KEY POINTS

  • Team OneFist strikes again inside Russian financial system
  • The international group of volunteer cyberwarriors hits two Russian logistics companies
  • The group destroyed CRM and wiped the database of both the companies

Team OneFist, an international group of volunteer cyber warriors that serves as the international arm of the IT Army of Ukraine, has breached VTB Bank, Russia's second-largest, late Tuesday night.

In an exclusive interview, Team OneFist's founder Voltage revealed that the team got a hold of crucial intel from a couple of "mid-sized logistics companies that provide services for the Russian government," which led them to the companies' accounts at VTB Bank.

Team OneFist drained three accounts of the two companies, which collectively held 1.45 billion rubles (more than $23 million). The group wanted to donate the funds to Ukraine, but any bank transfer had to be approved by the bank, which made it impossible.

Russian President Vladimir Putin said last week that Moscow will now only accept rubles as payment for natural gas deliveries to "unfriendly" countries, which include the European Union
Russian President Vladimir Putin said last week that Moscow will now only accept rubles as payment for natural gas deliveries to "unfriendly" countries, which include the European Union AFP / Kirill KUDRYAVTSEV

So the team opted to make it difficult for the Russian companies to track their funds and retreived their money. The hackers "dispersed the money inside their own company in a way that took it all out of 'Available Cash.'" Voltage explained: "What we did was tie up their money so that it can't be used for anything else until they corrected the accounting (changes) we did by moving the money from one department in the company to another, out of the main account and into the cashiers' account."

Screencap of the transaction
Voltage, team OneFist
Screencap of the transaction
photo courtesy of Team OneFist's Voltage Voltage, team OneFist

But then Team OneFist is not one to leave the scene without leaving more headaches to the Russians. To make sure that both companies will have a hard and long time resolving the issue, the group "blew up the system" by deleting the entire database.

The group also sent an SMS message to all employees "trolling them," and rebranded their physical paychecks with the Onefist logo. "We also deleted large portions of the CRM / Accounting database, rendering the entire system unusable, and we locked them out of it," Voltage said.

screencap of SMS message
Team One Fist Voltage

"They have no idea where the money got sent right now as the records of it were destroyed," he added. "They will have to work with their IT staff to try and restore or rebuild the CRM, while at the same time trying to work with the bank to figure out where the money went," the Team OneFist founder shared.

While the attack was collectively carried out by the entire team, Voltage mentioned that It was "Team OneFists's Polish master-hacker Mephisto who penetrated the system and made the attack possible. From there, OneFist's Ukrainian cyber warriors conducted the actual attack."

Read more