Anonymous Hacks Russian Military !!

Anonymous Hacks Russian Military

In today's exploration of cyber security tech news. The war in Ukraine is heating up, and so are the battles in cyberspace, in this post I'll be covering everything that's happened in the last day or two in the world of cyber warfare when it comes to the invasion of Ukraine. Firstly, Anonymous has hacked the Russian ministry of defence and leaked some data. The leak contains a database of phone numbers, emails and passwords belonging to Russian military officials. Many of the hacked emails end in "mil.ru" or "gov.ru" - in other words these belong to the Russian military and government. I'm not showing any of the leaked data in this post, because I'm pretty sure that's against youtube's community guidelines - in fact shortly after an Anonymous related account tweeted it, Twitter pulled it down, and the mega download link was taken completely offline. But despite that, the leak will have already done its job. The Russian ministry of defence will have locked down accounts - and whilst it won't take them long to recover from this, the whole idea will have been to create as much disruption as possible to the Russian military's operations. But Anonymous did not stop there, things got a whole lot more interesting in a different operation which also happened in the last day or so. A group calling themselves "Anonymous Liberland" teamed up with a hacking group going by the name "Pwn-Bar Hack team". They hacked in to the Belarussian weapons manufacturer "Tetraedr" - or, however it's pronounced. Anyway - this company makes weapons for the Russian military, and they're said to have been instrumental in providing logistical support for Putin's invasion of Ukraine. Now the hackers released a statement in which they mock Russian threat groups, saying "Our Russian APT friends seem kinda out of shape, don't they? Defacements? DDoS attacks? What year is this? 2012?", "We thought maybe they needed a little reminder of what real hacking is like". And so, after hacking the weapons manufacturer they leaked 200GB of emails, they claim "included are the schematics for some of those SAMs" - here they're referring to surface to air missile systems, like this one, made by "tetraedr". But how did this duo gain access? Apparently through a Microsoft exchange vulnerability - ProxyLogon - this allows an attacker to bypass authentication to a microsoft exchange email server and gain admin privileges. A patch for this was released a year ago, but it seems "Tetraedr" just never bothered to update their systems... The defence company's website is now offline, and the leak is being disseminated through "distributed denial of secrets" - an organisation which hosts data leaks. It's too soon to say the effect this leak will have, as 200GB is a lot of emails, so it'll take a while for people to go through it all. And as I mentioned in my previous post the Ukrainian military is openly reaching out to Ukrainian cybercriminals, encouraging them to put their skills to good use and volunteer for the military's cyber units. They have a google forms page for people to apply through, that shows they're looking for people with skills such as "social engineering", "red teaming" and "threat intelligence". And Ukraine could use greater defensive cyber capabilities, for example, the Belarusian state hacking group "UNC1151" has been targeting Ukrainian military personnel with phishing campaigns. Soldiers have been receiving emails saying "click the link below and verify your contact information. Otherwise, your account will be irretrievably deleted." - the emails then link to a page for people to type in their username and password. This is obvious bs, merely an attempt to scoop up email credentials of people in the military. Why? Well, the Belarusians won't be looking for anything in particular, but rather to see what they can learn from soldiers' messages, such as insights into Ukrainian military strategy, and how or where they're being deployed. Speaking of spam - and this is kinda shocking, but I suppose not really surprising - scammers have been exploiting the invasion and setting up fake donation websites, attempting to trick people into sending them money, with the cover story that the money will go to help people in Ukraine. So if you are looking to donate money, be careful. The official Ukraine twitter account tweeted that they are now accepting donations in bitcoin and ethereum - and at first people assumed that the account had just been hacked, but no - this is legit. So far millions have been donated. So this is what we know so far when it comes to the Ukrainian cyber warfare situation. Also, several hacktivist groups have contacted me - both pro Russians and pro Ukrainians, and it looks like I'm actually going to be doing interviews with them. I'm taking suggestions for questions to ask them over on my instagram story, which I will link in the post description. Staying secure online should be number 1, but convenience is important to.

Thanks For Reading !!