According to Kommersant, in the leaked documents you can find information about salaries, layoffs, and defects in cultural heritage sites.

The data was published on the hacktivist website DDoSecrets (Distributed Denial of Secrets). According to media reports, the dump contains 230,000 letters from the Ministry of Culture, 230,000 letters for the period from 2019 to 2022 from the administration of the city of Blagoveshchensk, and 130,000 letters dated 2016-2022 from the office of the governor of the Tver region.

According to Cybernews, the leak was the result of an Anonymous attack, as earlier hacktivists had declared war on the Russian government in connection with a “special military operation” in Ukraine.

Kommersant’s own source confirmed that the posted files contain real mail correspondence from Russian departments. The correspondent of the publication got acquainted with one of the archives and made sure that it really contains letters sent from the Ministry of Culture, including information on salaries, dismissals, correspondence on the topic of defects in cultural heritage objects, as well as internal correspondence of employees of the Federal State Budgetary Institution Rosgosexpertiza controlled by the Ministry of Culture.

Representatives of the Ministry of Culture confirmed to the media that they had detected a hacker attack on the email of the subordinate Federal State Budgetary Institution Rosgosexpertiza:

According to information security experts interviewed by the journalists, the cause of the leak was the exploitation of the vulnerability of mail servers, which “speaks of the neglect of cybersecurity policy by government agencies.”

The correspondence of the Ministry of Culture could contain, among other things, information on budgets, projects, provision of conditions by contractors, conditions of competitions and tenders, suggests Ilya Tikhonov, head of compliance and audit at Softline UIB. In his opinion, in such correspondence “with a high degree of probability there is no information that is detrimental to the state.”

However, theoretically, Tikhonov notes, the incident could lead to a revision of budgets, reevaluation of projects and conditions of competitions:

Recall also that we reported that Anonymous claims they hacked dozens of CCTV cameras in Russia.

The post Anonymous hackers published the mail database of the Ministry of Culture of Russia appeared first on Gridinsoft Blog.

The Aviatorshchina Telegram channel was the first to report the attack, which wrote that as a result of a hacker attack, Russian Aviation lost files on servers and all documents.

It was reported that the attack allegedly occurred due to poor performance of contractual obligations by InfAvia LLC, which operates the IT infrastructure of the Federal Air Transport Agency.

The Federal Air Transport Agency does not have backup copies, “because the Ministry of Finance did not allocate money for this,” the source of the Telegram channel claims.

The channel also published a screenshot of a message from the head of the Federal Air Transport Agency, Alexander Neradko, telling that due to the lack of access to the Internet and a failure in the electronic document management system, the department is temporarily switching to paper document management, courier mail and Russian Post.

The attack was also commented on in the Anonymous group.

Recall that Anonymous hackers declared war on the Russian government.

The Kommersant publication writes that the Federal Air Transport Agency did not respond to their requests, but two sources close to the service confirmed the existence of problems and the fact of a hacker attack. They specified that specialists are now working on restoring access to the servers.

Interestingly, the fact of the attack was indirectly confirmed by the head of Russian Aviation, Alexander Neradko, although he denies the loss of terabytes of data and the transition to paper workflow. In an interview with MK journalists, Neradko said:

We also wrote that Hacker groups split up: some of them support Russia, others Ukraine.

The post Russian Aviation agency switched to paper documents due to a hacker attack appeared first on Gridinsoft Blog.

The feeds from the cameras are collected on a special site called Behind Enemy Lines, where various messages are superimposed on the picture, reporting information about the Russian invasion of Ukraine in a country where any free media activity is blocked and severe censorship is introduced.

200RF.com is another site posting information about Russian soldiers in Ukraine.

In total, the site collected data from more than 80 cameras, which the hackers divided into categories: “inside”, “outside”, “restaurants”, “offices”, “business”, “schools” and so on.

During the launch, the site had a “home” section, but now it is empty, and Anonymous writes that they have removed the video from the site:

Let me remind you that Anonymous hackers declared war on the Russian government.

Vice Motherboard journalists note that, according to their data, many cameras are indeed located in Russia. On one of the CCTV feeds, Motherboard looked at one of the convenience stores that had a Russian sign saying “Happy Easter”, suggesting that the channel was at least either live or filmed around that time of year. Another one ended up in the Siberian Tyumen region.

However, it is not clear exactly how the hacktivists gained access to them. Probably Anonymous used some kind of search engine (like Shodan).

We also wrote that The popular node-ipc npm package removes files on systems of developers from Russia and Belarus.

The post Anonymous claims they hacked dozens of CCTV cameras in Russia appeared first on Gridinsoft Blog.

Shortly thereafter, the group claimed responsibility for taking down a number of government websites, the RT website, and the Russian Ministry of Defense.

It should be noted that yesterday there were indeed problems with access to kremlin.ru, as well as other government resources and banking sites, and RT representatives confirmed that they were under heavy DDoS attacks.

Currently, all of the listed sites are available, and the National Coordination Center for Computer Incidents (NCCC) warned of the threat of “an increase in the intensity of computer attacks on Russian information resources, including critical information infrastructure.”

