Hackers Exfiltrate 7.5TB From Russian FSB Contractor


'Biggest ever breach' exposes project to de-anonymize Tor traffic. IF YOU'RE A CONTRACTOR to a government intelligence service, then getting hacked is a really bad look. Especially if the hacking reveals a number of projects that are slyly being worked on.

That's exactly what happened to SyTech, a Russian company that does work on behalf of the Federal Security Service (FSB), the country's national intelligence service. While it's always fun to put a trolling smiley on the company homepage (pictured above - that's not an author bio), the real bounty was the information on top-secret projects which is now public domain, after being sent to BBC Russia.

In all, 7.5TB of data was nabbed, and it included a number of sensitive projects designed to spy on users more effectively. ‘Reward' is designed to keep tabs on P2P networks, while ‘Mentor' monitors company email communications.

Beautifully illustrating the ‘one rule for us' mantra, ‘Tax-3' is a project designed to create a closed intranet for the tax concerns of state figures, judges and officials, away from the state's other IT networks. So the Russian government isn't against all forms of privacy.

But perhaps the most interesting projects are 'Nautilus' and ‘Nautilus'. ‘Nautilus' gathers data from social media accounts while ‘Nautilus-S' may sound like a souped up version, but is actually designed to de-anonymize Tor traffic, making dissidents' lives a nightmare.

What's interesting about this is that it's possible ‘Nautilus-S' has actually been seen in the wild. The project started in 2012, but if you cast your mind back to 2014, you'll remember that Swedish academics published a paper warning of hostile Tor exit notes. Of the 25 malicious servers the researchers found, 18 were in Russia.

Since the hack, SyTech has taken its website down, and is apparently ignoring media inquiries. You imagine the Russian government would like a word, too. I betcha they came in with one good spear phishing attack, targeting the admins with keys to the kingdom. 

Cross-posted with grateful acknowledgment to The Inquirer: https://www.theinquirer.net/inquirer/news/3079329/fsb-contractor-hack-tor

Find out how affordable new-school security awareness training is for your organization. Get a quote now.

Get A Quote
Request A Demo

Topics: Hacking

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews