Hackers have successfully breached the server of the Moscow-based company SyTech, a major IT contractor for Russia’s Federal Security Service (FSB), BBC reports.
The hack took place on 13 July 2019. SyTech’s website was replaced by a “Yoba Face”, a meme of a large yellow face with a broad smile that is widely used by hackers as a sign that they have gained access to the victim’s data.
A screenshot of the Yoba Face appeared on the Twitter account Ov1ru$, which was registered on the day of the attack. They also posted screenshots of folders that presumably belong to the victim’s computer. One of them shows that there is a total of 7.5 terabytes of information. The following image shows that most of the data has already been deleted.
The hackers also published screenshots of SyTech’s internal network, with the names of the various projects (Arion, Relation, Hryvna and others) and the staff members responsible for them.
SyTech has worked on at least 20 classified IT projects for Russia’s security services and departments. Most projects were commissioned by military unit No. 71330, part of the FSB’s 16th Directorate, which handles electronic intelligence.
One of the projects is to de-anonymize the Tor browser. The Nautilus-S system developed by the company can track when a user sends requests through Tor and try to determine where they are going. The goal is to create a database of Tor users.
A previous version of Nautilus was designed to collect information about users of Facebook, MySpace and LinkedIn.
SyTech has also looked for vulnerabilities in the BitTorrent protocol, Jabber, Open FT and ED2K, and its “Mentor” program is designed to monitor emails.
One of the most recent projects, the Tax-3 program, makes it possible to manually remove information about entities under state protection from the Federal Tax Service’s information system.
All of the projects were developed during different periods, starting in 2009.
SyTech is directed by Denis Vyacheslavovich Krayushkin. A person with the same name and surname works at the Kvant Research Institute.