For the first time in known history, hackers from within Russia have begun a systemized effort to hack Russian government affiliated websites.
Earlier today, Oct. 2, Kyiv Post was contacted by hackers who identified themselves as part of the National Republican Army (NRA). As Kyiv Post has reported before, the NRA is an organization of Russian citizens seeking the overthrow of the Putin Government.
The NRA hackers explained to Kyiv Post that they had executed an advanced ransomware attack on the network of Unisoftware, a Russian software development company known for the development and implementation of web applications, desktop systems, cloud, and API solutions.
While communicating with Kyiv Post, the NRA member stated that their primary motivation was “Putin needlessly sending our young men to die in an unjust war waged against Ukraine that has resulted in the slaughter of innocent civilians, including women and children.”
Corroborating what the NRA member told Kyiv Post, proof provided by the hackers of their work, including screenshots of the ransomware attack, identified clearly by the extension .t73 on several of the files as well as the standard decryption instructions file produced on the machines.
The NRA hackers claimed to have stolen copies of all of Unisoftware’s data, including but not limited to: credentials for bank accounts and personal accounts, sensitive employee information, phone numbers, addresses, contracts, and proprietary code for Unisoftware’s clients and software. The group has threatened to release the data and all obtained information if not paid promptly by Unisoftware.
Kyiv Post was able to validate the authenticity of the data stolen as being from Unisoftware and was able to review what appeared to be data from several of Unisoft’s Russian Government clients. When asked about secondary access, the hackers declined to comment, however, according to open sources, The Federal Tax Service, the Ministry of Finance of the Russian Federation, and the Central Bank of Russia are among the list of Unisoftware’s clients.
At this time there’s no clear indication of how much access the hackers have to Unisoftware’s environment, but one of the hackers said, “It’s funny because they tried to kick us out and fix the machines. They don’t understand that we are still there, and have been there for months, and will continue to terrorize them for helping maintain the Putin Regime.”
Another of NRA member mocked Unisoftware’s urgent efforts to salvage their data, saying, “Go ahead. Change your passwords and try to restore your data. We’ve stolen your passwords each and every time. We think we have enough data at this time to make your lives very difficult if you do not pay us.”
Kyiv Post did not receive a response regarding other associated attacks.