• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Pro-Ukraine hacktivists claim cyberattack on Russian Airline Aeroflot that caused the cancellation of +100 flights

 | 

Seychelles Commercial Bank Reported Cybersecurity Incident

 | 

Microsoft uncovers macOS flaw allowing bypass TCC protections and exposing sensitive data

 | 

U.S. CISA adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog

 | 

Critical WordPress Post SMTP plugin flaw exposes 200K+ sites to full takeover

 | 

Scattered Spider targets VMware ESXi in using social engineering

 | 

China-linked group Fire Ant exploits VMware and F5 flaws since early 2025

 | 

Allianz Life data breach exposed the data of most of its 1.4M customers

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 55

 | 

Security Affairs newsletter Round 534 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Law enforcement operations seized BlackSuit ransomware gang’s darknet sites

 | 

Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme

 | 

Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

 | 

Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

 | 

Koske, a new AI-Generated Linux malware appears in the threat landscape

 | 

Mitel patches critical MiVoice MX-ONE Auth bypass flaw

 | 

Coyote malware is first-ever malware abusing Windows UI Automation

 | 

SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks

 | 

DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

 | 

Stealth backdoor found in WordPress mu-Plugins folder

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Hacking
  • Security
  • Attack of Team GhostShell against Russian Government

Attack of Team GhostShell against Russian Government

Pierluigi Paganini November 05, 2012

Last month we have discussed on the attacks conducted by the group of hackers Team GhostShell against universities all over the world.  The group Team GhostShell claimed credit for the hack of  servers of the 100 principal universities from around the world, including Stanford, Princeton Harvard, the University of Michigan and also the Italian University of Rome.

Approach superficially the hacktivism is a great error, groups such as Anonymous have demonstrated how much dangerous could be their operations, let’s think for example to the Stratfor case and the operations conducted with Wikileaks.

Hacktivism represents a serious problem for governments and intelligence agencies, the hack of IT infrastructures and the exposure of confidential information is a serious menace. In the past Anonymous has hit several governments and law enforcement agencies such us UK gov, US gov, Japan Gov, India Gov and FBI.

This time I desire to discuss on the new operation of the Team GhostShell named #Project Blackstar conducted  by the hackers against Russian Government.

During last attack Team GhostShell leaked 2.5 millions of accounts belong to governmental, academic, political, research institutes, law enforcement, telecom and large corporations operating in different sectors such as energy and  banking.

“GhostShell is declaring war on Russia’s cyberspace, in “Project BlackStar”. The project is aimed at the Russian Government. We’ll start off with a nice greeting of 2.5 million accounts/records leaked, from governmental, educational, academical, political, law enforcement, telecom, research institutes, medical facilities, large corporations (both national and international branches) in such fields as energy, petroleum, banks, dealerships and many more. GhostShell currently has access to more russian files than the FSB and we are very much  eager to prove it. – DeadMellox”

The date leaked have been published trough different channels, in perfect Anonymous style, the hacktivist have used more of 301 different links to expose archives containing row dump file.

The data exposed came from 62 websites that are mainly from Russia but also from other countries such as Italy, Ukraine and Turkey. The data stolen from websites contains username, passwords and other user’s personal information, more over 148,000 emails and also visitation logs from websites such as metaprom.ru and others.

On Pastebin has been posted the complete list of links including an announcement to explain the reason of the attack against Russian Government.

“For far too long Russia has been a state of tyranny and regret. The average citizen is forced to live an isolated life from the rest of the world imposed by it’s politicians and leaders. A way of thinking outdated for well over 100 years now. The still present communism feeling has fused with todays capitalism and bred together a level of corruption and lack of decency of which we’ve never seen before.”

Team GhostShell accused the policy of Russian Government guilty of having established a tyranny, but the hackers accused also large companies that support decision of central government.

“Large corporations end up making the political game and with it, the future of the country. And yet, injustice is all over the world, but something did stand out from all of it. Even though the country is going through hard times and many people are starving, the Russian Government has enough resources to spend on it’s spies.

http://www.businessinsider.com/alexander-fishenko-indicted-feds-bust-houston-spy-network-accused-of-shipping-50-million-in-high-tech-electronics-to-russia-2012-10 ”  

“The average citizen is forced to live an isolated life from the rest of the world imposed by it’s politicians and leaders. A way of thinking outdated for well over 100 years now,”

This set of hacks is spread out across 301 links, many of which simply contain raw dump files uploaded to GitHub and mirrored on paste sites like Slexy.org and PasteSite.com. The files include IP addresses, names, logins, email addresses, passwords, phone numbers, and even addresses.

Analyzing the data leaked it is possible to verify that majority of information (64,885 found emails) came from http://www.corp-gov.ru followed by http://rabota-izhevsk.info.

The 2nd lot of largest sites are in the 10-20k leaked accounts and those are http://ec-univer.ru with 14,683 accounts found, http://medical.ru 13,750 accounts found and finally  http://www.psi-energo.ru with 12,836 accounts found.

An interesting analysis on the data leaked is proposed by the web site OZ Data Centa

 

 

Team GhostShell member DeadMellox wrote. Project BlackStar is the second alleged hack from Team GhostShell in the last month.

“The still present communism feeling has fused with todays capitalism and bred together a level of corruption and lack of decency of which we’ve never seen before.”

GhostShell’s latest operation was announced one day after Russia’s new “Internet blacklist bill,” Bill 89417-6, took effect. The legislation allows the Russian government to monitor internet use spying on millions of Russians on-line and to apply a questionable censorship.

In the message posted on PasteBin the hackers explicitly refer the international case of the arrest of 11 suspected Russian spies on charges of smuggling $50 million in sensitive American military electronics to Russia.

Alexander Fishenko, an owner and executive of American and Russian companies, was charged with operating as an “unregistered agent of the Russian government inside the United States by illegally procuring the high-tech microelectronics on behalf of the Russian government,” according to an FBI press release.
Despite the leaked data doesn’t contain critical information, they could be used for successive APT attacks against government. In this case it is fundamental the management of data breach, a proper response to the incident could avoid further damage.

The data leaked could also be used by foreign government in various way, for intelligence first but also to conduct successive cyber attacks, in this scenario a cyber offensive conducted by hacktivists could represent a serious danger for the homeland security … so never underestimate the cyber threat “Hacktivism”.

Pierluigi Paganini


facebook linkedin twitter

Anonymous Hacktivism Russian Government Stratfor Team GhostShell

you might also like

Pierluigi Paganini July 29, 2025
Pro-Ukraine hacktivists claim cyberattack on Russian Airline Aeroflot that caused the cancellation of +100 flights
Read more
Pierluigi Paganini July 29, 2025
Seychelles Commercial Bank Reported Cybersecurity Incident
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Pro-Ukraine hacktivists claim cyberattack on Russian Airline Aeroflot that caused the cancellation of +100 flights

    Hacktivism / July 29, 2025

    Seychelles Commercial Bank Reported Cybersecurity Incident

    Data Breach / July 29, 2025

    Microsoft uncovers macOS flaw allowing bypass TCC protections and exposing sensitive data

    Hacking / July 29, 2025

    U.S. CISA adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog

    Security / July 28, 2025

    Critical WordPress Post SMTP plugin flaw exposes 200K+ sites to full takeover

    Security / July 28, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT