Profile picture
, 11 tweets, 6 min read Read on Twitter
Сайтэк a national Russian defense contractor has been hacked according several sources. The @0v1ruS seems to be the threat actor behind that.
The announcement say there's more than 7,5 Terabytes of stolen information. This leak includes several Russian state projects.
1/9
Screenshots from the threat actor indicates an attack against sytech[.]ru infrastructures and the access of their internal Jira.
It's showing the account used to compromise the company network : "tarasov" was used against an Active Directory under Windows Server 2008 (R2?).
2/9
A file is uploaded "DuSYKLBE[.]exe.
After that they gained the NT AUTHORITY / SYSTEM Acces on the machine named "AD2008"
3/9
They gained an access to the email server too where they showed the emails addresses in use in the sytech[.]ru domain.
4/9
They gained an Administrator access to the Jira (jira[.]stretch[.]ru and screenshot the projects page.
5/9
We can see they were connected to TITAN Windows server too.
Not confirmed but I would say it's a 2008 Windows server 2008 too.
They've showed first the disks as it and second the hard drive empties, cleaned probably after copying the content.
6/9
These screenshots are from Active Directory Users sytech[.]ru OU before and after the cleaning operation.
7/9
And the last one is an deface of the www[.]sytech[.]ru website. With a YOBA (Youth Oriented, Bydlo-Approved) Face , also known as ПеКа-фейс which is frequently used by russian trolls on different forums.
8/9
From screenshots, tools used:
- proxychains (proxychains.sourceforge.net)
- PSExec (docs.microsoft.com/en-us/sysinter…)
- ticketer[.]py (impacket script - based on the work of @gentilkiwi - by @agsolino github.com/SecureAuthCorp…)
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to SwitHak
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!