Moscow civil servant and politicians’ addresses leaked say pro-Ukrainian attackers


The pro-Ukrainian hacker group Sudo rm-RF says it has access to the home addresses of civil servants, politicians, and military personnel living in the Russian capital. The Cybernews team says the attackers were inside the organization’s network.

Sudo rm-RF announced the group breached the Moscow City Bureau of Technical Inventory (MosgorBTI), the Russian equivalent of a city planning department. The attackers say they’ve siphoned the data and destroyed the database.

“Information about civil servants, politicians, military and special services representatives supporting the war with Ukraine has been transferred to the Defense Forces of Ukraine,” the hackers said on their Telegram channel.

ADVERTISEMENT
Telegram Sudo
Sudo rm-RF posts on Telegram. Image by Cybernews.

According to saved data, MosgorBTI’s website was defaced last night, showing Sudo rm-RF’s declaration. Sudo rm-RF claims that the MosgorBTI breach has a political motive as the database belongs to the “aggressor country that unleashed a war with a peaceful state.”

Russia launched a large-scale military invasion of Ukraine on February 24th, 2022.

MosgorBTI confirmed the attack via the institution’s Telegram account. However, MosgorBTI said the attackers had no way of accessing data on the property rights of Moscow residents as the information is stored on a separate database.

“Information about real estate objects and owners is stored in a separate database, securely protected. The site is only a channel for ordering documents and is not directly connected with the information systems of the institution,” reads MosgorBTI’s statement.

However, after the statement was published, Sudo rm-RF started leaking the stolen data, adding it would publicize everything over several installments. A screenshot of data shared on Twitter shows properties registered with Russia’s secret service arm, the FSB.

So far, attackers have posted over 15 GB on social media channels, including several screenshots from the alleged MosgorBTI database. Some screenshots show what appears to be CCTV footage from inside MosgorBTI’s offices.

According to the Cybernews research team, the attackers could only access video streams if they were inside MosgorBTI’s local network. Moreover, the screenshots that attackers shared on Telegram include today’s (August 7th, 2023) data and local network address.

ADVERTISEMENT

Sudo rm-RF claims to be a pro-Ukrainian hacker collective. The name is a command used in Unix-like operating systems to remove files and directories from the system. Sudo rm-RF first appeared in late May, taking credit for hacking Russia’s Youtube alternative RuTube.