Skip to content

Anonymous-affiliated hacking group used Russia's own ransomware against its space agency

Anonymous-affiliated hacking group used Russia's own ransomware against its space agency

A group of Anonymous-affiliated hackers turned Russia’s own ransomware against its national space agency, security experts have said.

Network Battalion 65 – or NB65 – claimed in a series of posts on Twitter last month that the group had stolen files from Roscosmos and removed satellites.

NB65 shared a series of images of what it said was Roscosmos server intelligence, which showed it had shut down a Russian space agency monitoring system.

The group claimed that Russian President Vladimir Putin “no longer had control of spy satellites” and said it had downloaded and deleted confidential files related to the space agency’s satellite imaging and vehicle tracking system.

Putin’s ally Dmitry Rogozin – who is the head of Roscosmos – denied that it had lost control of its systems, calling the group “crooks and petty con artists.”

“All our space activity control centers are operating normally,” Rogozin wrote in a tweet last month in response to the claims.

Analysts who dug into a file containing the source code behind the hack now claim it shared code with ransomware used by a Russian cybercrime, according to The Daily Telegraph.

A group of Anonymous-affiliated hackers turned Russia's own ransomware against its national space agency, security experts have said (stock image from Anonymous)

A group of Anonymous-affiliated hackers turned Russia’s own ransomware against its national space agency, security experts have said (stock image from Anonymous)

The experts said they found it matched 66 percent of the same code as Conti — a Russian crime group and its ransomware of the same name — which extorted millions of dollars from Western companies.

This suggested that NB65 turned Russian ransomware against itself in its cyber attack on Roscosmos last month.

Conti was responsible for a hack that disabled the main servers of Ireland’s health service and hospitals, temporarily paralyzing IT infrastructure. It has also extorted millions from businesses by holding vital IT systems for ransom.

According to the Australian Cyber ​​Security Center (ACSC), “Conti is offered as Ransomware-as-a-Service (RaaS), allowing affiliates to use it as they wish, provided a percentage of the ransom is shared with the Conti- operators as committee.’

Conti’s code and details of his internal chats were leaked online last year by Ukraine-affiliated cyber activists. The leak helped analysts link the cyber-gang to the Russian state, and helped security professionals develop defenses against it.

The NB65 file was uploaded to an anti-malware website called VirusTotal and examined by Intezer Analyze. It was then compared to VirusTotal’s malware database and found to match Conti’s ransomware.

Russian President Vladimir Putin speaks with employees of the Roscosmos space agency at a rocket factory during his visit to the Vostochny cosmodrome outside the city of Tsiolkovsky, in Russia's far eastern Amur region of Tsiolkovsky, Tuesday, April 12, 2022

Russian President Vladimir Putin speaks with employees of the Roscosmos space agency at a rocket factory during his visit to the Vostochny cosmodrome outside the city of Tsiolkovsky, in Russia’s far eastern Amur region of Tsiolkovsky, Tuesday, April 12, 2022

For their part, NB65 has praised Ukraine’s resistance to the ongoing Russian invasion. It’s unusual for it to communicate mostly in English, the Telegraph reported.

On Friday, the group posted on Twitter: “We want to take a moment and clarify a few things because of the recent media attention.

‘1) Companies and governments outside of Russia don’t have to worry about NB65. Russian assets are our only targets. 2) Ransomware payments (if made) will be donated to #Ukraine,” it reads.

The group has faced controversy in the past when it said in March it had stolen information from Kaspersky Lab – a Russian antivirus company. It later emerged that the stolen files did not contain any confidential information.

The news of NB65’s use of Conti’s code came when Anonymous leaked a massive amount of Kremlin files, as it promised to keep targeting Russia until the country ends its “aggression” against Ukraine.

Government institutions and Russian companies were breached in the cyber attack, in which the data dump contained more than 200,000 emails from the Russian Ministry of Culture, an agency that oversees censorship, archives and art.

Russian President Vladimir Putin (L) congratulates Roscosmos cosmonaut Alexander Skvortsov (R) after awarding him the Order of Merit for the Fatherland (3rd class) at the Vostochny cosmodrome outside the city of Tsiolkovsky, some 180 km north from Blagoveschensk, in the far eastern Amur region, Russia, April 12, 2022

Russian President Vladimir Putin (L) congratulates Roscosmos cosmonaut Alexander Skvortsov (R) after awarding him the Order of Merit for the Fatherland (3rd class) at the Vostochny cosmodrome outside the city of Tsiolkovsky, some 180 km north from Blagoveschensk, in the far eastern Amur region, Russia, April 12, 2022

The vigilante hackers also hijacked emails and data from the oil and gas company Aerogas as part of ongoing efforts to infiltrate and disrupt Russia’s war effort.

