The key responsibility of this division is to launch cyber espionage attacks to steal internet resources, financial intelligence, and sensitive data from NATO, its members, and allies.
More about the operation Panopticon
In April, Cyber Spetsnaz created its first division called Zarya, with a bunch of experienced penetration testers, OSINT specialists, and hackers.
The group announced Operation Panopticon in May with an aim to recruit 3,000 volunteer cyber offensive specialists. The recruited volunteers participated in attacks against the EU, the Ukrainian government, and private organizations.
In addition, several other divisions namely Phoenix, Rayd, Vera, FasoninnGung, Mirai, Jacky, DDoS Gung, and Sakurajima closely collaborated with Cyber Spetsnaz and its divisions to launch DDoS attacks.
The hacker group targeted five Italian logistic terminals—Sech, Trieste, TDT, Yilport, and VTP—along with several financial institutions.
The Rayd division was associated with recent attacks on government resources in Poland, targeting the Ministry of Foreign Affairs, Senate, Border Control, and the Police.
Tools and techniques
In addition to proprietor tools, the threat actor leveraged several scripts such as Blood, DDoS Ripper, GoldenEye, Hasoki, Karma DDoS, and MHDDos to exploit poorly configured web servers.
For effective coordinated attacks, Cyber Spetsnaz members distributed domains assigned to the NATO infrastructure, allowing them to plan out an effective attack.
Resecurity, Inc. has discovered an increase in Cyber Spetsnaz activities. The group is strongly suspected to be state-sponsored. With strong collaboration and several impacted organizations, the group is posing a potential threat to its target.