Hackers Breach Russian Space Research Institute Website

Hackers defaced a website linked to Russia’s Space Research Institute (IKI) and leaked files they claimed came from Roscosmos.
Moon
Image: Motherboard

Hackers have compromised a website connected to Russia’s Space Research Institute (IKI), which designs and builds scientific instruments for space experiments, according to screenshots and archived data.

The news is part of a flurry of hacktivism activity against Russian entities during Russia’s ongoing invasion of Ukraine. Although the overall impact of such hacks seems limited at the moment, a slew of groups and individuals have claimed compromises of Russian targets over the past several days.

Advertisement

“Heyyy Russian [homophobic slur].. Sorry.. Cosmonauts ??.. idk what to say, go get a nice website instead of threatening people with ISS, heard??” a message left on a section of the IKI-related site reads. The mention of the ISS is likely referring to recent comments from Russian authorities around the possibility of pulling out from operation of the International Space Station.

“Also leave Ukraine alone else Anonymous will f*ck you up even more :))” the message added. The hackers that claimed responsibility for the compromise called themselves v0g3lsec on Twitter.

Do you know about any other hacks around the Ukraine invasion? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, or email joseph.cox@vice.com.

The message was posted on a particular subdomain on the site, which is offline at the time of writing. Other subdomains, such as one belonging to IKI’s Department of Optical and Physical Research, remain accessible.

V0g3lsec also posted a selection of what it claimed were files taken from the Roscosmos, Russia’s overall Space Agency, which is a different organization to the one they compromised the website of. The files are a combination of handwritten forms, PDFs, and spreadsheets in a mix of Russian and English talking specifically about lunar missions, according to Motherboard’s review of the files.

Advertisement

V0g3lsec told Motherboard in an online chat that “they were using their own file sharing service where the files could be access only by providing a username & password.. all i did was bruteforcing the password while keeping the username as ‘admin’.. as they were using a weak password, it didnt take much time for me to get the password.”

One of the documents discusses the location of potential landing sites for lunar spacecraft on the Moon's South Pole. Russian authorities have already announced their South Pole sites, however. Motherboard could not immediately verify the legitimacy of the leaked files.

IKI did not immediately respond to a request for comment.

On Tuesday, Twitter users shared a separate unverified claim on Twitter from another alleged hacking group which suggested it had targeted a “Vehicle Monitoring System.” Seemingly in response, Roscosmos head Dmitry Rogozin denied that Russian satellite control centres had been hacked, and told Interfax that “Offlining the satellites of any country is actually a casus belli, a cause for war.”

The new website compromise in no way indicates a hack of space satellites.

Becky Ferreira contributed reporting.

Update: This piece has been updated to include comment from V0g3lsec.

Subscribe to our cybersecurity podcast, CYBER. Subscribe to our new Twitch channel.