A little, roving group of hackers called CyberBerkut is attempting to humiliate the pro-Western authorities in Kiev by leaking details on everything to international arms deals from government officials’ private lives. But even more scary, CyberBerkut is using approaches that pale in comparison to the much bigger, more complex digital cannon which can be traced directly back to the Kremlin.

CyberBerkut is a pro-Moscow hacking on collective which has violated military networks and Ukrainian authorities and started distributed denial-of-service attacks against Western targets, all in an effort to embarrass Ukraine while handily improving the hackers’ own profile.

The group leaked files to Russian media that look to establish a Ukrainian state-owned defense firm is intending to sell fragmentation bombs to Qatar.

It is all portion of a propaganda effort starring Russia’s own variant of Anonymous. The group, made up of at least four individuals who came in 2014, is the most visible instance of a proxy hacking on collective launching strikes against Ukraine — with tacit authority from the Kremlin.

The group has been monitored by scientists to Ukraine, where a substantial section of the people in the eastern area of the nation is sympathetic to Russian influence.

“They are Ukrainians,” said Mikko Hypponen, chief research officer at F-Secure, a cybersecurity firm that strongly monitors Russian cybercrime. “It is a voluntary cyber offensive unit that is not strongly affiliated with any authorities. All the ex-Soviet states — including Russia, Estonia, Latvia and of course Ukraine — have ever been really active with reference to cyber. Should you examine the map CyberBerkut is found right at the center of that.”

First Impression

CyberBerkut brought interest from security research workers in mid-2014, when it used distributed denial-of-service attacks, which used falsified web traffic to knock goal sites offline, against the Polish government, NATO as well as the Ukrainian Ministry of Defense. CyberBerkut additionally used DDoS, an attack vector that was unsophisticated, against sites used by the German government, which CyberBerkut accused of assisting Ukraine in the Crimea disaster last January.

CyberBerkut additionally claimed responsibility for a hack that undermined Ukraine’s Central Election Commission (CEC) in May 2014, the most spectacular strike aimed at Ukraine since hostilities started. Applications made to show real time updates on the hotly disputed election didn’t work for 20 hours, router settings were erased and hard drive info was lost (the hack didn’t influence the election results).

Each member was active on Pastebin, a programming site and underground Russian criminal newsgroups that international hackers frequently utilize as a dumping ground for stolen info. CyberBerkut has called for additional volunteers, though it is unclear how many supporters have joined its ranks or from where strikes are started.

“The attribution procedure is hit or miss,” said Alan Woodward, a cybercrime advisor for Europol as well as a professor in the University of Surrey. But it is really simple to falsify all of that, and false flags are notoriously hard to see in the cyber world.”

But authorities also might also affect non-state actors indirectly in the type of a rousing political speech denouncing an opponent, for instance, or a different activity that might be interpreted as a call to actions.

There is also been no sign that CyberBerkut is hacking with a profit motive. The longer a hacktivist group lives without taking credit for a data violation that is commercial, the logic goes, the more likely an international authorities is called for. “I believe that is concerning, particularly in terms of where we are going to see proxy groups evolve during the following five years,” Maurer said.