CYBER BERKUT

Your consent is required to display this content from youtube - Privacy Settings
Click to Share This Post

Type: Hacktivists

Status: Active(less active since 2015, but still posting regular updates)

Active Since/Discovered: 2014

Targets: Ukraine and allied nations, the “Right Sector”, “neo-fascism and neo-nationalism”, NATO and allies

  • NATO website – late March 2014
  • Polish websites – August 2014
  • Ukrainian Ministry of Defense – October 2014
  • German Government websites for several hours (Parliament and Chancellor Merkel) – Jan 7, 2015

Target Sectors: Military, Government, Think Tanks, Politicians, Ukrainian Election Commission

Malware:

  • ClientPort –DdoS Tool
    • Windows and Linux version
    • Connects to Tor and then to an onion site to get the domain to be targeted
    • perform routines such as HTTP connection flooding, UDP flooding, and TCP flooding
    • Recruits pro-Russia volunteers to download the tool from their site and participate in the DDoS – “botnet by agreement”
      • Volunteers collected from several social networks profiles such as VK, Odnokalsninki, Twitter, Facebook, and any other social networks where Cyber Berkut has pages
  • Freely Availible Third party keyloggers and Trojans
    • gather email credentials to read their target’s communication and documents

Preferred Attack Vector:  DDoS attack and Malware injection

IoCs:

  • Uses San Francisco based Cloudflare services via Whois Privacy Corp. registered in Nassau, Bahamas to hide their identity

Unique:

  • Pro-Russian and anti-Ukrainian hacktivists
  • First political pro-Russia cyber-criminals
  • at least 4 members, and their handles are “Mink,” “Artemov,” “MDV,” and “KhA.”
    • On Jan. 7, 2015 (possably in retaliation for attacks on German websites) the personal information about certain members of the cyber group had been posted on Pastebin by “PravyjSektorUANationalistsUkraineAnon ” of the Pravy Sektor (Ukrainian right wing activists)
      • Full name: Alexander Ulyanov
        • Aliases: MDV
        • Date of Birth: 24/03/1986
        • Country: Russia
        • Residence: 14 Polozova Street, St. Petersburg
        • I.T.B Identification: 649
        • Twitter: http://twitter.com/CyberBerkut
        • Notes: Found at ITB database, he lead the operation Privat. Interference in the work of the Central Election Commission of Ukraine by IFES damage to the system before the election. Temporarily blocked the work of MOI of Ukraine and the Prosecutor General of Ukraine. Temporarily blocked the work sites of TV channels “Inter” and “1 + 1”. The attacks on the NATO website. The attack on the websites of private military companies in the US
      • Full Name: Zac Olden
        • Aliases: Mink, M. Rodchenko, “Videsh”, “Videshkin” and “Gmr.”
        • Date of Birth: Unknown
        • Country: Australia
        • Residence: Unknown
        • VKontakte: http://vk.com/infiltrate
        • Twitter: http://twitter[.]com/zacolden
        • minkrr@yandex[.]ru,  alexandernot@mail[.]ru, mink@retribution[.]in, appalled@outlook[.]com, retribution@null[.]net, support@xakep[.]ru,  x@k0d[.]biz, videshkin@ya[.]ru,  http://my.mail[.]ru/mail/alexandernot/
        • Skype: CyberBerkut
        • part of different Russian underground forums such as inattack.ru, antichat.ru, damagelab, and an old security focused forum named rootkit.com
        • Notes: Hacking mailbox and publication of correspondence IV Kolomoiskiy with the prosecutor in Lviv region, and computer hacking and e-mail Assistant oligarch. Also lined with the contents of the archives 89 email accounts of employees of the Lviv regional prosecutor’s office. He is the leader of retribution network (http://retribution[.]in)
      • Full name: August “Artemov” Pasternak
        • Aliases: Artemova, Artemov
        • Date of Birth: 07/04/1994
        • Country: UKRAINE
        • Residence: 194, 15 Pushkin, Megeve, Dnipropetrovsk region
        • I.T.B Identification: 151403
        • Notes: Putting public access telephone recording Supreme representative of the European Union for Foreign Affairs and Security Policy Catherine Ashton and Foreign Minister Urmas Paet. Hacking and publication of the correspondence of the Acting Minister of Internal Affairs of Ukraine AB Avakova
  • Conducts DDoS attacks, publicity stunts, and disclosures of classified meetings/ info
  • Similar to a Russian Anonymous
  • Many subgroups only visible on social media
  • Slogan – We will not forget! We will not forgive! -@MizzOracle
  • Has a website – www[.]cyber-berkut[.]ru
  • Founded after the dissolution of the “Berkut” special police force
© 2020 ArtOfTheHak.All Rights Reserved
Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Youtube
Consent to display content from Youtube
Vimeo
Consent to display content from Vimeo
Google Maps
Consent to display content from Google
Save