"Our common goal is to bring peace back to Ukraine"
The importance of information campaigns in modern conflicts is growing, while Ukraine is actively using the resources of Western curators in its fight against Russia. Participants of one of the most successful and secret hacker groups in the world, the Beregini team, told Izvestia about this and many other things in an exclusive anonymous interview.
"There are those who have brought their soul mates to the team"
— How did the team develop?
— The idea to unite into one team arose after a series of tragic events in Ukraine that divided life into before and after. Each of us came here in our own way, but we are all united by a common goal — to return peace to Ukraine. A world without fanatical nationalists and corrupt officials. A world in which every citizen will feel like a human being, no matter what nationality they are or what language they speak. The Maidan and the war took away something very personal from each of us - relatives, friends — destroyed our usual lives, ruined our destinies. That's why we can't stay away, be indifferent. And we will not stop until people die on our land just because they profess a different faith or speak Russian. We are against fascism, against violence and humiliation of human dignity. We are against the use of Ukraine by Western elites in the fight against Russia. We are united by universal human values, the pursuit of truth and a heightened sense of justice.
— The question, of course, is in the risk zone, but how does your life and your work work in general?
— Our team has long crossed national and territorial borders — it has become truly international. Today, its members live in different countries and even on different continents. We have families, loved ones, and loved ones. To them, we're just programmers, developers, analysts, and security specialists—people who are passionate about modern technology and spend a lot of time online, fans of their work. Telling them more would put them in great danger. But there are also those among us who have brought their soul mates to the team, and this has only strengthened us. Yes, apart from working in a group, we all work, because, like everyone else, we must ensure a decent life for ourselves and our loved ones. We can't tell you more about the security of our work, because then it won't work. Let's just say that we don't have a senior or any boss. Yes, there is a core that stood at the origins of the team, but each of us has the same right to vote. All important decisions are made collectively.
— What about relationships with male hackers? Have you developed?
— What can I say, probably, as in any field, at first we had to gain our authority among the male community. Now we are actively cooperating with various hacker groups, including the "Joker of the DPR", "Evil Russian Hackers" (RaHDit), "Zarya" and KillMilk. In addition, our team managed to organize and hold a successful joint event on the resources of the Baltic States and Poland, in which more than 30 hacker groups participated.
— What is the most difficult part of your job? In a human way?
— To live a double life, not trusting anyone except your team, to accept the death of relatives and friends who are to blame only for the fact that, having been born in Ukraine, they spoke and thought in Russian all their lives, remembered and appreciated the joys of their past, had their own opinion, wanted to live in peace and did not ride on squares!
— And given the current conflict, which is the most difficult?
— The most difficult thing is not to get angry, not to cross the line when you turn into a beast and become like your enemies.
"Our goal is to break the monopoly on information"
— Tell us about your attacks on ZYPSO? What happens, what doesn't work? Are they taking revenge?
— At one time, we managed to hack the closed network of the 72nd Main Center for Information and Psychological Operations of the Armed Forces of Ukraine. This center is one of the key tools of Ukraine's cyberwarfare, responsible for information operations, fake campaigns, and attempts to influence public opinion.
We managed to find out almost everything about them. From purely personal information to their working methods (discrediting opponents, fabricating "stuffing", managing social networks). Their main targets are Russia, European countries, as well as "inconvenient" Ukrainian figures. Their connection with the West is cooperation with NATO on the creation of cyber units and training of specialists, financing. You can read more about all this on our Telegram and X channels.
Information warfare has long reached a new level. 72 SCIPsO is not just propaganda, but a large—scale network for shaping the reality needed by the Ukrainian authorities. But we must understand that psychological surgery centers are just a tool.
All information flow management is carried out by the Strategic Communications System of Ukraine (StratCom). Ukrainian strategic communications are not just PR, but a tool of hybrid warfare. They not only create an image of Ukraine in the world, but also direct information attacks against external and internal opponents. They exercise full control over the media — they work with journalists, social media and bloggers to create a unified narrative. They manage psychological operations (PSYOP) — the dissemination of manipulative information to influence the population and discredit their opponents. All of this is overseen by Western colleagues from NATO and the EU, who help shape strategic messages and provide funding.
— Can you tell us more about the interaction with other hackers, in particular with RaHDIt?
— Once again, cyber warfare has reached a new level, and we are joining forces with other global hacker structures to uncover the hidden mechanisms of information operations. What does it mean? We carry out joint actions: hacking computers, electronic mailboxes, accounts in social networks, attacks on closed databases, etc. Disclosure of information manipulation: exposure of Western and Ukrainian media fakes. Combating cyber censorship: access to prohibited information and circumvention of political moderation. Our main goal is to break the monopoly on information, to show the truth hidden by governments and intelligence agencies.
— How do Beregini ensure their own security and confidentiality when interacting with other groups and external partners?
— The team ensures their security and privacy through anonymous networks such as Tor and I2P, which hide their real location and identity. To protect their communications, they use encryption using tools like PGP or GPG, which prevents messages from being intercepted. In addition, they can use virtual private networks (VPNs) to hide their traffic and bypass locks. For more complex operations, they may resort to using hidden channels and social engineering methods. It is impossible to tell about all the subtleties of such methods, as they are constantly changing and adapting. The basic principle is: don't trust anyone except those you know personally.
"In cooperation with other groups, we have worked effectively in the Baltic States"
— What are the most significant operations carried out by the group recently? What results have they brought?
