Posted on April 11, 2023 at 9:15 AM

Ukraine’s Cyber Resistance group says it hacked a Russian spy indicted by the FBI

Hackers based in Ukraine have claimed to obtain unauthorized access to the emails of a senior spy in the Russian military. The Federal Bureau of Investigations currently wants the spy for compromising the Hillary Clinton campaign and infiltrating the accounts of other top US Democrats.

Ukrainian hackers compromise Russian spy behind 2016 Democrats hack

The hack happened just before Donald Trump’s presidential election in 2016. A cybersecurity group known as Cyber Resistance shared a message on Telegram saying it accessed correspondence from LT. Col. Sergey Morgachev faced charges in 2018 for being behind the hacking attack.

The group said that Morgachev helped to organize the hacking attack and leaked the emails from the Clinton presidential campaign and the Democratic National Committee (DNC). There has been no evidence to support the claims made by this hacker group.

However, some of the personal information believed to belong to Morgachev, which was shared with a Ukrainian publication known as InformNapalm, is similar to data that was previously leaked and preserved by the cybersecurity research platform known as Constella Intelligence

Stefan Soesanto, one of the researchers at the Swiss Federal Institute of Technology based in Zurich, noted that the leaked data appeared credible. The researcher, who has conducted several studies on Ukrainian hacking groups, noted that InformNapalm had a history of verifying data obtained from hackers.

InformNapalm shared an article on this exploit, saying that it had confirmed the real identity of Morgachev. It did this by scrutinizing his personnel files and a resume that the threat actors stole. Among the stolen documents was a document that identified Soesanto as a department head in Unit 26165, which is the position the FBI accused him of holding in 2018 when hacking charges against him were brought up.

There has not been any communication from Morgachev to acknowledge or deny this hack. He is believed to be employed at the sanctioned Saint Petersburg-based Special Technology Center, but the institution has not shared any information from Morgachev about the hack. The Russian embassy in Washington and the FBI have not shared statements.

The hackers have also not shared details on the kind of information they could steal or how relevant this information was. However, if the hackers managed to get crucial information, it could hold clues into Russian hacking operations, including the breach against Clinton and the Democrats.

The indictment signed by the FBI against Morgachev described him as an officer within the Russian military spy agency GRU. The bureau had said that the GRU department that Morgachev worked for was committed to creating and managing malware. The FBI further attributed GRU to the “X-Agent” spy software used to infiltrate the DNC.

The Cyber Resistance Group is among the Ukrainian hacker groups that have gained a significant global presence since Russia invaded Ukraine in 2022. Other Ukrainian hacker groups have also been actively promoting their activities in retaliation to the invasion.

In the recent message about the theft of Morgachev’s data, the hacker group described the Russian spy as “a very cool and clever hacker, but… We hacked him.”

Russian hacktivist groups intensify activities

Russian hacktivist groups have also launched malicious campaigns as part of the ongoing tussle between Russia and Western countries. KillNet is one of the most renowned Russian hacking groups, and it has been linked to multiple distributed denial-of-service (DDoS) attacks against Western targets.

The KillNet hacking group has been linked to multiple DDoS campaigns across the US, with some of these attacks targeting individual states, the US Treasury, and even healthcare institutions.

The website of NATO was also targeted by a DDoS campaign that compromised some of its services. The campaign happened around the same time as rescue efforts in the Turkey earthquake were ongoing. Some claims reported that the hack had led to some rescue efforts facilitated by NASA being compromised.

Recent claims have said that Zarya, a Russian-speaking hacking group, infiltrated the computer network of an unknown Canadian gas distribution facility in February. The reports claim that after the hacking group gained access, they sent screenshots to the Russian FSB intelligence agency.

The Russian government has previously been accused of using cybercriminal groups to conduct its hacking campaigns. Suing cybercriminals to conduct espionage campaigns usually absolves the country of any responsibility.