A team of hackers named “0v1ru$” has managed to find their way inside the systems of SyTech, a company that works for the Russian Intelligence service, and who are engaged in the FSB research programs. The exposed documents concern secret projects that SyTech was working on, on behalf of the Russian agency, including a particularly interesting one that pertains to the de-anonymization of Tor traffic. The total amount of data that was stolen by the hackers is 7.5TB, so the full appreciation of the exposed information is yet to come.
The group managed to hack into the company’s Active Directory server, and from there they found their way into the SyTech IT network, and even the JIRA instance platform. The hackers did not just steal the data that they found in the company’s network but also defaced their website by using an emoji that symbolizes the act of “trolling” (Yoba-face). Then, they went to Twitter and posted screenshots of the server contents, and then finalized their damage to SyTech by publishing all of the documents together with another group called “Digital Revolution”. This second group is the same that managed to breach another FSB contractor last year, so there could have been a certain collaboration between the two.
So far, the projects that were exposed through this incident include the following:
Not all of the above left their testing and experimentation phase to enter real-world deployment scenarios, but at least two are believed to have been applied in the country. The first is Nautilus-S, and the second is Hope. Researchers have documented activity that relates to Nautilus-S since 2012, with 25 malicious servers operating hostile Tor exit nodes that were trying to decrypt Tor traffic. The Hope project was also put into practice while the Russian government was testing the “Sovereign Internet” back in March, so this has been documented as well.
Have something to say on the above? Feel free to share your thoughts with us in the comments down below, or on our socials, on Facebook and Twitter.