Russian Agency and Major ISP Vendor Compromised by Hackers

In the span of a few days, a Russian government agency and a major ISP provider have been compromised by hackers, leading to loss of data and disruption of internet services. 

Ukraine and Russia have been trading blows in cyberspace since the invasion began, and it shows no sign of slowing down. While some attacks have been directly confirmed by Ukranian hackers or groups helping the country, others remain anonymous. 

On Jan. 9, a group calling itself Silent Crow attacked the Rosreestr Russian agency, which is Russia's official cadastre and cartography agency. This type of agency deals with a lot of personal information that is now in the hands of the attackers, who've already published a part of it to demonstrate its validity. 

Initial reports about an attack on Rosreestr were not confirmed by the Russian authorities. 

"Rosreestr does not confirm the data leak from the Unified State Register of Real Estate (EGRN)," said the agency on Telegram. "Additional verification of the information published on several Telegram channels is currently underway." 

To prove the validity of the attack, Silent Crow published its retort, also on Telegram. 

"Today is our first post, and though it's a bit late, we'd like to wish Russians a Happy New Year. Not long ago, we hacked and leaked the databases of ‘Rosreestr,’ which contained all the personal information of every Russian citizen," the group said. 

"Rosreestr (Federal Service for State Registration, Cadastre, and Cartography) is a critically important resource for property registration, maintaining the cadastre, and conducting cartographic activities. We decided to release a small portion, approximately 90,000,000 rows, from the Unified State Register of Real Estate. The full dump contains about 2,000,000,000 rows," they added. 

The agency's website is still down, and there's no indication of what the hackers plan to do with the exfiltrated data. 

Also, the Nodex Russian internet provider has been taken fully down by the Ukrainian Cyber Alliance, who shared some information about the hack on Telegram. 

"The Russian internet provider Nodex in St. Petersburg was completely looted and wiped. Data exfiltrated, while the empty equipment without backups was left to them" 

Unlike Rosreestr, the Nodex admitted to have problems, and they said as much on VK.com. 

"Dear subscribers! There was a planned attack on the network infrastructure at night (presumably from Ukraine). The network has been destroyed. We are raising it from backup copies. There are no deadlines or forecasts. First, we will raise the telephony and call center." 

The company also made a point of assuring customers that they don't have access to credit card data so that information should remain safe.