Release: CorpMSP (482.5 GB)
Over 480 GB and 75,000 files, emails and disk images hacked from CorpMSP, a Russian federal institution
Over 480 GB and 75,000 files, emails and disk images from CorpMSP, a federal institution providing support to small and medium-sized businesses. The controlling shareholder of CorpMSP is the Russian Federation.
According to NB65, CorpMSP is also allegedly used as a shell company for digital spies, and maintains contracts with the Ministry of Defense. The files which documented these allegations were quickly removed from Mega, which allegedly hosted NB65's only copy. According to NB65, the 9GB of lost files included client contracts and image files of Ministry of Defense contracts.
Full text of the April 25, 2022 NB65 statement about the dataset:
Target: CorpMSP (corpmsp.ru)
Hello CorpMSP. You became a target of ours when we discovered a list of your customers including banks, medium and enterprise level businesses, and even some government entities. We were not expecting to learn that you maintain multiple contracts with the federation government, in particular the Ministry of Defence. We’ve also discovered some incredibly nefarious activities being conducted through your business which has led us to the only logical conclusion… CorpMSP is a government shell company for a ring of digital spies.
You’ll probably want to alert your clients. We have taken a very large chunk of your critical data, including emails, client configuration information, internal processes and more. Sorry about your luck… HA, just kidding. Fuck your luck. If you don’t respond to the R3ADM3.txt file in 3 days you data will be leaked to the internet for everyone to see.
We’re well aware that incident response is underway, but you seem to be having issues with your SIEM tool? Weird… how could that have possibly happened? We have also encrypted your entire network with our vastly improved version of Conti. There’s zero chance of you decrypting. There may have been a chance to restore from back-ups, but we deleted all of those for you. You may want to request a refund from InfoWatch, as well. You’re welcome.
Federation government: You’ve brought this on yourselves. Very sneaky of you to use MSP as a front for FSB cyber spooks. Tsk Tsk. It’s such a shame that there will be no more spying on adversaries through your various ssh and http credentials any more. We won’t share your targets publicly, but be aware, they have been informed. You guys are not very good at covering your tracks… Actually you’re not very good at anything.Fuck Vladimir Putin. Get the fuck out of Ukraine.
We won’t stop until you stop.
After publishing the torrents to the available data, DDoSecrets received the following takedown request purporting to be from CorpMSP:
Dear Sirs,
I write to you on behalf of JSC “Russian Small & Medium Business Corporation” (CorpMSP). Could you please advise the steps we should undertake in order to withdraw from your service the link to hacked/stolen data from our organization.
Please inform how we can submit an application for the removal of such link (https://ddosecrets.com/wiki/CorpMSP).
The fact is that this link contains the data that was stolen from us by hackers.
We hope for positive decision from your side to remove the link.
Yours faithfully,
(name redacted)
Head of International Cooperation Directorate
We will not be taking down our index page about this data.
It is also obviously impossible for us to restrict others from distributing this data via the existing torrents.
Please torrent and seed.