Cyber-Berkut Joining The Manafort Fray
Cyber-Berkut, a Russian leaning alleged hacker collective in Ukraine decided to weigh in on the whole Manafort debacle with a data dump. The dump unsurprisingly is pro Russian and attempts to paint the US as trying to manipulate things and make it look like Manafort is guilty. Berkut does this by dropping a word doc and a couple of pdf’s that they claim make a case for the State Department trying to discredit Manafort’s efforts in Ukraine on Russia’s behalf. It is rather amusing and ineffectual really but I had to take a closer look because they claimed to have hacked these documents. The documents look legit but there is no source on these as to where they were hacked from if hacked at all as well as no other dump to confirm a hack at all of any merit.
They try to link Leshenko to all of this. Leshenko too was alleged to have been the hacker in the Manafort cell phone hack and extortion. Same actor?
Now berkut doing this is not new really but most of the time they spend their time attacking the Ukrainian factions who reside outside of Donetsk who want to have a free country, not those who want Russian rule. In the past this group has hacked and DDoS’d sites but this one, weak as it is, caught my attention just because Manafort is now in the hot seat over Russian ties to oligarchs who are close to Putin while running the Trump campaign so one tends to want to dig. In looking at Berkut and their history other have claimed that they are part of the Fancy Bear group and even attempts have been made to link them to the cutout Gucci-fer (Gucci, like Gianni and Fur, like… Fur.. Not GOOSIFUR) and DNCLeaks as well. These are somewhat tenuous reports though from what I saw in looking out there at them but it made me want to dig a little more into them.
Berkut showed up in or around July 2014 with sites being created on numerous domains since. Most of theses sites had been registered privately negating personal information but several of them from the time of first creation have one name attached to them; Aleksandr Pachenko. An Aleksandr Panchenko does live in Ukraine and does in fact work in tech who may fit the bill as to the originator of the sites. The email address though used for each of these, email@example.com, does not really exist and the addresses used are bogus as well so there is not much to go on other than a name but let’s get back to those pesky and numerous domains eh?
It seems that whoever created these sites (including a defuct darknet site) really wanted to get information penetration maxed out. Many of the sites still work and others have been decommissioned and the domains are up for sale. in each case though of creation they all have been created anonymously with domain registrations all over the world except for the six or seven I located with early creation dates going back to 2014. Is this because this Aleksandr created them without figuring what he was doing with them? Or were these created with that name as a means to an end to mislead people? If in fact Berkut is just a anonymous hacker group wanna be aligned with the Russian state then maybe this guy just figured that historical whois costs money and long enough goes by and no one pays attention? If it is the other case where someone is using his name, why be so consistent with it? Does someone hold a grudge or is this a famous person that they are just using the name of? I started looking around to see and here’s what I came up with.
Aleksandr Panchenko 1: Mathematician currently studying in Germany on Phd
Aleksandr Panchenko 2: Chessmaster (deceased)
Aleksandr Panchenko 3: 32 year old living in Kyiv Ukraine who’s profession is in computers (Oracle Dev, Unix Admin etc)
Aleksandr Panchenko 4: Wedding Photographer in Kyiv Ukraine
There were others but you get the sense that the name Aleksandr Panchenko in the Baltics is kinda like John Lee in China if you catch my drift. Though, that one guy, the one with all the technical experience does kinda stand out right? That is someone who has the technical chops to do some hacking and dumping as well as run sites right? It is all way circumstantial but I for one, if I were the FBI say, might go look this guy up and ask em a few questions. After all, the Berkut has been naughty and attacked us as well as others in the wider internet world.
The Manafort intersection though still interests me. I wonder if they will continue on trying to muddy the waters now that Manny has decided he will testify in front of Congress. As the shoes of the millipede keep dropping I am sure that the RU factions will try to drop chaff on things to confuse everyone. I will keep an eye on the site(s) to see if they dump anything else of interest but for now just take a gander at these files and the results of the searches…