Tech

Hackers Claim to Dox Russian 'War Criminal,' Convince His Wife to Do 'Patriotic Photoshoot'

A group of Ukrainian hacktivists say they've hacked the accounts of a Russian colonel.
e
Inform Napalm photo.

A group of hackers has claimed to have broken into the email accounts of a Russian colonel, revealing personal information and military secrets. Ukrainian officials have started issuing statements based on some of the leaked data, and the International Criminal Court has told Motherboard it is investigating. 

The hack led to an accusation by a Ukrainian official that the colonel is the war criminal responsible for the March 2022 attack on a civilian-packed theater in the city of Mariupol. The hacking group also claimed to have tricked the colonel’s wife into staging a “patriotic photoshoot” with 12 Russian officer’s wives, which helped identify the soldiers.

Advertisement

The group is called Cyber Resistance and it said it started operating in 2014 and claims it has connections to the Ukrainian government, according to posts on its Telegram channel. It published its findings on Telegram in collaboration with the Ukraine-based open source intelligence group Inform Napalm. The target was Colonel Serhii Atroshchenko, who runs an aviation unit stationed across the Azov Sea from Mariupol.

The hacked information contained the colonel's personal information, including pictures of government documents, his phone number, the location of his home, and his COVID-19 vaccination status. The hackers also posted a video showing them scrolling through his email inbox, which is shown to contain an email from Atroshchenko’s wife. The hackers said they were able to enter the colonel’s military accounts and found information about his subordinates, the movement of troops, and documents related to Russian military equipment.

Posing as a fellow officer, the hackers say they convinced the colonel’s wife to organize a photoshoot on the runway of the base with other officer’s wives. The resulting photos show the officer’s wives lined up wearing their husband’s dress uniforms as well as close-up photos of jets and their operation. 

“This made it possible to scout targets and collect all the wives of Russian pilots and, as a result, collect additional data that is useful for further OSINT-reconnaissance,” Inform Napalm said.

Advertisement

Petro Andryushchenko, an advisor to the mayor of Mariupol, accused Atroshchenko of ordering the attack on the theater in Mariupol after reading the information in the hack. “The number one killer of the people of Mariupol has been identified,” he said on his Telegram channel. “The one who ordered and supervised the bombing of the Drama Theater, the Maternity Hospital and the Children's Hospital. Since the first weeks, we have established that the planes bombing Mariupol took off from the Primorsko-Akhtarsk airfield.”

Russia controls Mariupol and its Mayor and some of his aides fled the city last year. They currently reside in Kyiv, but still issue statements and coordinate relief efforts for the occupied city. 

Throughout March 2022, Russian forces bombed various civilian targets in Mariupol including a theater, a children’s hospital, and an art school. Civilians were using the theater and the art school as bomb shelters. An investigation by the Associated Press put the death toll at the theater at more than 600 people. Amnesty International called the bombings a war crime and demanded an investigation by the International Criminal Court (ICC).

The hackers said in a Telegram post they turned over their evidence to the ICC. “We also know that during the preparation of this publication, materials regarding Atroshchenko and his subordinates were handed over for the execution of a warrant from the International Criminal Court,” InformNapalm said

Motherboard asked the ICC if it had been in contact with the hackers, but it said it couldn’t comment on an ongoing investigation. 

“Thank you for your questions. However, they concern issues that the Office of the Prosecutor is unable to provide information on due to their confidential nature—we do not publicly discuss this type of specifics related to ongoing investigations,” the ICC said. “This is essential not only to protect the integrity of the investigations but also to ensure the safety and security of victims, witnesses, and all those with whom the Office interacts."