Hackers breach Russian FSB contractor and expose secret projects

• A hacker group named ‘0v1ru$’ breached SyTech and defaced the company’s website with a “Yoba face”.
• The stolen information includes several internal projects SyTech had worked for FSB unit 71330 including Nautilus, Nautilus-S, Reward, Mentor, Hope, and Tax-3.

Hackers breached SyTech, a contractor for the Russian Federal Security Service (FSB) and stole information about internal projects the contractor was working for the agency.

What happened?

On July 13, 2019, a hacker group named ‘0v1ru$’ breached SyTech and defaced the company’s website with a “Yoba face”. Hackers broke into SyTech's Active Directory server and gained access to the company's entire IT network, including a JIRA instance.

• Hackers stole 7.5TB of data from the company’s network including information on an internal project for deanonymizing Tor traffic.
• The 0v1ru$ hacker group posted the screenshots of the company's servers on Twitter as well as shared the stolen data with another hacking group named ‘Digital Revolution’.
• This hacker group shared the stolen data on their Twitter account on July 18, 2019.

“Все мы, журналисты, студенты и даже пенсионеры, находимся под навлюдением ФСБ. Присоединяйтесь к нам, как и 0V1ru$, защищая наше будущее! Они не заглушат наши голоса! @tjournal @Dobrokhotov @bbcrussian @unkn0wnerror,” Digital Revolution tweeted.

“All of us, journalists, students, and even pensioners, are under the supervision of the FSB. Join us, as well as $ 0V1ru, protecting our future! They will not drown our voices! @tjournal @Dobrokhotov @bbcrussian @ unkn0wnerror,” Google’s English translation read.

What information was stolen?

• The stolen information includes several internal projects SyTech had worked for FSB unit 71330 and fellow contractor Quantum since 2009.
• The projects include Nautilus, Nautilus-S, Reward, Mentor, Hope, and Tax-3.

BBC Russia, who received the full trove of stolen information, reported that there were also information on other older projects including Jabber (instant messaging), ED2K (eDonkey), and OpenFT (enterprise file transfer).

Worth noting

SyTech has taken down its website since the hack.

“Website "Siteka" is not available - neither in its previous form, nor in the version with "Yob-face". When you call the company on the answering machine, the standard message is turned on, in which you are invited to wait for the secretary’s response, but short beeps follow,” BBC Russia reported.