For more than a decade, US cybersecurity experts have been warning of Russian hacking, which is increasingly using financially motivated criminal gangs to achieve political goals, such as the strategic email campaign leak. Numerous ransomware groups have closed pandemic-hit hospitals, the Colonial Pipeline and schools over the past year and a half. published sensitive documents from corporate victims; and, in one case, pledged to intensify attacks on US infrastructure if Russian technology was violated in retaliation for the invasion of Ukraine. However, the third month of the war finds Russia, not the United States, fighting under an unprecedented wave of hacking involving government activity, political volunteering and criminal activity. The digital assailants have looted the country’s personal financial data, tampered with websites and handed out decades of government emails to anti-secrecy activists abroad. A recent survey found that more passwords and other sensitive data from Russia were leaked to the Web in March than information from any other country. The leaked documents include a secret memo from a regional media regulatory office in Roskomnadzor that revealed the issues that most concerned social media analysts – including anti-militarism and drug legalization – and that FSB intelligence service, which has been arresting some who complain about government policies. A separate treasure trove from VGTRK, or All-Russia State Television and Radio Broadcasting Co., has uncovered 20 years of emails from the state media chain and is “big” in an expected impact, said a researcher at cybersecurity company Recorded Future. the condition of anonymity to discuss his work in dangerous hacking circles. The broadcast cache and some of the other notable booty were acquired by a small group of hacktivists created as war began to appear inevitable, called Network Battalion 65. “Federal government: Lack of honor and blatant war crimes have earned you a special award,” read a note left on a victim’s network. “This bank has been hacked, ransacked and sensitive data will soon be discarded on the Internet.” In its first in-depth interview, the group told the Washington Post in an encrypted conversation that it does not receive any instructions or assistance from government officials in Ukraine or elsewhere. “We pay for our own infrastructure and spend our time outside of work and family responsibilities on it,” said an anonymous spokesman in English. “We are not asking for anything in return. That’s just right. “ Christopher Payder, a former top U.S. cybersecurity diplomat, said the increase in activity risked escalation and interference in covert government operations. But so far, it seems to be helping US targets in Russia. “Are the goals worth it? “Yes,” said Painter. “It’s an interesting trend that is now becoming the target of all of this.” Painter warned that Russia still had offensive capabilities, and U.S. officials urged the agencies to prepare for an impending Russian cyber-attack, which should perhaps take place at a time of maximum leverage. But perhaps the most significant victim of the wave of attacks was the myth of Russian cyber-supremacy, which for decades helped scare hackers in other countries — as well as criminals within its borders — of not targeting a nation with such a formidable business. “The feeling that Russia is out of bounds has somewhat faded and hacktivism is one of the most affordable forms of striking at an unjust regime or its supporting infrastructure,” said Emma Best, co-founder of Distributed Denial of Secrets. published the regulator and transmission troves among others. While many of the hackers want to inform the public about Russia’s role in areas such as propaganda and energy production, Best said that a secondary motive after the invasion was “the symbolic” panting “of Putin and some of the oligarchs. “He has cultivated the image of a strong man for decades, but not only is he unable to stop the cyberattacks and leaks affecting his government and key industries, but he is the one who is causing it.” The hacker volunteers received a first impetus of their kind from the Ukrainian government, which approved the efforts and proposed targets. via the IT Army’s Telegram channel. Ukrainian government hackers are believed to be acting directly against other Russian targets, and officials have distributed hacked data, including the names of troops and hundreds of FSB agents. “There are state institutions in Ukraine that are interested in some of the data and are actively assisting some of these companies,” said an analyst at security company Flashpoint, speaking on condition of anonymity because of the sensitivity of his work. Ordinary criminals without ideological stake in the conflict have also intervened, taking advantage of busy security teams to snatch money as the aura of invincibility falls, the researchers said. Last month, a quarterly survey of email addresses, passwords and other sensitive data posted on the open web identified more victims’ accounts that are likely to be Russian than any other country. Russia has been at the forefront of the investigation for the first time, according to Lithuanian virtual private network and security company SurfShark, which uses underlying information to warn affected customers. The number of alleged Russian credentials, such as those for .ru-ending email addresses, skyrocketed in March to cover 50 percent of the world total, double the previous month and more than five times as many as those published in January. “The United States is first and foremost. “Sometimes it’s India,” said SurfShark data researcher Agneska Sablovskaja. “It was really amazing for us.” The business of crime can also become political, and it certainly did with the war in Ukraine. Shortly after the invasion, one of the wildest ransomware gangs, Conti, said it would rally to protect Russian cyber interests. The promise failed spectacularly, since like many Russian-speaking criminal groups it had subsidiaries in Ukraine. One of them then posted more than 100,000 internal gang conversations and later source code for its core program, making it easier for security software to detect and block attacks. The 65th Battalion went further. He modified the version of the leaked Conti code to avoid new crawls, improved encryption, and then used it to lock files inside Russian government-affiliated companies. “We have decided that it would be better to give Russia a taste of its own medicine. “Conti has caused (and continues to cause) a lot of pain and suffering to companies around the world,” the group said. “Once Russia stops this stupidity in Ukraine, we will completely stop our attacks.” Meanwhile, Network Battalion 65 has demanded ransomware payments, although it has embarrassed victims on Twitter for poor security. The group said it had not received any money yet, but would donate anything it collected to Ukraine. Network Battalion took government emails and other vaults and gave them to DDoSecrets, making it one of the most important hacktivist providers on the site, along with a pro-Western team called AgainstTheWest and some who have adopted it. bigger, more relaxed and recently renewed collectivity that welcomes anyone. In an interview on April 3 with a researcher known as Dissent Doe who runs DataBreaches.net, the leader of AgainstTheWest said that the group was formed in October and consisted of six English-speaking hackers, all privately held but with a history of information. The original goal was to steal government secrets, government software (in the form of source code), private documents and more. “However, we also had the idea that we should act against China because it has attacked the West in cyber espionage campaigns all these years,” he said. After hitting targets in China, AgainstTheWest moved on to targets in North Korea, Iran and Russia. The leader said the group did not act directly on any intelligence services, but declined to say if they were assisted by any of them. “We are doing our job in the hope that it will benefit Western intelligence. “We share all private documents with anyone in the US / EU government.” The team has released other documents through DDoSecrets. Best received a request from a US military account for access beyond what it published, but declined. Peder, a former Justice Department and State Department expert, said he was concerned some hacker volunteers might go too far and damage civilian infrastructure or provoke a backlash, and warned that others may have additional incentives. “In the normal course of events, you do not want to encourage vigilant hackers,” Painter said. But then he agreed, “We are not in a normal course of events.”
