Hackers Breach a Russian Intelligence Contractor and Expose Their Documents
- A hacking group has managed to enter the IT network of SyTech and stole 7.5TB of data.
- The hackers also defaced the website of the research and development firm and published their documents.
- Two of the six projects that have been exposed have been already documented by researchers.
A team of hackers named “0v1ru$” has managed to find their way inside the systems of SyTech, a company that works for the Russian Intelligence service, and who are engaged in the FSB research programs. The exposed documents concern secret projects that SyTech was working on, on behalf of the Russian agency, including a particularly interesting one that pertains to the de-anonymization of Tor traffic. The total amount of data that was stolen by the hackers is 7.5TB, so the full appreciation of the exposed information is yet to come.
The group managed to hack into the company’s Active Directory server, and from there they found their way into the SyTech IT network, and even the JIRA instance platform. The hackers did not just steal the data that they found in the company’s network but also defaced their website by using an emoji that symbolizes the act of “trolling” (Yoba-face). Then, they went to Twitter and posted screenshots of the server contents, and then finalized their damage to SyTech by publishing all of the documents together with another group called “Digital Revolution”. This second group is the same that managed to breach another FSB contractor last year, so there could have been a certain collaboration between the two.
So far, the projects that were exposed through this incident include the following:
- Nautilus - a project for collecting data about social media users (such as Facebook, MySpace, and LinkedIn).
- Nautilus-S - a project for deanonymizing Tor traffic with the help of rogue Tor servers.
- Reward - a project to covertly penetrate P2P networks, like the one used for torrents.
- Mentor - a project to monitor and search email communications on the servers of Russian companies.
- Hope - a project to investigate the topology of the Russian internet and how it connects to other countries' network.
- Tax-3 - a project for the creation of a closed intranet to store the information of highly-sensitive state figures, judges, and local administration officials, separate from the rest of the state's IT networks.
Not all of the above left their testing and experimentation phase to enter real-world deployment scenarios, but at least two are believed to have been applied in the country. The first is Nautilus-S, and the second is Hope. Researchers have documented activity that relates to Nautilus-S since 2012, with 25 malicious servers operating hostile Tor exit nodes that were trying to decrypt Tor traffic. The Hope project was also put into practice while the Russian government was testing the “Sovereign Internet” back in March, so this has been documented as well.
Have something to say on the above? Feel free to share your thoughts with us in the comments down below, or on our socials, on Facebook and Twitter.