HomeTech NewsCybersecurityAlleged hacktivists directed by Russian intelligence

Alleged hacktivists directed by Russian intelligence

Published on

- Advertisement -

Mandiant’s IT security experts have observed some self-proclaimed hacktivist groups on Telegram. These turned out to be controlled by Moscow.


Analysts at IT security firm Mandiant have investigated some hacktivist groups on Telegram. They found links to the Russian-federation/">Russian military intelligence service GRU. The Telegram channel administrators and group leaders were either controlled directly by the GRU or cooperated with the service. However, individual group members are certainly traveling independently of Russia.

- Advertisement -


In particular, researchers have focused on three Russian-speaking groups coordinated via Telegram since the start of the Russian invasion of Ukraine: XakNet Team, Infoccentr, and CyberArmyofRussia_Reborn. In doing so, they came across clear indications that the moderators of the groups had a connection with the Russian state. This includes the analysis of the chronological course of system intrusions and data leaks in Ukrainian organizations.

The group members considered themselves hacktivists. However, due to state control by Russia’s military intelligence service, there can be no question of this. The groups essentially carried out DDoS attacks, website defacements and data theft intrusions, Mandiant explains in the analysis.

Mandiant assumes that the groups’ moderators coordinate their operations with the Russian secret services. The fact that tools from the well-known GRU-backed cyber gang APT28 were found in the networks of the Ukrainian victims contributes to the impression. In addition, the data stolen during the break-ins was published on Telegram within 24 hours of the deletion activities by APT28 – the cyber war against Ukrainian organizations started in February with such wiper malware. Other indications are inauthentic activities by the moderators and similarities to previous GRU operations.

- Advertisement -

The IT security researchers have also found connections between the XakNet team and the pro-Russian cyber gang KillNet. These also indicated that XakNet and KillNet coordinated some of their actions. KillNet emerged around the end of June with DDoS attacks on Lithuania. XakNet team moderators are likely working at the behest of the Kremlin, Mandiant concludes that a leak from the group included a tool from APT28 that is very unique. The moderators are either GRU officers or work directly with the GRU APT28 officials.

From CyberArmyofRussia_Reborn, Mandiant assumes that the moderators at least coordinate their activities with APT28. The timing of data release and the group’s association with XakNet, although the nature of this relationship is unclear, suggest this. The main goal of the channel is defamation, making it into press releases and influencing politics.

The Telegram channel Infoccentr, on the other hand, was launched in early March and is dedicated to pro-Russian (dis)information campaigns, the analysts explain. The pro-Russian group members fought against anti-Russian and pro-Ukrainian currents on social networks and other information channels. The moderators coordinated their actions at least with APT28, which the researchers conclude from the timeline of data leaks and the gangs with XakNet.

- Advertisement -

Tracking down the links between so-called hacktivists and Russian spy and attack groups can help victims assess the risk of compromise and prepare themselves and their customers for potential data breaches — and mitigate some of the impact, Mandiant says. The company is also observing other groups and expanding its findings, for example on the goals and links between KillNet, FromRussiaWithLove (FRWL), DeadNet, Beregini, JokerDNR (alternative spelling JokerDPR) or RedHackersAlliance.

- Advertisement -

Latest articles

Realme 10T 5G is announced with Dimensity 810, 90 Hz screen and 50 MP camera

After several rumors and leaks, Realme announced a new intermediary in Thailand: the Realme...

The Google Play Store will make life easier for users of several smartphones

Good news for those who use several smartphones on a daily basis, the new...

More like this