3 min Security

Hackers share after burglary work of contractor Russian secret service

Hackers share after burglary work of contractor Russian secret service

Hackers have managed to invade SyTech, a contractor of the Russian secret service FSB. The group has stolen information about internal projects that the company was working on for the department.

The hack took place on July 13th, writes ZDNet. A group called 0v1ru$ then managed to penetrate the Active Directory server of SyTech. From there they gained access to the entire IT network, including a JIRA instance. A total of 7.5 TB of data was stolen from the network. A yoba face also appeared on the company’s website. A yoba face is a popular emoji among Russian users, which stands for trolls.

The hackers placed screenshots of SyTech’s servers on Twitter. Later they shared the stolen information with Digital Revolution, which is another hacker group. This group managed to enter Quantum last year, which is also a contractor of the FSB.

FSB projects

Digital Revolution shared the stolen files with more details on their Twitter account. Later the information was also shared with Russian journalists. As a result, several stories have appeared in the Russian media about what SyTech has been working on for the FSB since 2009.

For example, SyTech was working on a project to collect data about users on social media. In addition, there is a project to deanonymize Tor traffic, and a project to secretly penetrate P2P networks. The creation of a closed intranet to store information on sensitive individuals, separate from other state IT networks, was also underway.

Under the name of Mentor, a project was underway to monitor and search the mail communication on the servers of Russian companies. There was also a project to investigate the topology of the Russian Internet, and how it connects to the networks of other countries.


So most projects are about exploring modern technology. However, two projects seem to have been tested in the real world. Nautilus-S is one of them. That’s the project to deanonymize Tor traffic. Work on this began in 2012. In 2014, scientists from Karlstad University in Sweden published a paper on the use of malignant Tor exit nodes, which tried to decrypt Tor traffic. Researchers were able to identify 25 rogue servers. Eighteen of them were in Russia and were running Tor version, which was the same as in the leaked files.

Hope – which explored the structure and layout of the Russian part of the Internet – was also tested in the real world. Earlier this year, Russia ran a test in which it disconnected the national segment from the rest of the Internet.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.