• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

McDonald’s job app exposes data of 64 Million applicants

 | 

Athlete or Hacker? Russian basketball player accused in U.S. ransomware case

 | 

U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog

 | 

UK NCA arrested four people over M&S, Co-op cyberattacks

 | 

PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda

 | 

Qantas data breach impacted 5.7 million individuals

 | 

DoNot APT is expanding scope targeting European foreign ministries

 | 

Nippon Steel Solutions suffered a data breach following a zero-day attack

 | 

Iranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliates

 | 

Hackers weaponize Shellter red teaming tool to spread infostealers

 | 

Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day

 | 

Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant

 | 

U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

 | 

IT Worker arrested for selling access in $100M PIX cyber heist

 | 

New Batavia spyware targets Russian industrial enterprises

 | 

Taiwan flags security risks in popular Chinese apps after official probe

 | 

U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

 | 

Hunters International ransomware gang shuts down and offers free decryption keys to all victims

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 52

 | 

Security Affairs newsletter Round 531 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Hacking
  • Security
  • Attack of Team GhostShell against Russian Government

Attack of Team GhostShell against Russian Government

Pierluigi Paganini November 05, 2012

Last month we have discussed on the attacks conducted by the group of hackers Team GhostShell against universities all over the world.  The group Team GhostShell claimed credit for the hack of  servers of the 100 principal universities from around the world, including Stanford, Princeton Harvard, the University of Michigan and also the Italian University of Rome.

Approach superficially the hacktivism is a great error, groups such as Anonymous have demonstrated how much dangerous could be their operations, let’s think for example to the Stratfor case and the operations conducted with Wikileaks.

Hacktivism represents a serious problem for governments and intelligence agencies, the hack of IT infrastructures and the exposure of confidential information is a serious menace. In the past Anonymous has hit several governments and law enforcement agencies such us UK gov, US gov, Japan Gov, India Gov and FBI.

This time I desire to discuss on the new operation of the Team GhostShell named #Project Blackstar conducted  by the hackers against Russian Government.

During last attack Team GhostShell leaked 2.5 millions of accounts belong to governmental, academic, political, research institutes, law enforcement, telecom and large corporations operating in different sectors such as energy and  banking.

“GhostShell is declaring war on Russia’s cyberspace, in “Project BlackStar”. The project is aimed at the Russian Government. We’ll start off with a nice greeting of 2.5 million accounts/records leaked, from governmental, educational, academical, political, law enforcement, telecom, research institutes, medical facilities, large corporations (both national and international branches) in such fields as energy, petroleum, banks, dealerships and many more. GhostShell currently has access to more russian files than the FSB and we are very much  eager to prove it. – DeadMellox”

The date leaked have been published trough different channels, in perfect Anonymous style, the hacktivist have used more of 301 different links to expose archives containing row dump file.

The data exposed came from 62 websites that are mainly from Russia but also from other countries such as Italy, Ukraine and Turkey. The data stolen from websites contains username, passwords and other user’s personal information, more over 148,000 emails and also visitation logs from websites such as metaprom.ru and others.

On Pastebin has been posted the complete list of links including an announcement to explain the reason of the attack against Russian Government.

“For far too long Russia has been a state of tyranny and regret. The average citizen is forced to live an isolated life from the rest of the world imposed by it’s politicians and leaders. A way of thinking outdated for well over 100 years now. The still present communism feeling has fused with todays capitalism and bred together a level of corruption and lack of decency of which we’ve never seen before.”

Team GhostShell accused the policy of Russian Government guilty of having established a tyranny, but the hackers accused also large companies that support decision of central government.

“Large corporations end up making the political game and with it, the future of the country. And yet, injustice is all over the world, but something did stand out from all of it. Even though the country is going through hard times and many people are starving, the Russian Government has enough resources to spend on it’s spies.

http://www.businessinsider.com/alexander-fishenko-indicted-feds-bust-houston-spy-network-accused-of-shipping-50-million-in-high-tech-electronics-to-russia-2012-10 ”  

“The average citizen is forced to live an isolated life from the rest of the world imposed by it’s politicians and leaders. A way of thinking outdated for well over 100 years now,”

This set of hacks is spread out across 301 links, many of which simply contain raw dump files uploaded to GitHub and mirrored on paste sites like Slexy.org and PasteSite.com. The files include IP addresses, names, logins, email addresses, passwords, phone numbers, and even addresses.

Analyzing the data leaked it is possible to verify that majority of information (64,885 found emails) came from http://www.corp-gov.ru followed by http://rabota-izhevsk.info.

The 2nd lot of largest sites are in the 10-20k leaked accounts and those are http://ec-univer.ru with 14,683 accounts found, http://medical.ru 13,750 accounts found and finally  http://www.psi-energo.ru with 12,836 accounts found.

An interesting analysis on the data leaked is proposed by the web site OZ Data Centa

 

 

Team GhostShell member DeadMellox wrote. Project BlackStar is the second alleged hack from Team GhostShell in the last month.

“The still present communism feeling has fused with todays capitalism and bred together a level of corruption and lack of decency of which we’ve never seen before.”

GhostShell’s latest operation was announced one day after Russia’s new “Internet blacklist bill,” Bill 89417-6, took effect. The legislation allows the Russian government to monitor internet use spying on millions of Russians on-line and to apply a questionable censorship.

In the message posted on PasteBin the hackers explicitly refer the international case of the arrest of 11 suspected Russian spies on charges of smuggling $50 million in sensitive American military electronics to Russia.

Alexander Fishenko, an owner and executive of American and Russian companies, was charged with operating as an “unregistered agent of the Russian government inside the United States by illegally procuring the high-tech microelectronics on behalf of the Russian government,” according to an FBI press release.
Despite the leaked data doesn’t contain critical information, they could be used for successive APT attacks against government. In this case it is fundamental the management of data breach, a proper response to the incident could avoid further damage.

The data leaked could also be used by foreign government in various way, for intelligence first but also to conduct successive cyber attacks, in this scenario a cyber offensive conducted by hacktivists could represent a serious danger for the homeland security … so never underestimate the cyber threat “Hacktivism”.

Pierluigi Paganini


facebook linkedin twitter

Anonymous Hacktivism Russian Government Stratfor Team GhostShell

you might also like

Pierluigi Paganini July 12, 2025
McDonald’s job app exposes data of 64 Million applicants
Read more
Pierluigi Paganini July 11, 2025
U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    McDonald’s job app exposes data of 64 Million applicants

    Hacking / July 12, 2025

    Athlete or Hacker? Russian basketball player accused in U.S. ransomware case

    Uncategorized / July 11, 2025

    U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog

    Hacking / July 11, 2025

    UK NCA arrested four people over M&S, Co-op cyberattacks

    Cyber Crime / July 10, 2025

    PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda

    Hacking / July 10, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT