Russian hacker group XakNet has claimed to hack the Ukrainian Ministry of Finance. The threat group posted the claim on the Telegram channel, roughly translated as the “Military correspondents of the Russian spring”.
The Cyber Express contacted dark web researchers at two cybersecurity companies to verify the claims. They were yet to confirm the authenticity of the posts at the time of publishing this article.
The Telegram channel managers have claimed that the operation lasted for several months, in which hackers accessed more than a million documents. The latest attack comes days after the same group’s claim of assaulting the energy sector in Ukraine.
XakNet, Killnet, Russia, and Ukraine
In total, the hackers managed to extract more than a million files with electronic documents and gain access to the e-mails of officials, claim the Telegram group administrators. The data was divided into several archives. “Soon they will be handed over to publications for research, and then laid out in the public domain,” goes the rough translation of the post.
“For several months, we have been compromising the enemy’s infrastructure step by step, studying how everything works, downloading documents along our way,” the hackers wrote in the Telegram channel in Russian, adding that the Ukrainian government would learn about the details and the damage caused only when the information would be made public.
Previously, Russian Killnet hackers had also attacked the Starlink services of Tesla and SpaceX founder Elon Musk. Killnet has threatened to dump tons of gigabytes of digital junk into Starlink’s database in this case.
The Kremlin Connection
Xaknet has been in the cybersecurity news for its targeted attacks on Ukrainian facilities. According to Mandiant, XakNet has close ties to the GRU, Moscow’s military intelligence service.
“We assess with moderate confidence that moderators of the purported hacktivist Telegram channels “XakNet Team,” “Infoccentr,” and “CyberArmyofRussia_Reborn” are coordinating their operations with Russian Main Intelligence Directorate (GRU)-sponsored cyber threat actors,” said a Mandient threat assessment report.
“Our assessment is based in part on the deployment of GRU-sponsored APT28 tools on the networks of Ukrainian victims, whose data was subsequently leaked on Telegram within 24 hours of wiping activity by APT28, as well as other indicators of inauthentic activity by the moderators and similarities to previous GRU information operations,” it added.
Since Russia’s invasion of Ukraine started, the latter has received multiple cyberattacks from prolific threat actors. The Russian hacker groups are targeting the country’s entry resources and electricity grids to gain an edge in the ongoing conflict.
Several third-party members joined the cyberwarfare in the initial weeks of the conflict. The notorious hacktivist group Anonymous also jumped into the warfare and claimed to commence a “cyber war” against the Russia-based hacking group Kremlin. The hacktivist group then brought down several government websites and news agencies websites to show support for Ukraine.
According to online threat researcher Cyberknow, there are currently 81 groups on the fray, of which 36 are pro-Ukraine and 40 are pro-Russia. The researcher has spotted five other groups involved in cyber-attacks in the region, whose allegiance is unknown.
