{
	"id": "28a499e4-ded7-4aea-8105-39d44e0e19ad",
	"created_at": "2026-04-06T00:17:19.831482Z",
	"updated_at": "2026-04-10T13:11:55.013775Z",
	"deleted_at": null,
	"sha1_hash": "1bee35cd6096b2a63a63d527b5ef5e8e1b12081e",
	"title": "Hackers breach FSB contractor, expose Tor deanonymization project and more",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 48069,
	"plain_text": "Hackers breach FSB contractor, expose Tor deanonymization\r\nproject and more\r\nBy Written by Catalin Cimpanu, ContributorContributor July 20, 2019 at 5:59 a.m. PT\r\nArchived: 2026-04-05 15:12:35 UTC\r\nSee als\r\nHackers have breached SyTech, a contractor for FSB, Russia's national intelligence service, from where they stole\r\ninformation about internal projects the company was working on behalf of the agency -- including one for\r\ndeanonymizing Tor traffic.\r\nThe breach took place last weekend, on July 13, when a group of hackers going by the name of 0v1ru$ hacked\r\ninto SyTech's Active Directory server from where they gained access to the company's entire IT network,\r\nincluding a JIRA instance.\r\nHackers stole 7.5TB of data from the contractor's network, and they defaced the company's website with a \"yoba\r\nface,\" an emoji popular with Russian users that stands for \"trolling.\"\r\nHackers posted screenshots of the company's servers on Twitter and later shared the stolen data with Digital\r\nRevolution, another hacking group who last year breached Quantum, another FSB contractor.\r\nThis second hacker group shared the stolen files in greater detail on their Twitter account, on Thursday, July 18,\r\nand with Russian journalists afterward.\r\nSyTech Digital Revolution\r\nFSB's secret projects\r\nPer the different reports in Russian media, the files indicate that SyTech had worked since 2009 on a multitude of\r\nprojects since 2009 for FSB unit 71330 and for fellow contractor Quantum. Projects include:\r\nNautilus - a project for collecting data about social media users (such as Facebook, MySpace, and\r\nLinkedIn).\r\nNautilus-S - a project for deanonymizing Tor traffic with the help of rogue Tor servers.\r\nReward - a project to covertly penetrate P2P networks, like the one used for torrents.\r\nMentor - a project to monitor and search email communications on the servers of Russian companies.\r\nHope - a project to investigate the topology of the Russian internet and how it connects to other countries'\r\nnetwork.\r\nTax-3 - a project for the creation of a closed intranet to store the information of highly-sensitive state\r\nfigures, judges, and local administration officials, separate from the rest of the state's IT networks.\r\nhttps://www.zdnet.com/article/hackers-breach-fsb-contractor-expose-tor-deanonymization-project/\r\nPage 1 of 2\n\nBBC Russia, who received the full trove of documents, claims there were other older projects for researching\r\nother network protocols such as Jabber (instant messaging), ED2K (eDonkey), and OpenFT (enterprise file\r\ntransfer).\r\nOther files posted on the Digital Revolution Twitter account claimed that the FSB was also tracking students and\r\npensioners.\r\nSome projects came to be, were tested\r\nBut while most of the projects look to be just research into modern technology -- which all intelligence services\r\ncarry out -- there are two that appear to have been tested in the real world.\r\nThe first was Nautilus-S, the one for deanonymizing Tor traffic. BBC Russia pointed out that work on Nautilus-S\r\nstarted in 2012. Two years later, in 2014, academics from Karlstad University in Sweden, published a paper\r\ndetailing the use of hostile Tor exit nodes that were attempting to decrypt Tor traffic.\r\nResearchers identified 25 malicious servers, 18 of which were located in Russia, and running Tor version 0.2.2.37,\r\nthe same one detailed in the leaked files.\r\nThe second project is Hope, the one which analyzed the structure and make-up of the Russian segment of the\r\ninternet.\r\nEarlier this year, Russia ran tests during which it disconnected its national segment from the rest of the internet.\r\nSyTech, the hacked company, has taken down its website since the hack and refused media inquiries.\r\nPhotos: Retro computer games that Eastern Europe played as Iron Curtain fell\r\nMore data breach coverage:\r\nMarriott faces $123 million GDPR fine in the UK for last year's data breach\r\nHacker steals data of millions of Bulgarians, emails it to local media\r\nBulgaria's hacked database is now available on hacking forums\r\nHackers breach 62 US colleges by exploiting ERP vulnerability\r\nSlack resets passwords for 1% of its users because of 2015 hack\r\nPale Moon says hackers added malware to older browser versions\r\nA hacker assault left mobile carriers open to network shutdown CNET\r\n90% of data breaches in US occur in New York and California TechRepublic\r\nSource: https://www.zdnet.com/article/hackers-breach-fsb-contractor-expose-tor-deanonymization-project/\r\nhttps://www.zdnet.com/article/hackers-breach-fsb-contractor-expose-tor-deanonymization-project/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.zdnet.com/article/hackers-breach-fsb-contractor-expose-tor-deanonymization-project/"
	],
	"report_names": [
		"hackers-breach-fsb-contractor-expose-tor-deanonymization-project"
	],
	"threat_actors": [],
	"ts_created_at": 1775434639,
	"ts_updated_at": 1775826715,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/1bee35cd6096b2a63a63d527b5ef5e8e1b12081e.pdf",
		"text": "https://archive.orkl.eu/1bee35cd6096b2a63a63d527b5ef5e8e1b12081e.txt",
		"img": "https://archive.orkl.eu/1bee35cd6096b2a63a63d527b5ef5e8e1b12081e.jpg"
	}
}