It’s the National Flag Day of Ukraine (checks international date line, realizes one is late, shrugs, and continues because fuckit, it’s 2022) and to celebrate, the IT Army of Ukraine and hacktivist allies 2402 Team have scored a brace of victories on the interwebs.
First up, the target list from yesterday, focused on money transfer infrastructure in Russia, has been extremely successful, with both main targets announcing outages within an hour of attack launch. Those attacks continue, and the target lists are being updated as time goes on, so check the ITAU site for more information. So far, so standard.
Today they also released, on their YouTube channel (yes, it’s really them), a video of one particular civilian Russian occupier in Crimea, Anastasia Yarina, who was sadly unable to receive a parcel she expected from eastern Russia. Why?
It seems that back on August 8, ITAU announced attacks against the Russian post office, in retaliation for Russian soldiers using it to send looted Ukrainian property back to Russia. The attack, shared with hacktivists around the world via their Telegram channel and attack tools, was extremely successful, taking the post office entirely offline for two full days. With the post office down, nothing could move either into or out of Russia.
As they mention, two entire days of complete outage is an eternity for such a large organization. To put it in perspective: when the Paypal 14 participated in a DDoS attack against Paypal as part of #OpPayback of Anonymous, the company claims that the website had no downtime at all, and that their processing might have slowed down somewhat, but not enough that users would have noticed. Nonetheless, the hacktivists were charged with two felonies each, possibly resulting in jail terms of a collective 15 years and fines of up to $500,000. Ultimately The Paypal 14 were found guilty of misdemeanors, but nonetheless sentenced to pay a collective fine of $86,000, for zero downtime.
Back to the hapless Anastasia. Unlucky name then, unlucky name now. Because for the IT Army of Ukraine, this time it’s personal. She’s an active social media user, toeing the Putinist line and touting the occupation of Crimea and celebrating the deaths of Ukrainians, even Ukrainian children. That makes her ordinary, rather than unique, but when an Internet Hate Machine decides to make an example of you, your previously ordinary life, uh, ceases to be dull. Is one way to put it.
Such people will not have a peaceful life, either during the war or after.
We’ll take care of it.
IT Army of Ukraine
In related news, ITAU-supporting hacktivist crew 2402Team has managed to gain access to the cloud storage of Andrey Bloshchetsov. Unlike the basically-chosen-at-random Yarina, Bloshchetsov is the founder and technical director of “Right Line”, a fintech company serving Russian and Belarusian banks. And it’s now squarely in the sights of 2402 team, according to their statement on Telegram.
It’s 04:00 AM now! The time when the rashists began to bomb Ukraine.
We will start our story with ordinary slaves, slaves of the rf, who keep money in rashist banks.
Slaves wake up! Otherwise we’ll have to wake you up!
For all hackers and specialists in information security IT – work brothers!
List of banks – whose clients’ money will go to ZSU!.
NOW a Day of the National Flag of Ukrainehttps://rtln.ru/ – hacked & leaked by 2402 team
Tinkoff Bank
OTPbank
Rosgosstrakh Bank
Avers Bank
Agroros Bank
DOM.RF Bank
Bank Kazan
Metallinvest Bank
MS Bank Rus
Renaissance Credit
Cetelem Bank
Surgutneftegazbank
Uralfinance Bank
Centerinvest Bank
Chelindbank
SDM-Bank
ANOR Bank
Universal Bank
Ravnak
Alif Bank
Dushanbe City Bank
International Bank of Tajikistan
Commerzbank
Imon Bank
Orienbank Bank
Humo Bank
MDO Martin Bank
Kompanion Bank
CB KYRGYZSTAN (CBK)
FINCA BANK
EVOCABANK
and other…а также криптокошельки и другие системы и сервисы связанные с деньгами.
rashka_2402 on Telegram
//as well as crypto wallets and other systems and services related to money.
About 2402 Team little is known. Well, pretty much nothing, although you can buy an NFT of Psychedelic Hacker 2402 pretty cheap. The announcement from ITAU is below. It is entirely possible that they are a front for state-sponsored hackers, likely of some country other than Ukraine. Here’s why I say that:
- In Ukraine it’s anything but illegal to hack Russians, and Ukrainian government hackers are being touted as heroes. So, nobody in Ukraine needs to hide that they’re hacking Russians unless they’re in occupied territory. So it’s almost certainly not Ukrainians. If it’s Ukrainians in occupied territory, well I hope their affairs are in order; a false flag name is not going to do a damn thing to protect them.
- In Ukrainian allied countries, it’s technically illegal to hack Russia, but by and large law enforcement is turning a blind eye to the nightly calls for DDoS. Hacking banks and leaking financial information, possibly impacting millions of people, however, is on a whole ‘nother level, and if a government cyberforce wanted to do so, it would need to hide behind some sort of cover. After all, there’s that party with the Russian ambassador coming up, and the diplomacy show must go on after the war.
- But Russia won’t be inclined to let this go, assuming Russia survives as an entity (up in the air at this time, like so many Russian ammo caches). It won’t pursue 400,000 Telegram users who may or may not have DDoS’d it, but it will certainly pursue anyone who hacks and leaks masses of financial data. And if it finds out a government did it, that country and Russia are going to Have Words. And nobody wants those words. So, very often, governments will use false flags like “Random Team Haxxorz Totes Not Gubmint” to hide behind.
- Which may or MAY NOT be the case here. We don’t know. Just putting it out there because it needs to be said.
- And everyone needs to keep in mind at all times that hacktivism against Russia, while a good thing as long as Putin is in charge, is still technically a crime, and governments sometimes turn a blind eye when it suits them, but sometimes they also don’t. So remember, OPSEC is everything. Tor first, then VPN, then sail safe when you’re participating in #OpRussia.
- /end rant
Here’s the ITAU announcement of the leak:
❤️🇺🇦 Happy National Flag Day of Ukraine!
We continue the topic of the russian banking system and share the result of another successful operation. Cyber warriors of the IT Army gained access to the cloud file storage of Andrey Bloshchetsov, founder and technical director of the russian fintech company “Right Line”, which serves russian and Belarusian banks. In the archives, more than 500 gb, you can find source code, documents and many other interesting things. All links are in the attached file.
❤️🇺🇦 З Днем Державного Прапора, Україно!
Продовжуємо тему російської банківської системи та ділимося результатом ще однієї вдалої операції. Кібер-воїни IT-Армії отримали доступ до хмарного файлового сховища Андрія Блощецова, який є засновником та технічним директором російської фінтех компанії “Right Line”, що обслуговує низку російських та білоруских банків. В архівах, які сумарно досягають більше 500 гб, можна знайти вихідний код, документи та багато інших цікавинок. Всі посилання розміщені нижче в файлі
ITAU on Telegram
And the file, while it lasts, is also on their Telegram.
Meanwhile, Russian ammunition storage units continue to commit suicide at an astonishing rate.
Categories: 2402 Team, Banks, Cyberwar, DDoS, Hackers, Hacktivism, IT Army of Ukraine, Leaks, OpRussia, Russia, Ukraine, War
The Cryptosphere 
Well, tell us what you think!