Friday, June 30, 2023

Sandworm - Hacker Unit of Russia's Military Intelligence

On June 27, the Austrian paper 'Der Standard' published an article about Jewgeni Serebrjakow, prominent member of Russia's hacker group 'Sandworm'. Here some excerpts from the German language publication in the English and Chinese version:



In April 2018, Yevgeny Serebryakov and three other Russian agents are standing in a parking lot in The Hague, the Netherlands, with a lot of hacking equipment in his rental car. The men have a plan: they want to hack into the Wi-Fi in the nearby building of the Organization for the Prohibition of Chemical Weapons (OPCW). At that time, the OPCW was investigating whether the Assad regime, which was allied with Russia, had used poison gas against civilians.

But before the hackers can get started, they are surrounded by Dutch agents who had been shadowing Serebryakov and his colleagues. The Dutch confiscate the equipment – cash, mobile phones, laptops – and expel the men from the country. A few months later, the Dutch company held a press conference – and presented photos of the passports used, the rental car and a bag in which the hackers collected their garbage so as not to leave fingerprints in the hotel. It is, there is hardly any other way to put it, a public demonstration of the GRU secret service.
[GRU = Russia's military intelligence service]


Diplomatic passport used by Jewgeni Serebrjakow


2018年4月,叶夫根尼·谢列布里亚科夫和另外三名俄罗斯特工站在荷兰海牙的一个停车场,租来的车里有很多黑客设备。这些人有一个计划:他们想入侵禁止化学武器组织(禁化武组织)附近大楼的Wi-Fi。当时,禁化武组织正在调查与俄罗斯结盟的阿萨德政权是否对平民使用毒气。

但在黑客开始之前,他们被一直跟踪谢列布里亚科夫及其同事的荷兰特工包围。荷兰没收了设备——现金、手机、笔记本电脑——并将这些人驱逐出境。几个月后,这家荷兰公司举行了新闻发布会,并展示了所用护照、租车和黑客收集垃圾的袋子的照片,以免在酒店留下指纹。几乎没有任何其他方式可以说,这是 GRU 特勤局的公开展示。

However, the same Yevgeny Serebryakov now leads one of the most dangerous hacking groups in the world: Sandworms. That's a staggering increase, as sandworm forces play a central role in Russian military intelligence: Ukrainian hackers shut down the grid twice, albeit only for a brief time in 2015 and 2016. Sandworms also play an important role in Russia's war of aggression. In March, the US trade magazine Wired reported on the promotion, and soon after a document appeared on the Internet that was of particular interest to Western intelligence services: a certain Yevgeny Serebryakov's master's thesis on the title: "Information Confrontation in World Politics." In more than 90 pages and 77 footnotes, it explains the meaning behind the clumsy term "information confrontation": it is generally believed not only in Russia that information can be used as a weapon.

然而,同样的叶夫根尼·谢列布里亚科夫现在领导着世界上最危险的黑客组织之一:沙虫。这是一个惊人的增长,因为沙虫部队在俄罗斯军事情报部门发挥着核心作用:乌克兰的黑客两次关闭电网,尽管只是在 2015 年和 2016 年的短暂时间。沙虫在俄罗斯侵略战争中也发挥着重要作用。 3月,美国贸易杂志《连线》报道了这次推广,不久后,一份文件登陆了互联网,西方情报部门对此特别感兴趣:某叶夫根尼·谢列布里亚科夫的硕士论文,题目:"世界政治中的信息对抗"。在 90 多页和 77 个脚注中,它解释了笨拙的术语"信息对抗"背后的含义:不仅在俄罗斯普遍认为信息可以用作武器。


In 2020, some Chinese language publication already mentioned the Sandworm group as being targeted by US authorities:


美联社和CNN等多家美媒报道,当地时间10月19日,美国宾夕法尼亚州西部地区地方法院对6名俄罗斯黑客发出了逮捕令,被通缉的6名黑客属于Sandworm(沙虫)黑客组织,在俄罗斯情报机构的支持下,对美国公司、乌克兰能源系统、2018年韩国冬季奥运会的组织者等进行了网络攻击,导致数千台计算机瘫痪,损失约10亿美元,美国方面相信这6名俄罗斯黑客就是NotPetya勒索软件的幕后黑手。

Associated Press, CNN and other US media reported that on October 19, local time, the U.S. District Court for the Western District of Pennsylvania issued arrest warrants for six Russian hackers. The six wanted hackers belonged to the Sandworm hacker organization which is backed by Russian intelligence agencies. [They had allegedly] carried out cyberattacks on U.S. companies, Ukrainian energy systems, organizers of the 2018 Winter Olympics in South Korea, etc., paralyzing thousands of computers and costing about $1 billion. The U.S. believes the six Russian hackers are behind the NotPetya ransomware.





Leaked IT contractor files detail Kremlin's stockpile of cyber-weapons: The NTC Vulcan Files.
How the 'Washington Post' got their hands on the Vulcan files, leaked from Russia's IT giant.

No comments: