Hackers Attacked Website of the Ministry in Russia, and Rostelecom Leaked Employee Data

Written by Emma Davis

Last weekend, hackers successfully attacked and defaced the website of the Ministry of Construction, Housing and Communal Services of Russia.

The hackers defaced the resource, changed the site’s title to a slogan with a Ukrainian greeting, and left a message on the main page saying that the site had been hacked by the DumpForums[.]com group.

Let me remind you that we also wrote that NB65 group attacks Russia with the modified Conti ransomware, and also that Hackers Attack Russian Defense Contractor Through MHTML Bug.

In the note, the attackers demanded to pay a ransom of 0.5 bitcoin until June 7, 2022, otherwise threatening to publish the data of the ministry’s employees in the public domain.

The entire database has been exported and will probably appear on our forum soon.the hackers wrote.

According to Data Leakage & Breach Intelligence (DLBI) specialists, the data of registered users from the hacked Bitrix CMS was “leaked”. As evidence, the hacker provided a file containing 115,993 lines, including full name, logins, email addresses, hashed passwords (MD5 with salt) and registration dates from 08/14/2014 to 05/08/2022.

Hackers attacked the website of the Ministry

At the same time, representatives of the ministry told the media that nothing threatens user data and that they are protected.

The personal data of our website are protected and regularly monitored, there is no threat to them, they are safe.the representative of the Ministry of Construction assured.

Information security specialists noticed that a table of internal accounts of Rostelecom was published on the darknet. The company confirmed the fact of leakage of data from internal accounts, and assured that the possibility of external penetration into the infrastructure is excluded.

Yesterday, Data Leakage & Breach Intelligence (DLBI) specialists reported that the same source that recently distributed dumps of the Skolkovo School of Management, the Yakut portal Ykt.Ru, and the Delivery Club delivery service, published a table of Rostelecom’s internal accounts on the darknet.

The dump includes 109,300 lines, which contain: full name, email addresses in the rt.tu domain and subdomains, position data, phone numbers (work and mobile), login and domain, record creation date (from 19.01.2021 to 15.12 .2021), signs of a dismissed and active employee.

Hackers attacked the website of the Ministry

Rostelecom representatives reported that the company is already conducting an audit on the fact of leakage of data from internal accounts, and the possibility of external penetration into the infrastructure is excluded.

We are aware of the information that appeared in the Telegram channels. We check for involvement in the incident of one of the former employees, who in December 2021 copied part of the internal telephone directory. An investigation is underway. There is no talk of external penetration into the company’s systems.the press service said.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply