A unit of the Russian internet and media regulator Roskomnadzor confirmed On Saturday, hackers had breached its systems after the Belarusian cyber-activist group known as Cyber Partisans claimed to have attacked the organisation.
The Russian General Radio Frequency Center (GRFC), one of Roskomnadzor’s agencies, said the hackers were unable to access sensitive information and also denied that his workstations were encrypted by the group.
Cyber Partisans Friday claimed that he stole thousands of internal agency documents and locked down its computer systems. The documents purportedly contain files on Roskomnadzor’s attempts “to establish total control over all those who have spoken out against Putin’s regime over the past 20 years,” according to the group.
The hacktivists say they will analyze the documents and hand them over to journalists for further investigation.
Details of the cyber attack
GRFC said last month hackers made their first attempts to break into the agency’s system using a “previously unexploited vulnerability.” Such attacks are not new – according to GRFC, hackers attack its infrastructure on an almost daily basis – sometimes the agency logs more than 10 hacking attempts per day.
GRFC said the cyber attack on its systems was “under control” and that no confidential information was leaked. In response, Cyber Partisans revealed Saturday what data they accessed. It includes data on employee passports and medical records, internal emails, and reports on agency projects, including bot farms and Internet surveillance of journalists, bloggers, and ordinary users.
“And since, according to the GRFC, we have received unclassified data, we believe we can make it public with a clear conscience,” Cyber Partisans wrote on Telegram.
The group has also previously released screenshots showing some of the allegedly leaked documents. One of them Shows a web page with a logo of Russia’s Office of Operational Interaction (“KOV” in Russian), which is the automated system developed by Roskomnadzor in 2020 to track anti-war materials online. Reporters first he wrote about it in April after a whistleblower website called Distributed Denial of Secrets published a large data leak from another Roskomnadzor agency.
Another screenshot shows a list of posts on Telegram and the Russian social network Vkontakte related to the war in Ukraine.
Cyber Partisans also said they found evidence that Belarusian surveillance firm Falcongaze’s software was being used to spy on RGFC employees.
“We know everything employees have done in the past three months,” Cyber Partisans said. “Falcongaze, your systems are weak. Stop supporting dictators!
Falcongaze did not respond to questions about the allegations.
While the impact of the breach is unclear, Roskomnadzor’s data could be eye-opening if made public.
In September, the New York Times he wrote on the internal work of Russia’s “extensive surveillance state” using documents leaked from Roskomnadzor’s office in the Republic of Bashkortostan. Russian independent news site Meduza used the same trove of data to write automated systems used by Roskomnadzor to monitor online content “capable of destabilizing the socio-political situation in Russia”.