‘Pravyy Sector’ and DNC leak as symptoms of new trend in Russian cyber operations

Hacking group Pravyy Sector (‘pravyy’ is bastardised Ukrainian for ‘right’, Right Sector is the name of Ukrainian ultranationalist party), responsible for leaking customer data of Polish ISP Netia, claimed on Twitter that they breached network of Polish Ministry of Defense. Group claimed that they gained full access to the MoD network and, what might be even more interesting, got their hands on ‘PRISM Poland logs’. Pravyy Sector then demanded $50 000 transferred to specified account or bitcoin address in exchange for not leaking the data.

To prove their access, group has posted screenshots from apparent MoD computer, photos of application to ‘PRISM service’ and xml containing information about hosts in alleged MoD network. It is worth noting that materials posted initially were hardly a proof of compromised network – attached screenshots suggests that all files were taken from single computer. MoD soon issued a statement claiming that attackers has gained only outdated documents and are trying to overestimate their success. Pravyy Sector countered with posting screenshots of emails with information related to organisation of recent NATO summit. Ultimately however, it seems that they bluffed. Alleged information coming from PRISM programme are probably just data collected by botnet with only superficial modifications made to make them more believable. Soon after, group has deleted twitts related to hack.

Continue reading “‘Pravyy Sector’ and DNC leak as symptoms of new trend in Russian cyber operations”