Hackers have breached SyTech, a contractor for FSB, Russia's national intelligence service, from where they stole information about internal projects the company was working on behalf of the agency -- including one for deanonymizing Tor traffic.
The breach took place last weekend, on July 13, when a group of hackers going by the name of 0v1ru$ hacked into SyTech's Active Directory server from where they gained access to the company's entire IT network, including a JIRA instance.
Hackers stole 7.5TB of data from the contractor's network, and they defaced the company's website with a "yoba face," an emoji popular with Russian users that stands for "trolling."
Hackers posted screenshots of the company's servers on Twitter and later shared the stolen data with Digital Revolution, another hacking group who last year breached Quantum, another FSB contractor[1].
This second hacker group shared the stolen files in greater detail on their Twitter account, on Thursday, July 18, and with Russian journalists afterward.
FSB's secret projects
Per the different reports in Russian media, the files indicate that SyTech had worked since 2009 on a multitude of projects since 2009 for FSB unit 71330 and for fellow contractor Quantum. Projects include:
- Nautilus - a project for collecting data about social media users (such as Facebook, MySpace, and LinkedIn).
- Nautilus-S - a project for deanonymizing Tor traffic with the help of rogue Tor servers.
- Reward - a project to covertly penetrate P2P networks, like the one used for torrents.
- Mentor - a project to monitor and search email communications on the servers of Russian companies.
- Hope - a project to investigate the topology of the Russian internet and how it connects to other countries' network.
- Tax-3 -