Hackers claim to target Russian institutions with a barrage of cyberattacks and leaks.

Hackers claim to target Russian institutions with a barrage of cyberattacks and leaks.

Red Square outside the Kremlin in Moscow. The Ukrainian government appears to have begun a parallel effort to punish Russia by publishing the names of Russian soldiers and agents of the F.S.B., a major Russian intelligence agency.
Red Square outside the Kremlin in Moscow. The Ukrainian government appears to have begun a parallel effort to punish Russia by publishing the names of Russian soldiers and agents of the F.S.B., a major Russian intelligence agency.Credit…Maxim Shipenkov/EPA, via Shutterstock

Hackers claim to have broken into dozens of Russian institutions over the past two months, including the Kremlin’s internet censor and one of its primary intelligence services, leaking emails and internal documents to the public in an apparent hack-and-leak campaign that is remarkable in its scope.

The hacking operation comes as the Ukrainian government appears to have begun a parallel effort to punish Russia by publishing the names of supposed Russian soldiers who operated in Bucha, the site of a massacre of civilians, and agents of the F.S.B., a major Russian intelligence agency, along with identifying information like dates of birth and passport numbers. It is unclear how the Ukrainian government obtained those names or whether they were part of the hacks.

Much of the data released by the hackers and the Ukrainian government is by its nature impossible to verify. As an intelligence agency, the F.S.B. would never confirm a list of its officers. Even the groups distributing the data have warned that the files swiped from Russian institutions could contain malware, manipulated or faked information, and other tripwires.

Some of the data may also be recycled from previous leaks and presented as new, researchers have said, in an attempt to artificially increase the hackers’ credibility. Or some of it could be manufactured — something that has happened before in the ongoing cyberconflict between Russia and Ukraine, which dates back more than a decade.

But the hacking effort appears to be part of a campaign by those opposing the Kremlin to help in the war effort by making it extremely difficult for Russian spies to operate abroad and by planting a seed of fear in the minds of soldiers that they could be held to account for human rights abuses.

Dmitri Alperovitch, a founder of the Silverado Policy Accelerator, a Washington think tank, and the former chief technology officer at the cybersecurity firm CrowdStrike, said there was reason to maintain a healthy skepticism about the reliability of some of the leaks.

But he added that the hacking campaign “once again may prove that in the age of pervasive cyberintrusions and the generation of vast amounts of digital exhaust by nearly every person in a connected society, no one is able to hide and avoid identification for egregious war crimes for long.”

The leaks also demonstrate Ukraine’s willingness to join forces with amateur hackers in its cyberwar against Russia. In early March, Ukrainian officials rallied volunteers for hacking projects, and the Ukrainian government has been publishing information about its opponents on official websites. A channel on the messaging platform Telegram that lists targets for the volunteers to hack has grown to more than 288,000 members.

American intelligence officials say they believe that hackers operating in Russia and Eastern Europe have now been split into at least two camps. Some, like Conti, a major ransomware group that was itself hacked in late February, have pledged fealty to President Vladimir V. Putin of Russia. Others, mostly from Eastern Europe, have been offended by the Russian invasion, and particularly the killings of civilians, and have sided with the government of President Volodymyr Zelensky of Ukraine.

Some of the online combatants have shifted away from tactics used earlier in the conflict. In the first phase of the war, Ukrainian hackers focused on attacks intended to knock Russian websites offline. Russian hackers targeted Ukrainian government websites in January, ahead of the invasion, installing “wiper” malware that permanently clears data from computer networks. More recently, Russian hackers appear to have mounted attacks that could have turned off electricity or shut down military communications. (Several of those efforts were foiled, American officials say.)

But the disclosure of personal data is more akin to information warfare than cyberwarfare. It has echoes of Russia’s tactics in 2016, when hackers backed by a Russian intelligence agency stole and leaked data from the Democratic National Committee and from individuals working on Hillary Clinton’s presidential campaign. Such hacks are intended to embarrass and to influence political outcomes, rather than to destroy equipment or infrastructure.

Experts have warned that the involvement of amateur hackers in the conflict in Ukraine could lead to confusion and incite more state-backed hacking, as governments seek to defend themselves and strike back against their attackers.

“Some cybercrime groups have recently publicly pledged support for the Russian government,” the Cybersecurity and Infrastructure Security Agency warned in an advisory on Wednesday. “These Russian-aligned cybercrime groups have threatened to conduct cyberoperations in retaliation for perceived cyberoffensives against the Russian government or the Russian people.”

Distributed Denial of Secrets, or DDoSecrets, the nonprofit organization publishing many of the leaked materials, was founded in 2018 and has published material from U.S. law enforcement agencies, shell companies and right-wing groups. But since the beginning of the war in Ukraine, the group has been flooded with data from Russian government agencies and companies. It currently hosts more than 40 data sets related to Russian entities.

“There has been a lot more activity on that front since the start of the war,” said Lorax B. Horne, a member of DDoSecrets. “Since the end of February, it hasn’t been all Russian data sets, but it has been an overwhelming amount of data that we’ve been receiving.”

DDoSecrets operates as a clearinghouse, publishing data it receives from sources through an open submission process. The organization says that its mission is transparency with the public and that it avoids political affiliations. It is often described as a successor to WikiLeaks, another nonprofit group that has published leaked data it received from anonymous sources.

On March 1, the Ukrainian news outlet Ukrainska Pravda published names and personal information that it said belonged to 120,000 Russian troops fighting in Ukraine. The information came from the Center for Defense Strategies, a Ukrainian security think tank, the news outlet reported. In late March, Ukraine’s military intelligence service leaked the names and personal data of 620 people it said were officers with Russia’s F.S.B.

And in early April, the military intelligence service published the personal information of Russian soldiers it claimed were responsible for war crimes in Bucha, a suburb where investigators say Russian troops waged a campaign of terror against civilians.

“All war criminals will be brought to justice for crimes committed against the civilian population of Ukraine,” the military intelligence service said in a statement on its website that accompanied the Bucha data dump. (Russia has denied responsibility for the Bucha killings.)

Russian state-backed hackers have also carried out a number of cyberattacks in Ukraine since the war began, targeting government agencies, communications infrastructure and utility companies. They have largely relied on destructive malware to erase data and disrupt the operations of critical infrastructure companies, but they have occasionally used hack-and-leak tactics.

In late February, a group calling itself Free Civilian began to leak personal information that supposedly belonged to millions of Ukrainian civilians. Although the group posed as a collective of “hacktivists,” or people using their cyberskills to further their political ends, it actually operated as a front for Russian state-backed hackers, according to researchers at CrowdStrike. The hack-and-leak operation was intended to sow distrust in Ukraine’s government and its ability to secure citizens’ data, the researchers said.

Hackers affiliated with Russia and Belarus have also targeted news media companies and Ukrainian military officials in an effort to spread disinformation about a surrender by Ukraine’s military.

But much of Russia’s hacking efforts have focused on damaging critical infrastructure. Last week, Ukrainian officials said they had interrupted a Russian cyberattack on Ukraine’s power grid that could have knocked out power to two million people. The G.R.U., Russia’s military intelligence unit, was responsible for the attack, Ukraine’s security and intelligence service said.

U.S. officials have repeatedly warned American companies that Russia could carry out similar attacks against them and have urged them to harden their cyberdefenses. The governments of Australia, Britain, Canada and New Zealand have issued similar warnings.

In early April, the Justice Department and the F.B.I. announced that they had acted in secret to pre-empt a Russian cyberattack by removing malware from computer networks around the world. The move was part of an effort by the Biden administration to put pressure on Russia and discourage it from launching cyberattacks in the United States. Last month, the Justice Department charged four Russian officials with carrying out a series of cyberattacks against critical infrastructure in the United States.

But so far, the Russian activity directed at the West has been relatively modest, as Chris Inglis, the national cyber director for the Biden administration, acknowledged on Wednesday at an event hosted by the Council on Foreign Relations.

“It’s the question of the moment — why, given that we had expectations that the Russian playbook, having relied so heavily on disinformation, cyber, married with all other instruments of power, why haven’t we seen a very significant play of cyber, at least against NATO and the United States, in this instance?” he asked.

He speculated that the Russians thought they were headed to quick victory in February, and when the war effort ran into obstacles, “they were distracted,” he said. “They were busy.”

Skepticism greets a bold Russian claim about war aims, based on its source.

President Vladimir V. Putin holding an online meeting of Russia’s Security Council in Moscow, on Thursday.
President Vladimir V. Putin holding an online meeting of Russia’s Security Council in Moscow, on Thursday.Credit…Mikhail Klimentyev/Agence France-Presse, via Sputnik/Afp Via Getty Images

When Gen. Rustam Minnekayev made a sweeping statement on Friday that Russia’s next military aim would be to seize Ukraine’s entire southern coast, many analysts were skeptical, based not only on the claim, but on its source.

Why would a relatively obscure military figure announce such a major shift in policy, rather than President Vladimir V. Putin, who usually makes such pronouncements, or Defense Minister Sergei K. Shoigu, or Gen. Aleksandr V. Dvornikov, the chief Russian commander for the war in Ukraine?

Residents looked on as shops burned in the Saltivka neighborhood of Kharkiv, which was attacked on Friday.

Credit…Tyler Hicks/The New York Times

Anton TroianovskiApril 22, 2022

Anton Troianovski

President Vladimir V. Putin of Russia will meet with António Guterres, the United Nations secretary general, in Moscow on April 26, the Kremlin said. Mr. Guterres made a request earlier this week for a meeting with Mr. Putin to “discuss urgent steps to bring about peace.”April 22, 2022

Marc Santora

Russia’s military paid a high price for the Kremlin’s ‘victory’ in the ruined city of Mariupol.

