in North Korea, Iran and Russia.
The leader said the group was not acting directly for any intelligence agency, but declined to say whether he was aided by any. “We do our work in the hope that it benefits Western intelligence. We share all private documents with anyone from the government in the US/EU. »
The group made other documents public via DDoSecrets. Best received a request from a US military account for access beyond what she posted, but denied it.
Painter, the former State Department and Justice Department expert, said he was concerned that some willful hackers might go too far and damage civilian infrastructure or trigger a major response, and he warned that others may be hiding additional motives.
“In the normal course of events, you don’t want to encourage vigilant hackers,” Painter said. But then he agreed: “We are not in a normal course of events.”