Russian censors suffer another massive hack

Belarusian hacktivist group Cyber Partisans has breached the systems of the Russian General Radio Frequency Center (GRFC), a sub-agency that is a part of the country’s communications watchdog Roskomnadzor.

In Telegram and Twitter posts, Cyber Partisans said they gained access to the agency's internal network.

"The work of the chief Kremlin censor has been disrupted. Since the beginning of the war, they follow Putin’s opponents, write denunciations to the FSB & other agencies, & block services that help convey truthful info," the group boasted.

"We also have a huge amount of material proving large-scale surveillance on the network and attempts to establish total control over everyone who has spoken out against the Putin regime over the past 20 years," the Cyber Partisans added, promising to share the stolen data with journalists.

The hacktivist group said it had downloaded more than two terabytes of data in the form of emails and other documents. Workstations were also allegedly encrypted, and the domain controller was damaged.

The GRFC confirmed the breach to Kommersant and other Russian media, blaming the hack on the use of a "previously unused vulnerability." The agency denied that any employee workstations were encrypted, however.

But Cyber Partisans soon shared a screenshot of what they said was an internal workstation where content is marked for censoring.

Cyber Partisans have been active as saboteurs since the beginning of Russia’s war in Ukraine. Back in January, even before the Kremlin started the invasion, they successfully hacked into the Belarusian rail network and disrupted the movement of Russian troops.

These efforts succeeded in dashing Russia’s hopes of a swift invasion of Ukraine – hacktivists forced the Russian military to re-supply by road, but a 40-mile convoy stalled outside Kyiv and was eventually crushed.

The hack of GRFC marks the second time the Roskomnadzor has dealt with a major security breach this year after the Anonymous hacker collective also breached and then leaked more than 800 terabytes of data from the agency's servers earlier this year in March.

The leaked documents showed the agency actively intervening and censoring the narrative around Russia's war in Ukraine. For instance, Roskomnadzor was very active in monitoring how the invasion was called – officially, only naming it a “special military operation” is allowed.

According to various Russian experts, Roskomnadzor is no longer a sleepy telecom regulator – it now acts more as an intelligence agency, and its digital dragnet is as extensive as ever. The agency monitors websites, social media accounts, and news outlets, and labels them as “pro-government,” “anti-government,” or “apolitical.”