Posted on March 23, 2020 at 5:34 PM

Russian Hackers Breached FSB Contractor, Stumble Upon IoT Botnet Plans

A recent data leak by a Russian hacking group Digital Revolution revealed some concerning information. The group hacked a contractor working for Russian national intelligence service, FSB. After the breach, hackers discovered a secret project to hack IoT devices.

In an interesting development, a Russia-based hacking group known as Digital Revolution hacked a contractor of the country’s national intelligence service, the FSB. The hackers then leaked the stolen documents, revealing details of a Fronton-IoT botnet that the FSB is setting up right now.

NEW: Hackers breach FSB contractor and leak details about IoT hacking project

› Project named "Fronton" — basically a Mirai clone (IoT botnet)
› Third FSB contractor hacked in the past 15 monthshttps://t.co/6Xq8L6IDTi pic.twitter.com/6qMarZITPm

— Catalin Cimpanu (@campuscodi) March 20, 2020

As some may know, this is not the first time that hackers are conducting attacks against FSB contractors, and another similar incident was reported in 2019. The information from this hack was even shared with the Digital Revolution group, which has conducted the new attack.

The group released as many as 12 technical documents and diagrams this week, adding some code fragments which, allegedly, belong to a project called Fronton.

What did the plans reveal?

After the hackers published the screenshots, BBC Russia was the first to publish them. Since then, ZDNet asked security researchers to interpret the screenshots, and they deduced that the stolen data describes how to create a botnet using IoT devices.

The contractor that was working on it is known as InformInvest Group CJSC. This is a company based in Russia, and it has been working for the Russian Ministry of Internal Affairs for a long time, now.

Researchers also managed to conclude that the project has been in development for at least a few years, due to the 2017 and 2018 timestamps.

It also seems that the documents were describing the creation of a botnet after being inspired by a well-known Mirai botnet, which was created out of malware-infected IoT devices in 2016. The botnet was then used for targeting internet service providers with DDoS attacks.

The botnet’s purpose remains unknown

Now, it seems that the Russian contractor was charged with creating a similar digital weapon, although it remains unknown for what purpose.

It is known that Fronton attempted to collect IoT devices for its botnet by attempting factory default login credentials, and its specs say that it should specifically target internet security cameras and digital recorders, which are the most useful for launching DDoS attacks.

The plans contain instructions that 95% of the botnet should be made out of these devices, meaning that its creators want quite a bit of firepower.