exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Fuxnet: Disabling Russia's Industrial Sensor And Monitoring Infrastructure

Fuxnet: Disabling Russia's Industrial Sensor And Monitoring Infrastructure
Posted Apr 10, 2024
Authored by ruexfil

This report seems to detail an operation to disable Russia's industrial sensor and monitoring infrastructure at www.moscollector.ru.

tags | advisory
SHA-256 | dc18d47f336cf868537e45d6f49f679964dead8db88dba8751df5e9cd9d6c0a4

Fuxnet: Disabling Russia's Industrial Sensor And Monitoring Infrastructure

Change Mirror Download
MOSCOLLECTOR TAKEDOWN - 9th of April 2024
---------------------------------------------------------------

Russia's Industrial Sensor and Monitoring Infrastructure has been disabled:
[moscollector.ru](https://www.moscollector.ru/)
Hacked data is available at
[https://ruexfil.com/mos](https://ruexfil.com/mos/)
It includes Russia's Network Operation Center (NOC) to monitors and control Gas, Water, Firealarm
and many others, including a vast network of remote sensors and IoT controllers. A total of 87,000
sensors have been disabled.

Milestones:
- Initial access June 2023.
- Access to
[112 Emergency Service](https://ruexfil.com/mos/takedown/112-emergency-service.png)
.
- 87,000
[sensors](https://ruexfil.com/mos/takedown/sensors)
and controls have been disabled (including Airports, subways, gas-pipelines, ...).
-
[Fuxnet](https://ruexfil.com/mos/takedown/fuxnet/)
(stuxnet on steroids) was deployed earlier to slowly and physically destroy sensory equipment
(by NAND/SSD exhaustion and introducing bad CRC into the firmware).
- Fuxnet has now started to flood the RS485/MBus and is sending 'random' commands to 87,000 embedded
control and sensory systems (carefully excluding hospitals, airports, ...and other civilian targets).
- All servers have been deleted. All routers have been reset to factory reset. Most workstations (including
the admins workstations) have been
[deleted](https://ruexfil.com/mos/takedown/)
.
- Access to the office building has been disabled (all key-cards have been invalidated).
- Moscollector has recently been
[certified by the FSB](https://ruexfil.com/mos/takedown/FSB/fsb-certifies-mos.jpg)
for being 'secure & trusted' (picture included)
- Defaced the webpage (https://web.archive.org/web/20240409020908/https://moscollector.ru/)

The media pack, screenshots and videos are available here:
[https://ruexfil.com/mos/takedown](https://ruexfil.com/mos/takedown/)
(
[.onion](http://cnqdc7cn4y5t6l5mxmyhwrp6wbneialihcdidc6a6ctdcrhktzmdbiqd.onion/)
)

It contains:
- GPS coordinates of all 87,000 sensors
- Database of their internal and
[secure Messaging](https://ruexfil.com/mos/takedown/dumps/)
Platform (Dialog; used by Moscollector employees).
- Screenshots of the Network Operation Centre
- Screenshots of servers, routers, databases, ...
- Screenshots of maps, blueprints of buildings, ... etc etc
- Screenshots accessing their domain registrar
- Screenshots of FuxNet source code and mode of operation
- Video of FuxNet deploying and disabling the sensors

The Op was conducted by BlackJack.

--- After takedown report
- About 1,700 sensor routers were destroyed. The central command-dispatcher and DataBase has been destroyed.
=> All 87,000
[sensors are offline](https://ruexfil.com/mos/takedown/fuxnet/)
- Key-cards to enter the office and server rooms have been invalidated
- All databases have been
[wiped](https://ruexfil.com/mos/takedown/)
.
- All mail has been
[wiped](https://ruexfil.com/mos/takedown/)
.
- A total of 30TB of data has been wiped. Including the backup drives.
- Zabbix and other internal staging and monitoring servers have been wiped.
- All admin workstations and most user workstations have been wiped.
- Exhausted the corporate credit card.
- Took control of their
[domain](https://ruexfil.com/mos/takedown/domain/we-now-own-their-domain.png)
"moscollector.ru".
=> Our server stats:
[WEB Traffic](https://ruexfil.com/mos/takedown/domain/domain-stolen-traffic.png)
,
[Email Traffic](https://ruexfil.com/mos/takedown/domain/domain-stolen-emails.png)
- Took down their
[Firewall](https://ruexfil.com/mos/takedown/takedown_firewall.png)
and disabled their Internet.
- Webpage has been defaced:
https://web.archive.org/web/20240409020908/https://moscollector.ru/
- Took over their Facebook:
[Blackjack Was Here](https://ruexfil.com/mos/takedown/facebook_blackjack-was-here.png)
,
[Slava Ukraini](https://ruexfil.com/mos/takedown/facebook_ukraine.png)
- Disabled 566 of their
[SIM cards](https://ruexfil.com/mos/takedown/phone-sims-disabled.png)
/
[phones](https://ruexfil.com/mos/takedown/phone-sims-disabled2.png)
.
- Data published at
[https://ruexfil.com/mos/takedown](https://ruexfil.com/mos/takedown/)
.

Sent with [Proton Mail](https://proton.me/) secure email.
Login or Register to add favorites

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close