A hacking group affiliated with Anonymous claimed that it breached the control center of Russian State Space Corporation “Roscosmos” and cut off the agency’s control over its spy satellites as part of the ongoing cyber-offensive against Russian government targets in protest of the invasion of Ukraine.
“The Russian Space Agency sure does love their satellite imaging,” the group NB65 said in a post early today, posting accompanying screenshots. “Better yet they sure do love their Vehicle Monitoring System. The WSO2 was deleted, credentials were rotated and the server is shut down. Network Battalion isn’t going to give you the IP, that would be too easy, now wouldn’t it? Have a nice Monday fixing your spying tech. Glory to Ukraine.”
“We wont stop until you stop dropping bombs, killing civilians and trying to invade,” NB65 added. “Go the fuck back to Russia.”
The same group did a data dump Sunday of more than 40,000 files that they said were swiped from the country’s Nuclear Safety Institute (IBRAE). “We don’t have the capacity to translate this many Russian documents, so enjoy and let us know what you find,” the group said.
On Monday, one Anonymous account reported on Twitter that hackers associated with the collective had taken down more than 1,500 websites connected to the Russian and Belarusian governments, state media outlets, major banks and companies over the previous 72 hours.
Accounts reporting their hacks under the #OpRussia or #OpKremlin hashtags on Twitter also said the website of the Russian Ministry of Labour and Social Protection had been knocked offline (and was still down this evening). Anonymous also leaked a database that hackers said came from breaching Russia’s Ministry of Economic Development.
And hackers breached a maritime traffic tracking site to give Russian President Vladimir Putin’s yacht “Graceful” a new call sign, ANONYMO, and a new destination, FCKPTN.
Anonymous accounts were encouraging those without hacking skills to join Russian social media sites and spread information to counter Russia’s disinformation or lack of news about what is really happening in Ukraine.
They also countered disinformation that they said was being spread by Russian trolls using fake Anon accounts in order to discredit the Anonymous campaign by claiming that on March 3 the hackers would breach private Russian citizens’ bank accounts and send the money to Ukraine. “This is false. Anonymous will not attack the people but the government. Fakes, expect us!” one Anonymous account responded.
And hackers also went after the pro-Russia Conti ransomware group, leaking internal chats and files from the group. The offensive action may have been what prompted this update on the Conti threat from DHS’ Cybersecurity and Infrastructure Security Agency on Monday, warning stakeholders to not think the threat had abated: “Conti cyber threat actors remain active and reported Conti ransomware attacks against U.S. and international organizations have risen to more than 1,000. Notable attack vectors include Trickbot and Cobalt Strike. While there are no specific or credible cyber threats to the U.S. homeland at this time, CISA, FBI, and NSA encourage organizations to review this advisory and apply the recommended mitigations.”
A group called the Belarusian Cyber-Partisans said it hacked railway systems in Minsk, Orsha, and Osipovichi to obstruct Russian military movements toward Ukraine from the country. “The monitoring system of the Belarusian Railway’s internal computer network,” the group said, displaying a screenshot on Twitter. “An outdated piece of crapware that runs on Windows XP.”
The Cyber-Partisans stressed that their railway hack would not endanger civilians: “Manual control mode is enabled, which will slow down the movement of trains but will NOT create emergency situations.”
Hackers identifying with the Anonymous collective announced the launch of #OpRussia Thursday (Eastern time), saying that their cyber operations initially briefly took down some websites associated with the Russian government. The #OpRussia or #OpKremlin hashtags used to announce actions against Russian sites are similar to Anonymous’ #OpISIS campaign that targeted the terror group’s wave of online propaganda and the #OpKKK campaign that targets white supremacists.
Members of the collective posted a video press release Saturday that vowed “these actions will continue,” as “activists will not sit idle as Russian forces kill and murder innocent people trying to defend their homeland.”
The hackers acknowledged that “some of our actions may be considered illegal in the eyes of various governments,” but they saw “no reason any western laws should be used against our actions in trying to protect and defend the people of Ukraine, and also to help educate the people of Russia.”
DHS’ Cybersecurity and Infrastructure Security Agency (CISA) and the FBI issued a joint Cybersecurity Advisory Saturday providing an overview of destructive malware that has been used to target organizations in Ukraine as well as guidance on how organizations can detect and protect their networks. On Wednesday, Russian cyber forces hit the websites of several Ukrainian banks and government departments with a wave of DDoS attacks.
An intelligence brief from the Department of Homeland Security in January warned stakeholders that Russia “would consider” launching a cyber attack against the United States if the U.S. or NATO respond to Russia’s potential invasion of Ukraine in a way that the Kremlin perceived as threatening to Russian security.
The memo also noted that Russia’s threshold for directly launching a destructive attack against U.S. critical infrastructure with its cyber arsenal “probably remains very high” though Moscow “continues to target and gain access to critical infrastructure in the United States.”