Anti-Kremlin hackers are escalating their cyberwar against the supporters of Russian President Vladimir Putin and his government, including leaks of personal information and knocking more pro-Russian websites offline.
Hackers have already leaked internal communications of the ransomware gang Conti after the group said it sided with the Russian government amid its invasion of Ukraine.
Alleged internal chat messages of the gang, which the FBI has said previously targeted American health care networks, were distributed on social media and sent to reporters and others.
“There are more dumps coming, stay tuned,” wrote a leaker to The Washington Times on Sunday.
The cyber intelligence company Recorded Future, which has interacted with the Conti gang, said it confirmed the authenticity of the initial leak of conversations dating back to January 2021. Emsisoft threat analyst Brett Callow also told The Washington Times the communications are definitely legitimate.
While the leakers did not identify themselves, speculation abounds that a Ukrainian ransomware operator who disagrees with the gang’s Russian members is responsible for the leak. According to Recorded Future’s The Record, the leaker is believed to be Ukrainian and the messages reveal Conti’s relationship with other cybercriminals, among other things.
Other hackers attacking the Russian government are taking credit for knocking government websites offline. The Russian government’s website, government.ru, was inaccessible on Monday, as social media accounts affiliated with the activist hacking group Anonymous shared news of the website’s outage starting on Sunday.
Anonymous has previously declared a cyberwar against the Russian government, and the @YourAnonOne account on Twitter said more than six Russian government websites were offline on Saturday.
The @YourAnonOne account previously said Anonymous was responsible for disrupting the Russian Ministry of Defense website and the state-controlled RT news website. However, Mr. Callow noted some people with a Russian internet protocol address were able to access RT when others were not.
The hacks are not likely to stop anytime soon. Ukrainian Digital Minister Mykhailo Fedorov called on Twitter for people to join an “IT Army” of Ukraine and he said tasks would get distributed publicly on the cloud-based messaging platform Telegram.
Among the targets listed on the IT Army of Ukraine’s Telegram channel on Monday were crypto exchanges that the group said were connected to Russian banks.
“Make them cry!” read the message from the IT Army of Ukraine’s channel.
Ukraine has continued to get hit with cyberattacks, too. Ukraine’s State Service of Special Communications and Information Protection said via Twitter on Monday that some embassy websites were recovering from cyberattacks and the government was moving its information technology infrastructure to new locations.
The Biden administration has warned people to prepare for cyberattacks against Ukraine spreading elsewhere. The FBI and Cybersecurity and Infrastructure Security Agency issued a joint advisory Saturday that said future cyberattacks against Ukraine “may unintentionally spill over to organizations in other countries” and it provided recommendations to defend against the attackers.
• Ryan Lovelace can be reached at rlovelace@washingtontimes.com.
Please read our comment policy before commenting.