A new pro-Russian hacking group dubbed Cyber Spetsnaz has been identified leveraging current geopolitical tensions between Ukraine and Russia to conduct cyber attacks.

What has been discovered?

The newly discovered group is an elite cyber offensive group that has been targeting NATO infrastructure.
  • On June 2, Cyber Spetsnaz created a new division called Sparta, which primarily targeted NATO, its members, and allies.
  • The Sparta division announced its official ties with the Killnet Collective group.
  • The key responsibility of this division is to launch cyber espionage attacks to steal internet resources, financial intelligence, and sensitive data from NATO, its members, and allies.

More about the operation Panopticon

In April, Cyber Spetsnaz created its first division called Zarya, with a bunch of experienced penetration testers, OSINT specialists, and hackers.
  • The group announced Operation Panopticon in May with an aim to recruit 3,000 volunteer cyber offensive specialists. The recruited volunteers participated in attacks against the EU, the Ukrainian government, and private organizations.
  • In addition, several other divisions namely Phoenix, Rayd, Vera, FasoninnGung, Mirai, Jacky, DDoS Gung, and Sakurajima closely collaborated with Cyber Spetsnaz and its divisions to launch DDoS attacks.

Targeted victims

  • The hacker group targeted five Italian logistic terminals—Sech, Trieste, TDT, Yilport, and VTP—along with several financial institutions.
  • The Rayd division was associated with recent attacks on government resources in Poland, targeting the Ministry of Foreign Affairs, Senate, Border Control, and the Police.

Tools and techniques

  • In addition to proprietor tools, the threat actor leveraged several scripts such as Blood, DDoS Ripper, GoldenEye, Hasoki, Karma DDoS, and MHDDos to exploit poorly configured web servers.
  • For effective coordinated attacks, Cyber Spetsnaz members distributed domains assigned to the NATO infrastructure, allowing them to plan out an effective attack.

Conclusion

Resecurity, Inc. has discovered an increase in Cyber Spetsnaz activities. The group is strongly suspected to be state-sponsored. With strong collaboration and several impacted organizations, the group is posing a potential threat to its target.

Cyware Publisher

Publisher

Cyware