Anonymous has already launched a series of cyber attacks in retaliation for Vladimir Putin’s invasion of Ukraine, including a data breach of Russian soldiers and takeovers of state-controlled TV.

It has now urged to continue hacking and releasing confidential information until Russia pulls out of its offensive.

In a tweet, the group wrote: “The hacking will continue until Russia stops their aggression.”

The cyber-attack violated government institutions and Russian companies, with the data dump containing more than 200,000 emails from the Russian Ministry of Culture, an agency that oversees censorship, archives and art.

The cyber-attack violated government institutions and Russian companies, with the data dump containing more than 200,000 emails from the Russian Ministry of Culture, an agency that oversees censorship, archives and art.

It first announced it was “officially in cyber war against the Russian government” the day Putin invaded Ukraine on Feb. 24.

Since then, the hacking collective has been involved in several attacks in an effort to spread information about what Russia still calls a “special military operation.”

New press censorship legislation in Russia is seriously hampering transparency about what actually happens in the Kremlin.

The “fake news” laws mean anyone found guilty of spreading “false information” about the Russian armed forces could face extreme penalties, including up to 15 years in prison.

Earlier this month, Anonymous also leaked the personal details of 120,000 Russian soldiers who fought in Ukraine, revealing personal information such as names, date of birth, addresses, unit affiliation and passport numbers.

“All soldiers participating in the invasion of Ukraine should be subject to a war crimes tribunal,” the hackers wrote on Twitter.

Anonymous also claimed it attacked Russia’s central bank and stole 35,000 files, as well as hacked unsecured printers across Russia to print “anti-propaganda” messages about the Ukrainian invasion.

Anonymous has urged to continue hacking and releasing confidential information until Russia withdraws its offensive (pictured)

Anonymous has urged to continue hacking and releasing confidential information until Russia withdraws its offensive (pictured)

Anonymous has already launched a series of cyber attacks in retaliation for Vladimir Putin's invasion of Ukraine, including a data breach of Russian soldiers and takeovers of state-controlled TV.

Anonymous has already launched a series of cyber attacks in retaliation for Vladimir Putin’s invasion of Ukraine, including a data breach of Russian soldiers and takeovers of state-controlled TV.

A member of the collective, via @DepaixPorteur on Twitter, tweeted: ‘We have anti-propaganda and tor installation instructions to printers everywhere. [Russia] for 2 hours, and 100,000+ copies printed to date. There are currently 15 people working on this operation.

‘We are currently launching a printer attack on 156 [Russian] printer. Already more than 40,000+ copies.’

Just last week, Anonymous claimed it had also managed to leak more than 900,000 emails from the Russian state media.

Anonymous has previously targeted groups such as the Ku Klux Klan and Islamic extremists.

Members are known as ‘Anons’ and are distinguished by their Guy Fawkes masks.

In July last year, the collective warned Tesla founder Elon Musk that they were planning to attack him after saying he exercises too much power over the cryptocurrency markets.

THE ELUSIVE HACKING GROUP ANONYMOUS

Hacker group Anonymous has been linked to online attacks around the world that aim to punish governments for policies the hackers disapprove of.

Members are known as ‘Anons’ and are distinguished by their Guy Fawkes masks.

The group is seen as everything from digital Robin Hoods to cyber-terrorists for their hacking campaigns against government agencies, child porn sites and the Klu Klux Klan.

In 2008, the online community staged a series of protests, pranks and hacks of the Church of Scientology as part of the “Project Chanology.”

Subsequent targets of anonymous “hacktivism” have included government agencies from the US, Israel, Tunisia, Uganda, and others, copyright protection agencies; the Westboro Baptist Church; and companies such as PayPal, MasterCard, Visa and Sony.

In 2013, they declared war on secret “chat sites” used by pedophiles to trade images.

Dozens of people have been arrested for involvement in anonymous cyber attacks in the US, UK, Australia, the Netherlands, Spain and Turkey, among others.

Advertisement

Source link