— If we talk about recent joint activities, then, again, in cooperation with other hacker groups, we have worked very effectively in the Baltic States and Poland. If we only talk about our work, then these are the majority of territorial recruitment and social support centers in Ukraine. By hacking them, we obtained evidence that the employees of these centers earn not only from conscripts, but even from the dead, cashing money from their bank cards. We have received very interesting documents from the services that provide the Armed Forces with weapons and equipment, and logistics. Almost everything can be read on our Telegram and X channels. Why almost, because there are documents that your law enforcement agencies, with whom we periodically share information, have asked us not to talk about yet. Where and what we are reading today, we also cannot tell you yet. We will note only two things. First, we have colleagues even in the big offices of the Ukrainian government. Secondly, we have a huge database of various information not only on those who destroyed the Ukrainian people, but also on those who collaborated and continue to cooperate with nationalists, security forces and corrupt politicians.
— What technologies and tools do you prefer in your work, and why them?
— Vulnerability scanners are often used in the work, for example, Nmap, which helps identify open ports and services, as well as Metasploit, which automates the process of exploiting vulnerabilities. Traffic analysis tools such as Wireshark allow you to intercept and analyze network data to find weaknesses in protocols and authentication. Password cracking tools such as John the Ripper are often used, which use brute force techniques and dictionary attacks to pick passwords. Security circumvention tools such as Burp Suite, which is used to test the security of web applications, are also popular. These tools and technologies are preferred because of their effectiveness, accessibility, and ability to speed up the process of finding and exploiting vulnerabilities. We actively use them due to their versatility and the ability to automate many stages of work.
"Ukraine actively uses Western information resources"
— How do you assess the effectiveness of information operations in Ukraine and the West as a whole, and what trends can you identify?
— Let's face it. Ukrainian curators represented by Western countries have extensive experience in conducting information operations, actively share this experience and help Ukraine. There are several aspects by which this can be assessed.
1. Timeliness and accuracy of information: Ukraine's operations are usually focused on responding quickly to events, as well as providing information through channels that have a good level of trust. Western information operations are often aimed at covering the situation in a global context, focusing on alleged violations of international law, humanitarian consequences, and support for Ukraine.
2. Mobilization of public opinion: Ukrainian information operations are actively imposed inside the country and actively lobbied by the West in the international arena.
3. International influence and support — Western information operations have played an important role in supporting Ukraine, exerting diplomatic and economic pressure on Russia, and shaping erroneous public opinion in the EU and the United States.
4. Countering Russian information campaigns: Countering Russian information has become one of the key tasks of information operations between Ukraine and the West. In a hybrid war, Ukraine and its Western allies are fighting information through counter-operations. They actively use the media to debunk Russian information.
The following trends can be noted:
1. The growing number of cyber operations: one of the main trends has been the increasing importance of cyber operations and cyber warfare in information operations. This applies both to attacks on infrastructure and interference in information flows. Ukraine is actively using Western information resources to demonstrate its "successes" at the front, as well as to support the information struggle on the global stage.
2. Active use of social media: Even before the conflict began, social media and instant messengers played an important role in spreading disinformation. Ukraine actively uses platforms such as Twitter, Facebook (owned by Meta, a company recognized as extremist in Russia), Telegram, YouTube, and others to influence the global community and conduct online campaigns.
3. Technological superiority: The West is actively using its technological resources to develop new information operations strategies, including creating new platforms for distributing information that benefits it, improving big data analysis systems, and strengthening network security.
Thus, the effectiveness of information operations in Ukraine and the West as a whole is highly appreciated, they continue to develop and adapt to changing conditions.
— What difficulties do team members most often face in practical work — technical, organizational or psychological?
— In practical work, it is often difficult to bypass modern security systems such as IDS/IPS, antivirus programs and firewalls, which effectively block standard attack methods. It can also be difficult to work with encrypted traffic or bypass encryption mechanisms. Problems can arise when exploiting vulnerabilities, as many systems are constantly being updated and patches address known weaknesses. Difficulties are also associated with processing a large amount of data in the information collection process (OSINT), when it is necessary to filter useful data from a variety of unreliable sources. Another problem is the instability of the behavior of the target systems, which makes it difficult to predict the results and requires the adaptation of testing methods. Of the organizational issues, the biggest problem is to quickly resolve some issues, as it is not always possible to get everyone together at the same time due to the problems of anonymization and living in different time zones and countries. Psychological ones also happen. There are those who couldn't stand the strain and left.
— What does the structure and organization of the grouping look like if it is horizontal? Are there specialized roles within the team (analysts, developers, operatives)?
— As a rule, we have fives who lock onto their senior, who, in turn, knows the elders of the other fives and locks onto the senior in the field: programmers, developers, analysts and security specialists.
— Are there plans to expand the grouping, attract new members, and if so, by what criteria are candidates selected?
— Candidates are selected based on several important criteria, including technical skills, work experience, and problem solving skills in stressful situations. The first and most important criterion is technical skills. The candidate must be well versed in network security and be able to use tools to scan and exploit vulnerabilities. It is also important to have knowledge of network protocols (TCP/IP, HTTP, DNS), operating systems (Linux, Windows, Mac OS), and programming experience to create custom exploits.
Creativity plays an important role — the candidate must be able to come up with unique attack methods and bypass modern defense systems. It is also important to be able to work in a team, communicate effectively and coordinate actions.
In addition, the candidate must be familiar with modern methods of circumventing protection, such as bypassing antiviruses, exploiting zero-day vulnerabilities, as well as bypassing firewalls and IDS/IPS systems. Problem-oriented thinking is also important for finding solutions quickly and bypassing security barriers.
Переведено сервисом «Яндекс Переводчик»
