ThePenguinsPlace Hacks And Defaces Six Russian Websites
Attack Vector: Website Defacement
Threat Actor: @ThePenguinsPlace
Summary: A previously unknown hacktivist group, @ThePenguinsPlace, claim to have hacked and defaced six Russian websites and posted the details of the attack on twitter on 18th March 2018. At the time of writing, the post appears to have been taken down and there is no further sign of activity from these actors.
Risk assessment summary: It is currently assessed that a 2b HIGH threat exists to a number of sectors as a result of this incident. Under normal circumstances, this attack would be considered a low threat to UK interests, however it comes at a time when diplomatic tensions between the UK and Russia are at breaking point following the recent nerve agent poisoning of Sergei Skripal and his daughter. In the two weeks since the incident, the possibility of UK cyber retaliation aimed against Russia has been raise both in parliament and the media, adding fuel to what is already a growing fire.
Additionally, the @ThePenguinsPlace defacement attacks follow on from currently unattributed DDoS attacks against other Russian targets in the lead up to the 18th March election. These include the Russian Central Election Commission and the communications regulator Roskomnadzor which has close links with Russian security agencies. These incidents are likely to fuel Moscow’s suspicions that the UK may be launching covert cyber-attacks against the country and this suspicion could well precipitate a tit for tat situation.
The fact that @ThePenguinPlace suddenly appeared and disappeared is unusual and may also lead Russia to believe they are a fake group created by Western intelligence agencies. This is particularly relevant as Russia itself has been known to mimic non state threat actors, including the UnitedCyberCaliphate, to obfuscate their own attacks.
This creates the possibility that hacktivist type activity may be launched by state groups during this period of international tensions. It is recommended that organisations ensure adequate DDoS mitigation is in place and that public facing webpages are regularly monitored for signs of defacement. Monitoring of the threat environment will continue for further actionable intelligence.