Russian-backed troops in front of a steel plant in Mariupol, Ukraine, on Thursday.
Russian-backed troops in front of a steel plant in Mariupol, Ukraine, on Thursday.Credit…Chingis Kondarov/Reuters

As soldiers and civilians trapped in bunkers beneath a sprawling steel plant in Mariupol issued desperate pleas for help on Friday, military analysts said that it might take days or even weeks for the heavily battered Russian forces who now control most of the city to regroup and join Moscow’s offensive in the eastern Donbas region.

The Kremlin on Thursday declared “victory” in the now ruined city even though Ukrainian forces still held the Azovstal steel plant near Mariupol’s port. President Vladimir V. Putin ordered his forces not to storm the plant but rather to block it “so that a fly cannot not pass through.”

India and Britain have called on Russia to declare an immediate ceasefire in Ukraine. Prime Minister Narendra Modi of India told reporters in New Delhi that in a meeting with his British counterpart, Boris Johnson, the two discussed the situation in Ukraine and underscored the importance of diplomacy.April 22, 2022

Jeffrey Gettleman

The world’s largest airplane is among the casualties of the war in Ukraine.

BUCHA, Ukraine — The day war broke out, one of Ukraine’s most decorated pilots stepped onto the balcony of his three-story home and felt a pain in his heart.

A battle was raging at a nearby airport, and from where he was standing, the pilot, Oleksandr Halunenko, could see the explosions and feel the shudders. The Russians were invading his country and something very specific worried him.

India and Britain have called on Russia to declare an immediate ceasefire in Ukraine. Prime Minister Narendra Modi of India told reporters in New Delhi that in a meeting with his British counterpart, Boris Johnson, the two discussed the situation in Ukraine and underscored the importance of diplomacy.April 22, 2022

Jeffrey Gettleman

The world’s largest airplane is among the casualties of the war in Ukraine.

Oleksandr Halunenko, the first pilot of Mriya, surveying damage to the world's largest cargo aircraft at the Antonov airfield in Hostomel, near Kyiv.
Oleksandr Halunenko, the first pilot of Mriya, surveying damage to the world’s largest cargo aircraft at the Antonov airfield in Hostomel, near Kyiv.Credit…Daniel Berehulak for The New York Times

BUCHA, Ukraine — The day war broke out, one of Ukraine’s most decorated pilots stepped onto the balcony of his three-story home and felt a pain in his heart.

A battle was raging at a nearby airport, and from where he was standing, the pilot, Oleksandr Halunenko, could see the explosions and feel the shudders. The Russians were invading his country and something very specific worried him.

The Lviv bus and train station is a scene of reunions and farewells, as some flee the country and many more return.

Pavlo, 38, with his daughter Eva, 6, and his wife Marianna, 37, and their dog Gucci, returning to Lviv, Ukraine, after spending a month in Poland.
Pavlo, 38, with his daughter Eva, 6, and his wife Marianna, 37, and their dog Gucci, returning to Lviv, Ukraine, after spending a month in Poland.Credit…Finbarr O’Reilly for The New York Times

The main train and bus station in Lviv bustled with people displaced by the Russian invasion on Friday, most of them women and children, but after nearly two months of war, many of those passing through the transportation hub were returning to their hometowns and villages after initially fleeing the war.

Some families were happily reuniting after weeks apart while remaining unsettled by the continued fighting, particularly in the country’s east. Pavlo, 38, embraced his daughter Eva, 6, after she returned with his wife Marianna, 37, and their dog Gucci. They had spent a month in Poland.

The train station has a shelter for women and children. Svitlana, 25, who was traveling with her two children, rested there as she prepared to return home to Zaporizhzhia. She had spent several weeks as a refugee in Poland.

Most people in the stations were going back to their homes, even if it meant returning to places like Kharkiv and Dnipro that are still being hit with airstrikes and artillery barrages.

The director general of the International Atomic Energy Agency, Rafael Mariano Grossi, will lead an expert mission to Ukraine’s defunct but dangerous Chernobyl nuclear plant on April 26, the U.N.’s nuclear monitoring agency said Friday. In a statement, it said Mr. Grossi would be helping “step up efforts to help prevent the danger of a nuclear accident during the current conflict in the country.”Claire MosesApril 22, 2022

Claire Moses

The Netherlands is planning to end its dependence on fossil fuels from Russia by the end of this year, the Dutch climate minister said. European Union officials have already started drafting an embargo on Russian oil, which will likely be put up for negotiation in the coming weeks.April 22, 2022

Nick Cumming-Bruce

The U.N. details a ‘horror story’ of abuses in Ukraine.

Volunteer cemetery workers loaded a large truck with 65 bodies to be taken for further forensic investigation in Bucha, Ukraine, this month.
Volunteer cemetery workers loaded a large truck with 65 bodies to be taken for further forensic investigation in Bucha, Ukraine, this month.Credit…Daniel Berehulak for The New York Times

GENEVA — The United Nations on Friday detailed a “horror story” of possible war crimes and abuses unfolding in Ukraine, citing indiscriminate shelling, hundreds of summary executions and the widespread devastation of civilian lives.

“International humanitarian law has not merely been ignored but seemingly tossed aside,” Michelle Bachelet, the United Nations High Commissioner for Human Rights, said in a statement.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *