Russian hacktivist groups appear to be collaborating with Russia’s military intelligence agency GRU as part of the war in Ukraine, evidence from researchers at Google-owned security firm Mandiant has revealed.
A new report by Mandiant, which was acquired by Google earlier this month, identifies three hacktivist groups — online vigilante groups trying to disrupt organizations for political gain — that its analysts believe are actively working with the GRU to target the allies to attack Ukraine.
The report, the results of which were first published in Wall Street Journal, says that the current cybercrime situation in Russia is unprecedented. “We have never seen such a volume of cyberattacks, a variety of threat actors, and a coordinated effort within the same months,” it said.
Is Russia’s GRU Working With Hacktivist Groups?
Mandiant researchers have identified four instances where GRU cyberattacks appear to have been coordinated with hacktivist activity.
On every occasion, GRU-affiliated hackers have installed wiper software on victim’s systems to disrupt networks and steal information. Within 24 hours of each attack, hacktivist groups were seen leaking data stolen in the attacks online.
The report identifies a trio of pro-Russian hacktivist gangs – XakNat Team, Infoccentr and CyberArmyofRussia_Reborn – as involved in these incidents.
John Hultquist, Mandiant’s vice president of intelligence analysis, said the groups “cannot be taken lightly.” He told that WSJ that their ties to the GRU “are hard to ignore and they suggest the relationship is not accidental”.
Russia’s War in Ukraine and the Return of Hacktivism
Cybersecurity experts suspect Russian hackers of working closely with the government since the beginning of the war in Ukraine. Several prominent hacker groups have spoken out in support of Vladimir Putin’s regime, and analysts say such public declarations of allegiance can help the gangs ingratiate themselves with Russian police.
Content from our partners
Hacktivists have also come to the aid of Ukraine. At the start of the war, Ukraine’s digital transformation minister, Mykhailo Fedorov, called on anyone with “digital talent” to join what he called an “IT army.” A Telegram group set up for the initiative quickly grew to more than 34,000 members, and this week it was reported that the IT Army had stolen personal information from mercenaries employed by the Wagner Private Military Company, a Russian organization, for taking part in the war were recruited.
While these actions can aid the war effort, the unpredictability of hacktivists means they can inadvertently undermine other cybersecurity operations. At the CyberUK conference earlier this year, the NSA’s head of cybersecurity, Rob Joyce, said the IT Army was “trying to do the noble thing” but warned its actions could be problematic for security services.