Team OneFist: New Breed Of Cyber Warriors Pulls Off The 'Holy Grail Of All Hackers' In Russia
KEY POINTS
- Another player is disrupting Russia's Ukraine invasion
- Dubbed Team OneFist, the international group is consist of professionals from different parts of the world
- Team OneFist swears to defend Ukraine
Team OneFist is an unfamiliar name, even in the secretive and closed world of hackers and cyber warriors. That is because the group of volunteer cyber operatives is new, having been founded just a few months ago. But they are now making waves by taking on no less than Vladimir Putin's Russia, imposing costs and pain on the Russian economy far away from the frontlines of Ukraine.
Their better known competitors Anonymous (well, not exactly competitors), have been wreaking havoc in Russia from the February when the Kremlin launched what it calls a "special military operation' in Ukraine. Those cyber breaches, which Anonymous operatives have previously described as involving attacks and counterattacks with Russian cyber security operatives, have played out away from the public eye but have been highly damaging to the Russian economy.
Team OneFist has vowed to defend Ukraine, like Anonymous, and has already inflicted millions of dollars of damage to Russia. Among Team OneFist's latest exploits is a successful attack on supervisory control and data acquisition (SCADA) applications in a power grid — what cyber warriors consider as the "holy grail of all hackers."
A blog post from Lewis University explained why an attack on a power grid is considered hackers' holy grail. "When hackers aim for our electrical grid, however, our way of life comes to a halt immediately, causing inconvenience and financial distress, but also imperiling life. The consequences of having our electrical grid hacked are alarming," the blog explained.
Team OneFist's attack led to the burning down of multiple uninterruptible power supplies (UPS) in Russia's 110kv electrical substation PS-249. According to Team OneFist, these power sytems have 120 massive 12V batteries supplying power to approximately 2,000 sensors, which the team "rate-limited" to 2 volts, causing the devices to blackout and fail.
The PS-249 substation was modernized recently and, based on Russia's energy website, cost 84,777,780 ruble or about $1.3 million. Voltage, one of the founders of Team OneFist who uses a pseudonymous Twitter handle, provided an update on the hack, showing how cleverly it was carried out, "After browning-out all of the ~2k devices on these huge battery systems, we re-configured the rectifiers to pull power from only one battery for all power. Praying for fire!"
Speaking of fire, Team OneFist is mostly responsible for the many unexplained, mysterious fires that have broken out all over Russia. In an exclusive interview to International Business Times, Thraxman (again a pseudonymous Twitter handle), who is another co-founders of Team OneFist, offered a deeper look into what the hacker collective is doing in Russia.
But first, here's what Thraxman had to say on the PS-249 hack. "We discovered it, immediately verified what it was (it helps that the system told us the name haha), made an attack plan, rested a couple hours, then picked the early morning for maximum impact — when the power load starts to increase," he said over Twitter direct messaging.
"From the moment we discovered it to the moment we attacked it, was about 12 hours — being able to rapidly adapt is such a key factor in attacking," Thraxman explained. "The reason is because, sometimes, they log access or warn the administrator, so you have to move fast — this one didn't but we still wanted to hit it quickly."
Team OneFist was founded on April 23 and is made up of professionals who keep their day jobs to support their shared goal of defending Ukraine, and use pseudonymous identities for their security and protection. In the short time since it was formed, it has become a major player in the cyber warfare with Russia, which was considered to have formidable cyber attack and defense capabilities.
"We all met and came together with the help of the IT Army of Ukraine with whom we are close friends," Thraxman disclosed, without offering further details on the meeting. The ITAU is another powerful player in Ukraine's army of cyber guerrillas.
"We defend Ukrainians by strategically targeting Russia, we focus on systems that we think can affect the outcome of the war," he added. So far, Team OneFist is the only "pro-Ukrainian non-state actor that is engaging in true, full spectrum cyberwarfare, network attack, non-kinetic and kinetic 'cyber,' and information operations against Russia," Thraxman claimed.
Since April, the group has launched and completed "30 successful operations — causing direct destruction of around 13,000 devices, including data center switches, edge routers, national ISP-level PBXesand power systems." And it was not all smooth sailing — Thraxman revealed that the group also carried out two counterintelligence operations during the period because "Russian intelligence services try to penetrate us on a near daily basis."
In July, Team OneFist launched operation Zero Wave, targeting INPAS, one of the largest e-commerce and fintech companies in Russia. That attack bricked the firm's payment system and destroyed its backup data center deployments, Thraxman claimed.
The INPAS system and services are used by many big names in Russia including Rosneft, Lukoil, Gazprom, Russian Standard Bank, Sberbank and the Moscow Metro, among others.
The attack impacted the payments system for a few hours and prevented its users from "processing any payments made with their systems, ranging from cryptocurrencies to Mir and Visa cards." The operation, Team OneFist said, rendered around 100,000 payment systems useless, including those of "Rosneft/Lukoil stations, Moscow Metro, & many banks!"
In the same month, Team OneFist hacked Tviinet.ru, a popular internet service provider in Russia, with thousands of subscribers in the Yaroslavl and Vologodskaya regions. The group said it destroyed the firm's primary firewall and also breached and wiped its data center.
But Team OneFist also launched attacks that took the war to the Russian people in a more tangible way, like one that left the entire district of Minsk without hot water. A local news outlet confirmed the incident and called it an "accident." The team said, like good soldiers, it follows the rules of war and does not target hospitals, emergency services, water supplies, or nuclear power plants. "We've had to call off attacks a few times because of it."
Voltage and Thraxman were not hackers when they started the movement, but are now self-taught hackers who have along with the others in the team pulled off a series of impressive cyber attacks against Russia.
Thraxman attributed his group's record to the integration of various functions and intelligence collection and target reconnaissance in their operations.
"Team OneFist's success is due to us operating like a military cyber warfare unit — we have a dedicated mission to defend Ukraine and everyone is focused on it; we have people who are incredible team players and work together seamlessly; we have a targeting matrix for targets that impact the front; and everyone participates in the 'kill chain' that leads to a successful kill," Thraxman told IBT.
"It's more a matter of knowing what to hit," he added. "I think the common perception of hackers is that it's all about creating arcane, magical vulnerabilities and code. Sure, that can help, but we found that reconnaissance and target validation is by far the most important thing in this war."
International Business Times asked Team OneFist why it decided to attack Russia. Thraxman replied, "Our goal is that we want to protect Ukrainian lives — every 2 minutes a Ukrainian is killed or raped. It's a real tragedy, a disaster, and it's all because they sought freedom. We see Ukraine as the frontline between democracy and tyranny, and speaking to those around the world, we want to say — if Ukraine falls, then the rest of the world is next. Because fascism and tyranny spreads like a plague, never satisfied with what it already has."
© Copyright IBTimes 2024. All rights reserved.