According to Ukrainian news outlets, the Main Intelligence Directorate of Ukraine’s Ministry of Defense (GUR) claims that it has hacked Tupolev – a Russian aerospace and defence company which develops Russia’s supersonic tactical bombers. According to Ukrainian media outlets, a GUR source said that military intelligence hackers had breached Tupolev’s systems and stolen 4.4 gigabytes worth of classified information. This data includes personal information of Tupolev employees, internal communications, including messages exchanged between the company’s management, procurement documents, resumes and designs of engineers, and minutes from closed meetings. The source did not disclose the date of the breach, but said that the HUR hackers had been inside Tupolev’s network for some time. This was enough to collect information which could be used to compromise other organizations within Russia’s defense sector. The anonymous source said
“The value of the data obtained is hard to overstate. There is now virtually nothing secret left in Tupolev’s operations as far as Ukrainian intelligence is concerned,” that the HUR hackers were inside Tupolev’s network for a long time, enough to collect other information that could be used in future operations to compromise other organizations in Russia’s defense sector. Kyiv Post
“We now have comprehensive information on individuals directly involved in maintaining Russia’s strategic aviation. The effects of this operation will be felt both on the ground and in the skies.”
The group also defaced Tupolev’s official website, adding an image of an airplane in the claws of an owl. The website redirects at the moment to the United Aircraft Corporation’s (UAC) site, a state-owned corporation created in 2006 to combine aircraft manufacturers Tupolev Mikoyan Ilyushin Irkut Sukhoi and Yakovlev into a single brand.
When contacted by BleepingComputer today, a spokesperson for United Aircraft Corporation was not immediately available to comment.
The operation was carried out by Ukraine’s Security Service, the SBU which used first-person-view drones to strike 41 warplanes on four Russian airfields. These included A-50 surveillance aircraft and Tu-160s, Tu-22s, and Tu-95s Strategic Bombers. GUR had previously claimed that it had breached the servers of Russia’s Ministry of Defense (Minoborony), and stolen sensitive documents containing information about the secret service.
Ukraine’s military intelligence also claims unconfirmed breaches in the Russian Federal Air Transport Agency (Rosaviatsia), Russian Center for Space Hydrometeorology and the Russian Federal Taxation Service (FNS). GUR claimed that in two of these attacks its operatives also deleted servers and databases storing backup data to cause additional operational disruption.
Ukrainian hackers have also targeted Russian organizations since Russia invaded Ukraine on February 14, 2014. In January, the Ukrainian Cyber Alliance group hacked Russian internet service provider Nodex, wiped backups and compromised systems, and then hacked into the Russian government’s Ministry of Defense. UCA cyber activists also claim that they have breached other Russian entities including Vladimir Putin’s adviser Vladislav Sukovthe Russian Ministry of Defense, the Donetsk People’s Republic’s Ministry of Coal and Energy, and the Commonwealth of Independent States Institute (financed by Russian state company Gazprom). Why IT teams are abandoning manual patch management
It’s slow and error-prone. Join Kandji and Tines on the 4th of June to learn why old methods are not effective. See how modern teams are using automation to patch faster, reduce risk, stay compliant and skip the complicated scripts.
