On Saturday, 13 July 2019, a group of hackers going by the online handle of 0v1ru$ hacked and defaced the official website of SyTech, a high-profile contractor working for Russian intelligence agency FSB (Russia’s Federal Security Service).
The group left a deface page along with a “Yoba face” on SyTech’s website. The website breach reportedly allowed hackers to steal a massive trove of highly sensitive and confidential data belonging to FSB related project.
BBC Russia was the first one to report the breach according to which SyTech’s projects were mostly contracted with Military Unit 71330. Furthermore, the group shared the data with another hacking group called “Digital Revolution” who happened to be the same group of hackers who were behind the breach of another FSB contractor “Quantum” in 2018.
The treasure trove of stolen data was later sent to several media outlets however on July 18th, “Digital Revolution” used its Twitter account to post several screenshots of the data.
A look at leaked screenshot revealed that apparently, 0v1ru$ hackers managed to steal 7.5 terabytes of data from SyTech. Some of the stolen information revealed that SyTech, on behalf of FSB, has been allegedly working on several projects including one focusing on de-anonymization the privacy-focused Tor browser.
Although BBC’s report claims that the leaked files did not contain any state secrets, some of the information has exposed dark projects ran by FSB for instance:
Nautilus targeted those Internet users in Russia who used anonymization tools for online privacy purposes especially Tor browser. The project itself aimed it looking for methods to deanonymize Tor browser.
Nautilus-S focused on the extraction of personal data of users from social media platforms such as MySpace, Facebook, LinkedIn.
Reward focused on possible ways to explore vulnerabilities and development of tools to penetrate peer-to-peer networks to spy on torrent users. The project was carried out in 2013-2014.
Tax-3 focused on deleting data of high-profile Russia government and civil figures from the Internet and keep it on an intranet that should not be linked to other IT-networks.
Hope focused on building Russia’s very own Internet. In February this year, Russia announced shutting down its Internet to test its cyber deterrence and how its own version of the Internet would function.
It is no surprise that Russia is looking into deanonymizing Tor browser. For the past several years, Russian authorities have been attempting to block Tor counter online anonymity and increase online surveillance.
On the other hand, the breach itself has not exposed anything sensitive but it did highlight the fact that contractors are always a weak point. Last year, APT15, a group of Chinese hackers targeted UK government contractor and successfully stole highly sensitive military technology secrets.
Furthermore, the data breach also reminds of Wikileaks’ Vault 7 leak exposing how the CIA and other American security agencies worked on malicious tools to spy on users and targeted not only foes but friends as well.
Code Execution Vulnerability Identified in Change Healthcare Cardiology DevicesA vulnerability has been identified in Change Healthcare Cardiology, McKesson Cardiology, and Horizon Cardiology devices. The vulnerability could be exploited by a locally authenticated...
29% of Small Businesses Spend Less Than $1,000 on IT Security Annually and Why They Are The Most Targeted
29% of Small Businesses Spend Less Than $1,000 on IT Security Annually and Why They Are The Most TargetedThe digital and network footprint of small businesses is continually growing. Online commerce, social media, remote workers, and cloud-based IT infrastructure are...
What Other Companies Can Learn from Facebook’s $5 Billion Fine and Why Privacy MattersWhile Facebook’s $5 billion settlement stands as the largest fine in the history of the Federal Trade Commission (FTC), one must take into consideration that not every company is...
Stay Up to Date With The Latest News & Updates
Join Our Newsletter
Get weekly tech updates and immediate alerts when there is a zero-day or security issue!