View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 23, 2022

Hacktivists working with Russia’s GRU security force in Ukraine war – Google Mandiant

Close links between hacktivists and security forces in Russia have long been suspected by cybersecurity experts.

By Matthew Gooding

Russian hacktivist groups appear to be working with the GRU, Russia’s military intelligence agency, as part of the war in Ukraine, evidence uncovered by researchers at Google-owned security company Mandiant has revealed.

Russian security forces are working closely with hacktivists, a new report suggests (Photo by DZMITRY SCHAKACHYKHIN/Shutterstock)

A new report from Mandiant, which was acquired by Google earlier this month, identifies three hacktivist groups – online vigilantes who seek to disrupt organisations for political purposes – that its analysts believe are actively working with the GRU to attack Ukraine’s allies.

The report, the findings of which were first published in the Wall Street Journal, says the current cybercrime situation in Russia is unprecedented. “We have never previously observed such a volume of cyberattacks, variety of threat actors, and coordination of effort within the same several months,” it says.

Is Russia’s GRU working with hacktivist groups?

Mandiant’s researchers have identified four occasions where cyberattacks carried out by the GRU appear to have been co-ordinated with hacktivist activity.

On each occasion, GRU-linked hackers have installed wiper software on the victim’s systems to disrupt networks and steal information. Within 24 hours of each attack, hacktivist groups were seen leaking data stolen in the attacks online.

The report identifies a trio of pro-Russia hacktivist gangs – XakNat Team, Infoccentr and CyberArmyofRussia_Reborn – as being involved in these incidents.

John Hultquist, vice president of intelligence analysis at Mandiant, said the groups “cannot be taken lightly”. He told the WSJ that their links with the GRU “are hard to ignore and they suggest the relationship isn’t incidental”.

Russia’s war in Ukraine and the return of hacktivism

Cybersecurity experts have suspected Russian hackers of working closely with the government since the war in Ukraine began. Several prominent hacking groups have come out in support of Vladimir Putin’s regime, and analysts say such public declarations of allegiance can help gangs curry favour with the Russian police.

Content from our partners
Why all businesses must democratise data analytics
Unlocking the value of artificial intelligence and machine learning
Behind the priorities of tech and cybersecurity leaders

Hacktivists have also been coming to Ukraine’s aid. At the start of the war, Ukraine’s Minister of Digital Transformation Mykhailo Fedorov called on anyone with “digital talents” to join what he described as an “IT army”. A Telegram group set up for the initiative quickly gained more than 34,000 members, and this week it was reported that the IT army had stolen personal details of mercenaries recruited to take part in the war by the Wagner Private Military Company, a Russian organisation.

While these actions can help the war effort, the unpredictability of hacktivists means they can inadvertently undermine other cybersecurity operations. Speaking at the CyberUK conference earlier this year, the NSA’s head of cybersecurity, Rob Joyce, said the IT Army were “trying to do the noble thing” but warned that their actions can be problematic for security services.

Read more: Russia-linked Killnet claims responsibility for Lithuania attack

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED

THANK YOU