In September 2022, the Ukrainian hacker group Hdr0 hacked the website of Mosoblenergo, a Russian state energy service provider in Moscow. The group put there a picture of the Kremlin on fire and Oleksiy Danilov, the secretary of the National Security and Defense Council of Ukraine. At the same time, they obtained the database of employees of the company. This group also claimed to be responsible for hacking the Russian TV in Crimea, Altai, St. Petersburg, and other regions.

Ukrainians who hacked Mosoblenergo -2
Screenshot: Mosoblenergo website at the time of the hacking

AIN.Capital spoke anonymously with the members of this group about their activities, goals, and methods.

Tell us about your group. How long have you been working together, what are your main goals?

As a group, we got together around mid-March 2022, and by the end of May, a couple of other people had joined us to form the final line-up.

Our goal: to damage the infrastructure of the Russian Federation, destroy supply lines, so that Russians can feel the war for themselves. As you know, defacement and other public actions are a way to forcefully bring the real state of affairs and prospects in Ukraine into the Russian public notice.

Later, we came to the realization that through the creation of a media entity, we can motivate other interested and talented people conduct such operations, and have a little fun, that’s how our Telegram channel started.

How do you choose the targets to attack? Is it some of the most visited sites, critical infrastructure sites, etc? How do you choose topics for messages (for example, Danilov in front of the Kremlin)?

I will not describe the algorithm for selecting targets for non-public attacks. But for public ones we involve used material from which nothing can be extracted, except for a dump of data (which we no longer need).

As for the messages, there are several levels: to convey information about the state and prospects of Russians in Ukraine, to achieve virality and memeability, so that this message gets to the official and unofficial Russian mass media. Danilov is a great example. We really like his suit.

Besides defaces, do you do something deeper (deface as something to grab attention while a more serious operation is being carried out)?

Yes, we do, but there will be no details.

How are the Russians doing with security in general? Do Bellingcat’s jokes about their “moscow1”, “moscow2” passwords sound like the truth? Is it hard to break?

Difficulty varies greatly from object to object. Of course, cases like “admin/admin” or “admin/Muhh@mad1” still happen, but this is more of an exception. I can say for sure that since the beginning of the full-scale invasion, the Russians have become more concerned about the security of their infrastructure. And the complexity is increasing over time. However, I cannot say that the same applies to their websites.

What are your strategic goals, how long do you plan to work in this direction?

Our strategic goal is the decolonization of the Russian Federation. However, as you know, it depends more on the Armed Forces, Ukrainian diplomacy, and the enslaved peoples of the Russian Federation. It’s just that we are moving in that direction with the forces and resources that we have.

Is there anything you would like to add for the readers?

If anyone wants to say or ask us anything, here is the contact email — [email protected]. Maybe we will get together and publicly answer some reasonable questions in our Telegram group. We’ll think about that.