38.3 F
Washington D.C.
Friday, January 27, 2023

Hackers Turn Conti Ransomware Against Russia as Twitter Suspends Some Anonymous Accounts

NB65 claimed the breach of VGTRK (All-Russia State Television and Radio Broadcasting Company) and 870GB worth of swiped data to be leaked soon.

Some Twitter accounts belonging to Anonymous hackers engaging in #OpRussia cyber operations against Russian targets have been suspended by the company as the collective continues to report new takedowns and data breaches — and one hacking group said it used ransomware from a notorious pro-Russia group against a Russian entity.

On Saturday, one Anonymous account cited four others who had been suspended within the previous 24 hours. All were still suspended today. “We the people ask @TwitterSupport, @Twitter, @TwitterSafety, Which Side Are You On?” the account added.

“Twitter is beginning to censor #Anonymous accounts and is keeping accounts of those enjoying the lost lives of innocent children, barbarically massacred by Putin’s murderous machine,” tweeted one prominent Anonymous account. “Enough is Enough! Stop Censorship!”

“There are activist accounts being suspended by @twitter b/c of leaked info about Russia. Twitter is a company based in the USA. There is no point in censoring our activism targeting a country engaged in war crimes against Ukraine. Russia also is CENSORING Twitter,” tweeted an Anonymous account with nearly 8 million followers.

“Despite Twitter censoring various activists because of data leaks, #Anonymous will be vigilant in our continuation of smashing Russian government servers until Russian troops leave Ukraine,” the account also tweeted.

One of the blocked accounts resurfaced under another account name, tweeting, “Twitter censors us for our Anti-War anti-corruption stance. We are on #OperationRussia and twitter has decided to block our Anonymous account. They prefer to give voice to the propaganda of the RUSSIAN government!”

“The only thing that twitter reproaches us for is actively supporting Ukraine,” the account stated in another tweet.

Hacking group Network Battalion 65 (NB65), affiliated with Anonymous, claimed the breach of VGTRK (All-Russia State Television and Radio Broadcasting Company) and 870GB worth of swiped data. That is expected to be leaked soon on the site DDoSecrets, which has published many of Anonymous and affiliates’ data dumps including a recent posting of nearly 140,000 emails from the Russian firm MashOil.

“It’s going to take YEARS for journalists, researchers and the general public to go through all the Russian data that’s being leaked in response to the invasion of Ukraine,” tweeted Emma Best of DDoSecrets.

NB65 said Monday that they hacked JSC (Joint Stock Company) Mosexpertiza. “We’ve compromised your network environment completely,” NB65 said in an open message to JSC Mosexpertiza. “Not sorry. By now it’s probably painfully apparent that you’ve also been infected by a crypto locking ransomware variant. Spoiler, it’s Conti’s.”

Early in the #OpRussia campaign, hackers went after the pro-Russia Conti ransomware group, leaking internal chats and files from the group. That offensive action may have been what prompted an update on the Conti threat from DHS’ Cybersecurity and Infrastructure Security Agency, warning stakeholders that “Conti cyber threat actors remain active” and the group is targeting U.S. and international organizations.

“Be sure to tell them thank you for us,” NB65 continued. “We’ve modified it in a way that will prevent you from decrypting your files with their decryptor. We’ve taken 450GB of your data including all emails, internal documents and financials. There will be no negotiations. Talk to your President about it. Encourage him to get the fuck out of Ukraine. The longer your military is active there, the longer we will continue to fuck your shit up.”

Similarly, in their message to VGTRK, NB65 said the swiped data is “off the table for negotiation.”

“We’re watching you very closely and are prepared for your eventual incident response,” NB65 said. “Your blue team kind of sucks. Hard to find good IT help when all your techies are fleeing the country, eh? Your President should not have committed war crimes. If you’re seeking someone to blame for your current situation look no further than Vladimir Putin.”

Anonymous hackers posted late last week a 28GB leak of data they said was taken from the Central Bank of the Russian Federation. “We distributed these documents to various points of the internet,” tweeted the account Anonymous Rabbit. “If the links are censored, we will share them on different links.”

“Vladimir Putin, no secret is safe. We are everywhere. We are in your palace. We are where you eat. We are at your table. We are in the room where you sleep,” said an accompanying video. “Now we share thousands of documents belonging to the Central Bank of Russia — agreements, correspondence, money transfers, trade secrets of your oligarchs, real economy reports that you keep from the public, trade agreements you have signed with other countries, declarations, information of your registered supporters, your conference videos, and the programs you use.”

Operations against companies operating in Russia have continued, with Anonymous claiming the takedown of the Russian sites of French retailers Auchan, home improvement chain Leroy Merlin, and sporting goods chain Decathlon. A 10GB database that hackers said was from Nestle was posted online a week ago. Anonymous accounts continued to circulate names of companies refusing to scale back operations or exit Russia.

“We wanted to give proof to our community that the supposed unbreakable security of Russia does not exist, they have a vulnerability from 2015 lolol even my mother has better security on her devices,” tweeted Anonymous account Cyber Ninja Security Team along with a screenshot of a hack.

“Anonymous is not the enemy of citizens of Russia. We are you. We are among you. We call upon Russian citizens to demand your government to end this aggression in Ukraine. We urge Russian Federation, stop this war,” stated one Anonymous video. “Operation Russia will continue until peace is established in Ukraine… Operation Russia will end up in history.”

Bridget Johnson
Bridget Johnson is the Managing Editor for Homeland Security Today. A veteran journalist whose news articles and analyses have run in dozens of news outlets across the globe, Bridget first came to Washington to be online editor and a foreign policy writer at The Hill. Previously she was an editorial board member at the Rocky Mountain News and syndicated nation/world news columnist at the Los Angeles Daily News. Bridget is a terrorism analyst and security consultant with a specialty in online open-source extremist propaganda, incitement, recruitment, and training. She hosts and presents in Homeland Security Today law enforcement training webinars studying a range of counterterrorism topics including conspiracy theory extremism, complex coordinated attacks, critical infrastructure attacks, arson terrorism, drone and venue threats, antisemitism and white supremacists, anti-government extremism, and WMD threats. She is a Senior Risk Analyst for Gate 15 and a private investigator. Bridget is an NPR on-air contributor and has contributed to USA Today, The Wall Street Journal, New York Observer, National Review Online, Politico, New York Daily News, The Jerusalem Post, The Hill, Washington Times, RealClearWorld and more, and has myriad television and radio credits including Al-Jazeera, BBC and SiriusXM.

Related Articles

- Advertisement -

Latest Articles