The Record, which also records the escalation of cyberattacks in linkage with the outbreak of a military conflict, noted that the Russian government seems to have taken protective measures. Thus, government sites, including the exclusively military domain mil.ru, have become inaccessible to foreign visitors – resources limit traffic from sources outside of Russia.

Actually, this means that the servers are now configured not to show the content of the site to people trying to access it from another country. Instead, visitors from blocked areas see a “418 I’m a teapot” error.

This error originated as a joke in the late 90s and is not part of any official standard. Usually, these errors are used as a kind of “inside joke” among network administrators to block incoming traffic. In particular, they are used in response to DDoS attacks and attempts to parse sites or APIs to inform attackers that their activities have been detected and actively blocked.

However, soon a merged database of the website of the Russian Ministry of Defence appeared on the network – mil.ru from Zer0Day Lab. Anonymous claimed responsibility for the hack. Please, decide for yourself how successful the attacks against the Russian government are and how ethical it is to leak this data into the network.

Let me remind you that we also wrote that the FBI and NSA release a statement about attacks by Russian hackers, and that Russian-speaking hackers attacked the government infrastructure of Poland.

The post Anonymous hackers declared war on the Russian government appeared first on Gridinsoft Blog.

The stolen data (over 180 GB) was published in torrent format and, according to hackers, contains information for the last decade.

Since the company denied the fact of hacking, the hackers laughed at Epik and additionally hacked the hoster’s knowledge base, adding their own mocking edits to it.

In total, the dump published by the hackers contained 15,003,961 email addresses that belong to both Epik customers and people who had no business with the company, ArsTechnica now reports.

Reporters explain that Epik scraped the WHOIS records of domains, including those that were not owned by the company, and kept those records for themselves. As a result, the contact information of people who had never interacted directly with Epik were also kept by the company.

The data breach aggregator HaveIBeenPwned has already begun sending out warnings to millions of victims whose email addresses have been compromised. One of the victims was the founder of this service, Troy Hunt, although he never had anything to do with Epik.

In a Twitter poll, Hunt asked his followers if affected non-Epik customers would like to be notified of violations. The majority answered the question in the affirmative.

ArsTechnica reporters note that they saw part of the whois.sql file, which is approximately 16 GB in size. It is filled with email addresses, IP addresses, domains, physical addresses, and phone numbers of users. However, some WHOIS records are clearly out of date and contain incorrect information about domain owners (people no longer own these assets).

According to information security specialists Emily Gorchensky and Adam Sculthorpe, Epik representatives have finally admitted the fact of the hack and are now notifying their clients about “unauthorized intrusion” into their systems.

The company urges customers to remain vigilant and monitor any information they use while using the company’s services (including billing information, credit card numbers, names, usernames, email addresses and passwords).

Although the company does not yet know for sure whether customers’ bank card data has been compromised, users are advised to “contact the companies that issued the bank cards used for transactions with Epik and notify them of potential data compromise” as a precautionary measure.

The post Epik hoster hack affected 15 million users, not just the company’s clients appeared first on Gridinsoft Blog.

The hack, which, judging by the time marks, is dated February of this year, was announced by the hackers on a special website, as well as on 4chan.

This hack was carried out by the hacktivists as part of the #OperationJane campaign, which is directed against the recently passed Texas “heartbeat law“, which severely restricts women’s right to abortion. Earlier, as part of this operation, Anonymous defaced the website of the Texas Republican Party, which was involved in promoting the controversial law.

Official press release from Operation Jane.#OperationJane #TexasAbortionLaw pic.twitter.com/BfC11BODsD

— Operation Jane (@OperationJane) September 3, 2021

The Record reports that a person associated with Anonymous provided a full copy of the dump at the disposal of the editors, and the study of this database only confirms all the hackers’ claims. For example, a 32 GB torrent file hosted on the DDoSecrets portal includes several SQL database dumps, which contain gigabytes of confidential information, including information about domain owners and transactions, account data, and a large collection of various personal data.

Most of the archived data contained exactly what the hackers were talking about: SSH keys, source codes, mailbox contents, and many private keys that neither hackers nor journalists were able to associate with anything in particular.

Anonymous claims that the leak contains information on all domains that have ever been hosted or registered with Epik, but it simply cannot be verified. Instead, The Record reporters called three randomly selected Epik clients whose data was in the dump and verified that the leak contained their real names, email addresses and residential addresses.

At the same time, the hacktivists themselves propose to use the leak not only to denigrate Epik, which supports the radical right, but also urge reporters, activists and information security researchers to study the dump and search it for information about domains associated with government hackers, terrorists and Nazis.

Interestingly, Epik representatives deny the hack:

Anonymous representatives have already laughed at this statement of the company: in response, the hacktivists hacked into the Epik knowledge base and made their own edits to it.

The message ended with a sarcastic statement: “We wrote it all ourselves, and obviously it not a part of the hacked account.” Currently, Epik employees have already removed this page.

You might also be interested in the information that ProxyToken Vulnerability Allows Stealing Mail Through Microsoft Exchange.

The post Anonymous hacktivists attacked the Epik hoster with the right-wing radical sites appeared first on Gridinsoft Blog.