Belarusian hacktivists claim to breach Russia’s internet regulator

Belarusian Cyber Partisans logo

A unit of the Russian internet and media regulator Roskomnadzor confirmed Saturday that hackers had breached its systems after the Belarusian hacktivist group known as the Cyber Partisans claimed to attack the organization.

The Russian General Radio Frequency Center (GRFC), one of Roskomnadzor’s agencies, said the hackers were unable to access sensitive information, and also denied that its workstations were encrypted by the group.

Cyber Partisans on Friday claimed to have stolen thousands of internal documents from the agency and locked its computer systems. The documents allegedly contain files about Roskomnadzor’s attempts “to establish total control over everyone who has spoken out against the Putin regime over the past 20 years,” according to the group.

The hacktivists say they will analyze the documents and hand them over to journalists for further investigation.

Details of the cyberattack

GRFC said that hackers made their first attempts to break into the agency’s system last month using a “previously unexploited vulnerability.” Such attacks are not new — according to GRFC, hackers attack its infrastructure almost daily — sometimes the agency records more than 10 hacking attempts per day.

GRFC said the cyberattack on its systems was “under control” and no confidential information was leaked. In response, Cyber Partisans revealed on Saturday what data they gained access to. It includes employees’ passport data and medical records, internal emails and reports on the agency’s projects, including bot farms and internet surveillance of journalists, bloggers, and ordinary users.

“And since, according to the GRFC, we received non-classified data, we believe that we can make it public with a clear conscience,” Cyber Partisans wrote on Telegram.

The group also previously posted screenshots showing some of the documents that were allegedly leaked. One of them shows a web page with a logo of Russia’s Office of Operational Interaction (“KOV” in Russian), which is the automated system developed by Roskomnadzor in 2020 to track anti-war materials online. Journalists first wrote about it in April after a whistleblower website called Distributed Denial of Secrets published a large data leak from another Roskomnadzor agency.

Another screenshot shows a list of posts on Telegram and the Russian social network Vkontakte related to the war in Ukraine.

The work of the main #Kremlin censor has been disrupted. They monitor and censor ppl for @roscomnadzor. Since the beginning of the war, they follow Putin's opponents, write denunciations to the #FSB & other agencies, & block services that help convey truthful info. 1/4

— Belarusian Cyber-Partisans (@cpartisans) November 18, 2022

The Cyber Partisans also claimed to find evidence that the software of the Belarusian surveillance company Falcongaze has been used to spy on RGFC employees. 

“We know everything employees were doing in the last three months,” Cyber Partisans said. “Falcongaze, your systems are weak. Stop supporting dictators!” 

Falcongaze did not respond to questions about the allegations.

Although it’s unclear how impactful the breach is, Roskomnadzor’s data could be potentially eye-opening if made public. 

In September, The New York Times wrote about the inside work of Russia’s “vast surveillance state” using documents leaked from Roskomnadzor’s office in the Republic of Bashkortostan. Russian independent news website Meduza used the same trove of data to write about automated systems used by Roskomnadzor to monitor online content “capable of destabilizing Russia’s sociopolitical situation.”

The post Belarusian hacktivists claim to breach Russia’s internet regulator appeared first on The Record by Recorded Future.

Article Link: Belarusian hacktivists claim to breach Russia’s internet regulator - The Record by Recorded Future