Belarusian hacktivists claim to breach Russia’s internet regulator
A Cyber Partisans logo
Daryna Antoniuk November 22, 2022

Belarusian hacktivists claim to breach Russia’s internet regulator

Belarusian hacktivists claim to breach Russia’s internet regulator

A unit of the Russian internet and media regulator Roskomnadzor confirmed Saturday that hackers had breached its systems after the Belarusian hacktivist group known as the Cyber Partisans claimed to attack the organization.

The Russian General Radio Frequency Center (GRFC), one of Roskomnadzor’s agencies, said the hackers were unable to access sensitive information, and also denied that its workstations were encrypted by the group.

Cyber Partisans on Friday claimed to have stolen thousands of internal documents from the agency and locked its computer systems. The documents allegedly contain files about Roskomnadzor’s attempts “to establish total control over everyone who has spoken out against the Putin regime over the past 20 years,” according to the group.

The hacktivists say they will analyze the documents and hand them over to journalists for further investigation.

Details of the cyberattack

GRFC said that hackers made their first attempts to break into the agency’s system last month using a “previously unexploited vulnerability.” Such attacks are not new — according to GRFC, hackers attack its infrastructure almost daily — sometimes the agency records more than 10 hacking attempts per day.

GRFC said the cyberattack on its systems was “under control” and no confidential information was leaked. In response, Cyber Partisans revealed on Saturday what data they gained access to. It includes employees’ passport data and medical records, internal emails and reports on the agency’s projects, including bot farms and internet surveillance of journalists, bloggers, and ordinary users.

“And since, according to the GRFC, we received non-classified data, we believe that we can make it public with a clear conscience,” Cyber Partisans wrote on Telegram.

The group also previously posted screenshots showing some of the documents that were allegedly leaked. One of them shows a web page with a logo of Russia’s Office of Operational Interaction (“KOV” in Russian), which is the automated system developed by Roskomnadzor in 2020 to track anti-war materials online. Journalists first wrote about it in April after a whistleblower website called Distributed Denial of Secrets published a large data leak from another Roskomnadzor agency.

Another screenshot shows a list of posts on Telegram and the Russian social network Vkontakte related to the war in Ukraine.

The Cyber Partisans also claimed to find evidence that the software of the Belarusian surveillance company Falcongaze has been used to spy on RGFC employees. 

“We know everything employees were doing in the last three months,” Cyber Partisans said. “Falcongaze, your systems are weak. Stop supporting dictators!” 

Falcongaze did not respond to questions about the allegations.

Although it’s unclear how impactful the breach is, Roskomnadzor’s data could be potentially eye-opening if made public. 

In September, The New York Times wrote about the inside work of Russia’s “vast surveillance state” using documents leaked from Roskomnadzor’s office in the Republic of Bashkortostan. Russian independent news website Meduza used the same trove of data to write about automated systems used by Roskomnadzor to monitor online content “capable of destabilizing Russia’s sociopolitical situation.”

Daryna Antoniuk is a freelance reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.