According to Mandiant, at least 3 hacktivist groups are supporting Russian interests, which involves collaborating with state-sponsored cyber threat actors.
Mandiant, a Google owned cybersecurity firm said, with responsibility “moderators of the purported hacktivist Telegram channels ‘XakNet Team,’ ‘Infoccentr,’ and ‘CyberArmyofRussia_Reborn’ are coordinating their operations with Russian Main Intelligence Directorate (GRU)-sponsored cyber threat actors.”
Mandiant believes that data from Ukrainian organizations was leaked because it occurred within 24 hours of a malicious attack undertaken by the Russian nation-state group tracked as APT28 (aka Fancy Bear, Sofacy, or Strontium).
Four data leaks in these groups happened at the same time as wiping malware attacks by APT28, related to a strain dubbed CaddyWiper.
APT28 is known for breaching the Democratic National Committee and for being associated with the Russian military intelligence agency, the General Staff Main Intelligence Directorate. Drawing public attention in 2016, this group made its operation known to the world.
These fake personas are thought to be a front for information operations and destructive cyber activity.
We can’t tell exactly how involved Russians were or if they’re affiliated, but either way they were partly at fault.
These leaks have a great deal of evidence suggesting that Russia was behind these cyberattacks, providing insight into similar situations.
The cybersecurity company found that the XakNet Team worked with Infoccentr as well as the pro-Russia group KillNet.
Russia is using social media to influence Ukrainian elections. They are manipulating recent events such as the war in Ukraine, to create confusion and manipulate polls for their own gain.
Emotet Botnet Is Distributing Quantum and BlackCat Ransomware
Russian Sandworm Hackers Impersonate Ukrainian Telecoms to Distribute Malware
Cryptocurrency Market Maker Wintermute loses $160m in Cyber-Heist