42.6 F
Washington D.C.
Saturday, March 2, 2024

Anonymous #OpRussia Reports Metro System Hack, Counter-Disinformation Milestone

One group uses Conti ransomware against key bank and vowed to continue to modify it "in order to make it more effective against Russian targets."

The #OpRussia cyber warfare campaign launched shortly after Russia invaded Ukraine reported that more than 70 million counter-disinformation messages have been sent to Russians through one tool while Anonymous and allied hacktivists reported intrusions into the country’s transportation and financial critical infrastructure sectors.

Ghost Security announced Tuesday that it had gained access to IT systems servicing Russia’s metro systems and “found something crazy”: “The controls to the smoke system, the AC (TEMP) in each train (labeled car in attached images), battery system, and much more. Found the full building blueprints with the temp control, we have also found the reports on every train and soon we will be publishing all the data.”

“FOR NOW Please enjoy the fact that we will be fucking with your trains especially the ones entering or exiting Belarus, and entering or exiting Ukraine,” GhostSec said in an open message to metro safety systems provider Metrospetstekhnika. “UPDATES WILL COME ALONG AS WE CONTINUE FUCKING WITH THE METRO.”

Network Battalion 65 continues to use a modified version of the Conti ransomware against Russian entities, announcing Sunday its attack on Petersburg Social Commercial Bank (JSC Bank PSCB). “We’re very thankful that you store so many credentials in Chrome,” NB65 tweeted. “Well done.”

“While you are not the biggest, your strategic importance to the federation is plain to see,” NB65 said in its note to the bank. “Wealthy oligarchs and your government have moved plenty of funds through your services. How do we know, you’re wondering? Because we have all of your transaction records, E-tax records, client data, keys, tokens, databases, and more.” The forthcoming data dump is promised to be about 800GB.

The group told the bank that its environment was “fully encrypted with the ransomware kit created by Russian state actors that was so destructive to the world: Conti. By now you’re also aware that we have modified it, and continue to in order to make it more effective against Russian targets. We’re happy to be a thorn in your side.”

“Federation government: your lack of honor and blatant war crimes have earned you a special prize. This bank is hacked, ransomed and soon to have sensitive data dumped on the internet. We don’t care how you feel about it, in much the same way that you don’t care about killing innocent civilians including women and children. We’ve warned you repeatedly. Get the fuck out of Ukraine.”

NB65 announced late last month that it had used Conti to attack JSC (Joint Stock Company) Mosexpertiza, and soon afterward said in their hack of SSK Gazregion LLC that they had “improved Conti’s ransomware even more.”

Early in the #OpRussia campaign, hackers went after the pro-Russia Conti ransomware group, leaking internal chats and files from the group. That offensive action may have been what prompted an update on the Conti threat from DHS’ Cybersecurity and Infrastructure Security Agency, warning stakeholders that “Conti cyber threat actors remain active” and the group is targeting U.S. and international organizations.

DDoSecrets has published this week multiple caches of data seized by Anonymous: 87,500 emails from Neocom Geoservice, an engineering firm specializing in exploring oil and gas fields and providing drilling support; 15,600 emails from GUOV I GS – General Dept. of Troops and Civil Construction, which is wholly owned by Russia’s Ministry of Defense; 426,000 emails from Tendertech, a firm specializing in processing financial and banking documents; and 1.2 GB of videos and data from the Synesis and Kipod surveillance system used in Belarus and elsewhere, a dataset seized in August 2020 but provided to DDoSecrets now because the Belarusian government is taking control of the system.

Squad303, who created the 1920.in tool for anybody to send random Russians text, email, and WhatsApp messages communicating the truth about Vladimir Putin’s aggression, announced over the weekend that 70 million messages had been sent via this counter-disinformation campaign — roughly half the population of Russia.

“You are incredible!” the group tweeted to “cyber warriors of the free world” in announcing the milestone. “You carried out the largest information operation in the history of the world!”

The group also added Viber to the mediums that people can use to send these counter-disinformation messages.

The Squad303 tools were also promoted via hack, after v0g3lSec reported with a screenshot seizing the Russian Discord bot “vodka,” aka водка, and reprogramming it to promote the 1920.in tool every 5 minutes. “The bot has been taken offline (most likely the developer generated a new token),” v0g3lSec later tweeted. As of Thursday, v0g3lSec reported hijacking 93 pro-Russia Discord accounts.

And the tool AnonMailBlaster was launched by Butterweich Agency, “an international group of volunteers focused on supporting civilists with open-source and safe-to-use products,” which officially joined the #OpRussia campaign by releasing a collection of 666,666,666 unique Russian email addresses. “These were extracted and filtered from large breach compilations – thousands of actual breaches – of the last few years including all OpRussia hacks until the 12th of April,” the group said.

The automated bulk mailer AnonMailBlaster is anchored by a “text generator that can render variations of texts in English and Russian surrounding the topic of the war in Ukraine.”

“It uses grammar defined by native speakers of our group to generate an important message,” Butterweich Agency added. “In the next step, the message will be sent from the user’s mail account directly to the inbox of your friends, from the ‘personal Russian friendslist.’ You can even develop your own grammar content.”

“Our goal is to run as many big operations as possible to help Ukraine fight Putin’s War and disrupt Kremls massive propaganda campaign,” the group said.

Bridget Johnson
Bridget Johnson
Bridget Johnson is the Managing Editor for Homeland Security Today. A veteran journalist whose news articles and analyses have run in dozens of news outlets across the globe, Bridget first came to Washington to be online editor and a foreign policy writer at The Hill. Previously she was an editorial board member at the Rocky Mountain News and syndicated nation/world news columnist at the Los Angeles Daily News. Bridget is a terrorism analyst and security consultant with a specialty in online open-source extremist propaganda, incitement, recruitment, and training. She hosts and presents in Homeland Security Today law enforcement training webinars studying a range of counterterrorism topics including conspiracy theory extremism, complex coordinated attacks, critical infrastructure attacks, arson terrorism, drone and venue threats, antisemitism and white supremacists, anti-government extremism, and WMD threats. She is a Senior Risk Analyst for Gate 15 and a private investigator. Bridget is an NPR on-air contributor and has contributed to USA Today, The Wall Street Journal, New York Observer, National Review Online, Politico, New York Daily News, The Jerusalem Post, The Hill, Washington Times, RealClearWorld and more, and has myriad television and radio credits including Al-Jazeera, BBC and SiriusXM.

Related Articles

Latest Articles