Ukraine

The Main Intelligence Directorate (GUR) of Ukraine's Ministry of Defense claims that it breached the servers of the Russian Ministry of Defense (Minoborony) and stole sensitive documents.

A press release published today on an official Ukrainian government domain describes the attack as a "special operation" carried out by GUR's cyber-specialists.

As a result of the breach, the GUR claims to have obtained sensitive documents that contain secret service information, including:

  • Software used by the Russian Ministry of Defense for protecting and encrypting data
  • An array of secret service documents from the Russian Ministry of Defense, including orders, reports, directives, and various other documents, circulated among over 2000 structural units of the ministry.
  • Information that allows establishing the complete structure of the system of the Minoborony and its links.
  • Data that helped identify senior heads of structural units of the Minoborony, as well as deputies, assistants, and specialists who used software for electronic document management called "bureaucracy."
  • Documents belonging to the Russian Deputy Minister of Defense, Timur Vadimovich Ivanov.

The press release notes that the particular minister, Ivanov, had a significant role in the success of the cyber attack, though any actual details on the operation are omitted.

Four screenshots showing database query results, log files, and documents outlining official procedures/guidelines have been posted as evidence of the alleged breach.

BleepingComputer has been unable to validate the authenticity of these screenshots and has contacted the Russian Ministry of Defense for a statement, but a comment wasn't immediately available.

Previously, the GUR has claimed unconfirmed breaches into the Russian Center for Space Hydrometeorology, aka "planeta" (планета), the Russian Federal Air Transport Agency, 'Rosaviatsia,' and the Russian Federal Taxation Service (FNS).

Two of these attacks allegedly involved data backups and database destruction aimed at operational disruption. In the latest case against Moniborony, no such claims have been made by the GUR.

Related Articles:

Russian Sandworm hackers targeted 20 critical orgs in Ukraine

US State Department investigates alleged theft of government data

HelloKitty ransomware rebrands, releases CD Projekt and Cisco data

MITRE says state hackers breached its network via Ivanti zero-days

Russian Sandworm hackers pose as hacktivists in water utility breaches