29 February 2024

Ukrainian hacktivists share new details on production of Russian Orlan-10 drones


Ukrainian hacktivists share new details on production of Russian Orlan-10 drones

The Ukrainian hacktivist collective known as “Кіберспротив” (Cyber Resistance) team shared new details on how Russia procures foreign components for the production of weapons and equipment, bypassing Western sanctions. The data was obtained from hacked email correspondence from the Russian LLC “Special Technological Center.”

Note, the first part of the CYBINT investigation was published on the InformNapalm community website in January 2024. The investigation highlighted how Russian sanctioned companies circumvent Western sanctions and obtain foreign equipment, spare parts, and components.

Three days after the publication, the German company Rohde & Schwarz, whose products are constantly mentioned in the documentation of the “STC” and which are crucial for Russia’s production of the electronic warfare equipment, made a public statement promising to review its own business processes to identify critical problems related to the sale of their products by intermediaries that end up in Russian production facilities.

According to InformNapalm, the hackers were able to gain access to the email account of the procurement manager for the Research and Development Department of the Special Technological Center, Andrey Florinsky.

The obtained data indicates that Russian companies are increasingly purchasing equipment through China and using Chinese currency. The scheme operates in such a way that all parties involved in circumventing sanctions understand and act “for results.” Contractors understand that they are involved in purchasing foreign goods bypassing sanctions, as do those who sell to them. It is worth noting that most Russian intermediaries do not even conceal the fact that they are procuring goods from China, InformNapalm says.

Some proposals were also made in euros. Notably, the documents included details about the projects for which not only Chinese parts but also Swiss parts were noticed. For instance, the Swedish company AXIS, a manufacturer of video cameras used on Orlan-10 reconnaissance drones, was frequently mentioned in the documents.

In fact, a large number of “middlemen” companies cooperate with the Russian military production manufacturer “STC.” Only one of them, “ELPROM” is currently under sanctions.

“But it is worth understanding that middleman companies are created quite quickly and take advantage of the imperfections of sanction mechanisms. Therefore, as long as the sanctions do not become stricter, this flow will not stop,” InformNapalm said.

The analysis of the data also revealed documents that contain recommendations on how contractors should proceed to make foreign currency payments abroad. Firstly, they should open appropriate accounts with PJSC Promsvyazbank, closely associated with the defense industry sector of the Russian Federation. Also, there is an explanation of how to interact with foreign contractors.

At the beginning of February, a group of hackers known as PRANA Network hacked the email servers of the Iranian company Sahara Thunder linked to the Islamic Revolutionary Guard Corps (IRGC), which facilitates the illegal sale of weapons from Iran to Russia.

The hackers extracted nearly 10 GB of files from the company, including contracts detailing multi-million-dollar arms deals, evidence of payments made in gold bars, blueprints for unmanned aerial vehicles (UAVs), and details regarding an operative known as Generation Trading FZE based in the United Arab Emirates (UAE), a company called Alabuga.


Back to the list

Latest Posts

Iranian hackers exploit RMM tools to deliver malware

Iranian hackers exploit RMM tools to deliver malware

One of the aspects of MuddyWater's strategy involves exploiting Atera's free trial offers.
24 April 2024
Ongoing malware campaign targets multiple industries, distributes infostealers

Ongoing malware campaign targets multiple industries, distributes infostealers

The campaign leverages a CDN cache domain as a download server, hosting malicious HTA files and payloads.
24 April 2024
US charges four Iranian hackers for cyber intrusions

US charges four Iranian hackers for cyber intrusions

The group targeted both both government and private entities.
24 April 2024