The Russian Sytech, FSB contractor, hacked !!! Projects and data made public

(To Alessandro Rugolo)
22/07/19

News began to arrive, albeit late. The affected one does not seem to be one of the important ones, it is not a big company, it is not known to the general public, and yet ...

The question is which Sytech is a company that works for the Federal Security Service ... of Russia !!!

The news, we said, begins to filter, despite the difficulties due to the language. The 13 last July a hacker group called $ 0v1ru announced that it had hacked the company (which works for the FSB from the 2009) and stole from its internal network about 7,5 Tera bytes of data. Among these are a number of projects concerning the cyber domain.

The type of attack, which hits a link in the supply chain to hit a bigger and better protected organization, is called "supply chaine attack" and is increasingly common.

To demonstrate that they actually hacked the company, the group proceeded to the more classic "defacement", modifying the site's home page with the "yoba-face" image and published several screens relating to the internal network.

The data was passed to another group known as DigitalRevolution and already author of similar companies, which then shared information stolen with the Russian media.

It seems that most of the stolen projects were developed in favor of the 71330 Military Unit, which deals with "signal intelligence".

The Russian BBC site has listed a list of stolen projects, these seem to be the most interesting:

  • Nautilus, for the collection of data from social media (Facebook, LinkedIn ...);
  • Nautilus-S, for the de-anonymisation of TOR traffic ();
  • Reward, to get under cover in P2P networks;
  • Nadezhda, a tool to explore the topology of the Russian internet;
  • Tax-3, for creating a secure intranet;
  • Mentor, to monitor email communications.

From other sources we learn that the attack occurred against the Active Directory server of the Sytech. Once control was obtained, the data was taken over.

This is just a first glimpse of a wealth of documents that, having been made public, now only takes the time to be explored.

To date, the site of the Russian company is still off.

To learn more:
- https://www.bleepingcomputer.com/news/security/russian-fsb-intel-agency-...
- https://www.terabitweb.com/2019/07/20/russian-fsb-intel-agency-contracto...
- https://www.zdnet.com/article/hackers-breach-fsb-contractor-expose-tor-d...
- https://www.forbes.com/sites/zakdoffman/2019/07/20/russian-intelligence-...
- https://www.bbc.com/russian/features-49050982
- https://www.cs.kau.se/philwint/spoiled_onions/techreport.pdf
- https://www.sytech.ru/