Operation: Warthog

This Operation has concluded and is now closed for participation. See our most recent Operation on in the Operation Category for the ongoing event.

Prologue

During the Christmas holidays of 2021, we were able to compromise a smart fridge in the home of Maksim Kotova, a former politician during the Cold War in the USSR. This fridge exposed the WiFi password for his home router. Allowing Julia to go near his home and find more information. She was needed on site to verify it’s really him, take pictures of the surrounding area and get access to his devices.

Using an Evil Access Point, we got his phone to connect and were able to do a packet capture. After finding the IP addresses associated with the Mail RU service, we crafted a landing page to capture his email credentials. The account we got access to was fairly scrubbed clean, but the last message was still in there. It is now clear that Maksim Kotova is part of the Order of Hades. His exact role, we don’t know yet, that’s where you come in.

Since he seems to be responsible for arranging shipments, we need your team to find as much information as possible on Maksim Kotova. Once we know who he is, find out where and when the shipment will take place. Objective: Report the location of the shipment, time and your callsign.


Briefing

from: [email protected]
to: [email protected]
date: Jan 01, 2022, 9:05 AM
subject: Briefing Operation Warthog

Hi and welcome to the team!

I’ve heard a lot about you and your achievements, very honored to work with you. As Julia may have filled you in, I’m Dimitri, head of the Ream Team Operations here at Tiberian Serpent. Since we don’t have too much time for onboarding you, I’ll give you a quick overview of how we work. Given your experience, you won’t need too much hand holding anyway.

  • Team Leads are responsible for making decisions, we don’t do extra management layers. Reach out to your team members on Twitter if you need help.
  • We do not really exist, our mandate stretches far beyond what a normal operative is allowed to do. But only regarding your target of course. 
  • We pick our own tools, the only standard we have is where we report our findings and in what format.

Good, on with the task at hand. Last week during the Christmas holidays, we were able to compromise a smart fridge in the home of Maksim Kotova, a former politician during the Cold War in the USSR. This fridge exposed the WiFi password for his home router. Allowing Julia to go near his home and find more information. She was needed on site to verify it’s really him, take pictures of the surrounding area and get access to his devices.

Using an Evil Access Point, we got his phone to connect and were able to do a packet capture. After finding the IP addresses associated with the Mail RU service, we crafted a landing page to capture his email credentials. The account we got access to was fairly scrubbed clean, but the last message was still in there. It is now clear that Maksim Kotova is part of the Order of Hades. His exact role, we don’t know yet, that’s where you come in.

Since he seems to be responsible for arranging shipments, we need your team to find as much information as possible on Maksim Kotova. Once we know who he is, find out where and when the shipment will take place.


Epilogue

02.01.2022 07:51 EET

Agent Stray sits back and stares blankly at the monitor in front of her. “Oh my god, they’re heading for the Ukraine”. Agent stray quickly writes the agreed message to the agency. Letting them know she has the information requested.

Within a minute, the call comes through. A dark man appears on the screen, in his mid fifties, she knows him as “agent Bell”. He asks her to detail the findings and trace the process back with him. All the steps match, not a detail was missed.

The shipment will happen on January 28, 2022. Leaving the main train station in Belgorod Russia at 04:20 EET. Heading for the Ukraine, to deliver weapons for members of the Order of Hades.

Bell confirms her findings and tells Stray to send the hashed copy of her VM to the agency for documentation and further verification. Luckily the information was found so quickly, all due to the excellent work of agent Stray. This gives the Tiberian Serpent enough time to prepare their interception.

28.01.2022 – 05:36 EET

As the train rolled into Ukrainian territory, her long rusty exterior plowing through the rugged landscape, Gabriel could only imagine what they would actually find inside. He raised his handheld radio to his head, pressed the PTT (push to talk) button and started the conversation.

Gabriel: “Bravo, this is Golf, come in Bravo, over”
Bravo: “Golf this is Bravo, over”
Gabriel: “Bravo, all clear for blockage at signal, confirm over”
Bravo: “Golf, Bravo here, blocking at your signal, over”
Gabriel: “Bravo, block at signal confirmed, Golf out”

Gabriel raises his flare gun to sky and pulls the trigger. A loud pop, followed by a sizzling projectile leaving the short barrel. Climbing quickly above the dark sky, a tail of smoke behind it and a blinding light welcoming the early morning. At maximum altitude, a parachute deploys, leaving the flare suspended in the cold air.

Like clockwork, team Bravo rushes forward and places the blockers on the tracks. As the train driver frantically tries to break in time, the massive convoy of carts smashes into the blockers, digging firmly into the metal tracks. With a loud screeching noise and sparks flying, the train comes to a grinding halt.

Both teams now approach the train from each side, fanning out to cover all carts. As in one motion, the men and women leap onto the train and take position near all carts possibly containing hostiles. Breaching swiftly, they meet no resistance from the train operators on board, all of them in shock and unknowing about what their cargo holds. After sweeping the train for any possible dangers, the driver and crew are round up next to the tracks where Ukrainian armed forces take them into custody.

Gabriel makes contact with his Ukrainian counterpart, Marko Shevchenko. A heavy built man in his early forties, with the looks of a Soviet era power lifter, worn down by long standing conflict and the continuing wars plaguing his country. They gather a group of ten soldiers to inspect the contents of the carts. To their surprise, no attempts were made to properly hide the goods, other than the fake cargo manifest containing food items and different markings on the crates. Every cart and every container was filled to the brim with rifles, ammunition, fragmentation grenades and light anti-tank weapons. The train contained enough hardware to supply a small nation state.

After initial inspection, Gabriel thanked Marko for the collaboration and heads to the unmarked Volkwagen van, ready for extraction. He gets in the passenger seat and nods at his driver Mila, she takes off with spinning tires towards the nearest rendezvous point, where a Sikorsky UH-60 Black Hawk awaits them.

Staring out the window, overlooking the sunrise above the beautifully snowed over fields of Ukraine. He wonders “What does the world have in store for these people now… and what would have happened if this train was not stopped?


Materials and Answer Instruction

Objective: Report the location of the shipment, time and your callsign in a Direct Message to the Tiberian Serpent Twitter account.

Format: Operation Warthog, agent “CALLSIGN” reporting “LOCATION” at “DATE – TIME”.

Maksim Kotova, born June 11, 1963, Russia

Home Address:
Bol’shoy Trekhgornyy Pereulok, 4 строение 1, Moskva, Russia, 123022

Twitter: https://twitter.com/kotova_maksim

Because the Twitter account is now suspended, we have attached all needed information in this page.

Dropbox Maksim

https://www.dropbox.com/sh/i8ami662bfgd849/AAC67UFpmUtgKAIMqK81MovIa?dl=0


Scoreboard: Operation Warthog

Special Agent CallsignPosition
Stray100 – 100
YaLev100 – 100
Barminan100 – 100
v1ntage100 – 100
boubou40100 – 100
Wheatley100 – 100
Exspiravit100 – 100
COA100 – 100
webjitsu100 – 100
B!B100 – 100
penthium2100 – 100
Croucroute100 – 100
90F347C100 – 100

Write-ups: Operation Warthog

Submit your own in our Discord “brand-intel” channel for a reward of 100,000 HC or 200,000 HC for the first write-up.

osint-ctfhttps://gitlab.com/osint-ctf/hacktoria/operation-warthog