[German]Hack the hackers: Hackers have succeeded in hacking a contractor of the Russian national secret service FSB. The hacker group has now released details of the Fronton-IoT botnet that FSB is currently setting up.
Advertising
Hackers have succeeded time and again in hacking contractors of the Russian national secret service FSB. In 2019 I had reported such an incident in the German blog post Gruppe '0v1ru$' hackt Auftragnehmer des russischen FSB. At that time the hackers had shared the information with the Digital Revolution group.
FSB IoT Botnet Fronton
Now I came across a similar case at ZDNet.com. The Russian hacker group Digital Revolution claims to have hacked an FSB contractor. They discovered details of a project designed to hack Internet of Things (IoT) devices.
NEW: Hackers breach FSB contractor and leak details about IoT hacking project
› Project named "Fronton" — basically a Mirai clone (IoT botnet)
› Third FSB contractor hacked in the past 15 monthshttps://t.co/6Xq8L6IDTi pic.twitter.com/6qMarZITPm— Catalin Cimpanu (@campuscodi) March 20, 2020
This week the group released 12 technical documents, diagrams and code fragments for a project called "Fronton". BBC Russia reported the information probably for the first time at the beginning of last week. ZDNet, together with BBC Russia, was able to view the documents first hand.
Based on the screenshots captured by the hacker group and an analysis by security researchers, ZDNet believes that they describe the basics of building an IoT botnet as part of the Fronton project. The Fronton technical documents were compiled following a procurement order from an internal department of the FSB, Unit 64829, also known as the FSB Information Security Centre.
Advertising
The documents commission InformInvestGroup CJSC, a Russian company with a long history as a contractor to the Russian Ministry of the Interior, to build an IoT hacking tool. According to the BBC, InformInvestGroup appears to have subcontracted the project to Moscow software company ODT (Oday) LLC, which Digital Revolution is said to have hacked in April 2019. So outsourcing is also practiced in intelligence circles.
On the basis of the file data, the project appears to have been put together in 2017 and 2018. The documents refer largely to and are inspired by Mirai, an IoT malware that was used in late 2016 to build a massive IoT botnet that then launched devastating DDoS attacks against a variety of targets, from ISPs to major ISPs.
The documents suggest that a similar IoT botnet should be established and made available to the FSB. According to the specifications, the Fronton botnet would be capable of performing password dictionary attacks against IoT devices that still use the factory default logins and common username/password combinations. Once a password attack was successful, the device would be integrated into the botnet.
According to Fronton's specifications, the botnet should specifically target Internet surveillance cameras and digital video recorders (NVRs), which they consider ideal for performing DDoS attacks. More details can be found in this ZDNet article.
