September 22, 2024
In a recent alarming development, the Russian hacking group known as Cyber Volk has issued threats against the Armenian government. This incident underscores the growing attention Russian hacking groups and hactivists are paying to Armenia, as relations soar between Yerevan and Moscow.
Cyber Volk is a politically motivated hacktivist group that openly declares its allegiance to Russia. Known for their aggressive cyber tactics, they have recently escalated their activities by deploying a new ransomware variant in July 2024. This group leverages their cyber capabilities to advance political agendas, often targeting government entities and critical infrastructure. Their operations are not just about financial gain but are driven by a desire to influence political outcomes and demonstrate their support for Russian geopolitical interests.
Cyber Volk’s threats are not just empty words; they are backed by a history of successful cyber operations that have caused significant disruptions in the past.
Relations between Armenia and Russia have significantly deteriorated in recent years, marked by Armenia’s growing disillusionment with its traditional ally. This shift has been driven by Russia’s perceived failure to support Armenia during its conflicts with Azerbaijan, particularly in the Nagorno-Karabakh region. Armenian Prime Minister Nikol Pashinyan has publicly criticized the Moscow-led Collective Security Treaty Organization (CSTO) for not fulfilling its obligations, leading to Armenia’s decision to withdraw from the alliance. Additionally, Armenia has been seeking closer ties with Western nations, conducting joint military drills with the United States and exploring potential membership in the European Union. This realignment reflects a broader trend of Armenia distancing itself from Russia’s influence and seeking new strategic partnerships.
This incident is part of a broader trend of increasing cyber warfare activities. Governments around the world are becoming more vulnerable to cyber attacks, which can have devastating effects on national security, economic stability, and public trust. The European Union has already raised alarms about the high threat level posed by Russian hacking groups, urging member states to bolster their cyber defenses2.
Cyber Volk has published screenshots from Armenian government’s FTP server. They claim to have compromised the UNIX system, gained access to a database and threaten to destroy it. Initially, the group demanded a ransom payment of 2.5 million dollars in Bitcoin. In a couple of hours the demand was revised, the hackers asked for as little as 30k, which probably is a realisation of the fact that they don’t have anything really valuable after all.
And in fact, CyberHUB’s team was able to identify the server in question based on the published screenshot. This is the public FTP server with Anonymous user access that the government hosts to share multimedia with the Armenian journalists. All the information in the server is public, so accessing it doesn’t require any special hacking skill. However, Cyber Volk claim that they have compromised the server and accessed a database. They are not presenting any evidence and the Armenian government has refused to comment. Also, following Cyber Volk’s announcement, the government had briefly shut down access to the FTP server, but it was back online as of the moment of publication of this blog-post.
The threats from Cyber Volk against the Armenian government serve as a stark reminder of the ever-evolving landscape of cyber warfare. As these threats continue to grow in sophistication and frequency, it is imperative for nations to stay vigilant and proactive in their cybersecurity efforts.