The 28th of April, Cyber News

IN UKRAINE

Microsoft has released a report on russia’s cyberattacks against Ukraine

On April 27, the company released a report detailing cyberattacks and what the company did to help for the protection of Ukraine. According to a Microsoft report, russia has been increasing cyber attacks on Ukraine since March 2021 for intelligence purposes and intensified them in the run-up to the invasion. At least eight destructive malware families have been deployed in the networks, including one for industrial control systems. Among the families of programs launched against Ukraine are WhisperGate, FoxBlade, DesertBlade and CaddyWiper, which overwrite data and disable computers. Since the start of russia’s full-scale invasion of Ukraine, at least six groups of russian hackers have carried out about 240 attacks on Ukraine’s digital resources. This is stated in a report by Microsoft. Experts have concluded that russian hacker attacks often coincide in time with the fighting of individual units against specific institutions or facilities. U.S. officials have said that russian hackers have not yet carried out a large-scale attack that would disrupt important sectors of the economy or the military’s communication channels, although intelligence has had evidence of such plans.

Russian cyber operations against Ukrainian organizations grew significantly leading up to and following Moscow’s invasion. That growth occurred across the full spectrum of cyber operations from research and tool preparation («Tooling and Reconnaissance») to gaining access, establishing persistence, and lateral movement («Actions on Network») to exfiltration and destruction of data («Actions on Objectives»), with 237 such events in total during this period. We did not include activity in Russian-annexed Crimea in our analysis. 

This week-by-week analysis provides a more granular view of the threat activity we observed in the context of Russian military operations to highlight consistent cyberkinetic congruence in the conflict. This chart provides a sample of Ukrainian industries impacted by known or suspected Russia-aligned network intrusions or destructive attacks during the Russian invasion of Ukraine. National government organizations and critical infrastructure sectors were top targets. The «Other» percentage represents 11 other categories of impacted organizations including regional and city-level government, agriculture, defense industrial base, healthcare, transportation, and finance, among others. 

High kinetic: Regions which reflect more than 90% of daily reported Russian physical attacks in the data sources.  High cyber: Regions which reflect more than 80% of daily detected and blocked actor indicators in Microsoft Defender Antivirus.  Time frame: February 23 through April 6.  Data sources: Detected and blocked activity by Microsoft Defender Antivirus based on known actor indicators; open source data on kinetic attacks from the Armed Conflict Location and Event Data Project and the Centre for Information Resilience. Russian occupied Crimea was excluded from this analysis. Details – follow the link , the link1

Cyberfront. How russia is attacking Ukraine and if we are ready to defend ourselves

Dmytro Dubov, Head of the Information Security and Cyber ​​Security Department of the Research Center of the National Institute for Strategic Studies, analyzes the situation on the cyberfront in a material for NV Business.

• Ukraine has been resisting russian-organized cyber attacks for at least the past eight years. Since 2014, Russia has been working on all new methods and vectors of cyber attacks in Ukraine. russia has considered and continues to view cyberspace as a «gray zone»of hostilities, where there are no rules and restrictions, but at the same time it is possible to achieve complex and multidimensional results: disabling physical infrastructure, sowing panic and spying.
• The main targets of the aggressor remain Ukrainian critical infrastructure facilities.
• russia’s traditional approach to «information warfare» is a combination of cyber activities with information and psychological operations.
• The confrontation continues. But it can already be noted that Ukraine has made significant progress in the cybersecurity component. Details – follow the link

The occupiers have broken number of a hot line of military brigade to sow panic in Mykolayivshchina

The occupiers have broken the hotline number of the 28th separate mechanized brigade named after the Knights of the Winter Campaign to sow panic among residents of Mykolayiv and Kherson regions. It has been reported on the page of the brigade. «The brigade hotline number (+380 (99) 736 18 89) has been hacked. Unsuccessful in the offensive, the enemy resorted to information and psychological operations and sent messages to the residents of Mykolayiv and Kherson in order to create panic in our territories. Be vigilant and do not succumb to such attacks. There is a war and the enemy uses any methods to gain an advantage. The brigade hotline number has been changed. For all questions, please contact the number indicated in the message on the page of the team. We will win together, Glory to Ukraine!». The message reads. Details – follow the link

IN RUSSIA

Hackers have already hacked more than 80 databases that are critical to the russian Federation. This was stated by Deputy Prime Minister – Minister of Digital Transformation Mikhail Fedorov in an interview with RBC – Ukraine. «More than 80 databases that are critical for russia have been broken, they are databases of citizens, business, and very sensitive data,» – he said. Fedorov added that due to the digital blockade, the russian social network VKontakte cannot buy servers. According to him, russia’s cybersecurity sector has been hit hard by sanctions. Details – follow the link

Anton Gerashchenko published personal data of russian propagandist Solovyov

Hackers helped free with pleasure! Anton Gerashchenko published personal data of russian propagandist Solovyov. Adviser to the Minister of Internal Affairs of Ukraine Anton Gerashchenko announced the award of 100 thousand rubles to hackers who will be able to hack the account of russian propagandist Vladimir Solovyov. The result was not long in coming. Today, in his official Twitter account, Gerashchenko published information about Solovyov received from unknown cyber activists. Among them – the passport of a popular pro-Kremlin journalist, his mobile phone number, ID number. According to Gerashchenko, activists refused the award. «By the way, hackers refused to take reward for «the hacking» of solovyov,» – he wrote. – They are even willing to pay extra). Thanks guys! Let’s beat up further! Details – follow the link

IN WORLD

The United States has announced a reward of $ 10 million for information about russian hackers

The United States Department of State has announced a reward of up to $ 10 million for information about six intelligence officers from the General Staff of the russian Armed Forces involved in the NotPetya virus cyberattack. In particular, they are Yuriy Andrienko, Serhiy Detistov, Pavel Frolov, Anatoliy Kovalyov, Artem Ochichenko and Petro Pliskin. These individuals work in the unit 74455 of the GRU, also known as Sandworm, Telebots, Voodoo Bear and Iron Viking. They were involved in a 2017 operation to infect computers with the NotPetya virus. The cyberattack cost US organizations nearly $ 1 billion in damage. Details – follow the link, the link2

International hackers are coordinating their attacks on russia with Ukraine – the head of the Ministry of Digitalization Fedorov

In an interview with RBC-Ukraine, the head of the Ministry of Digitalization Mykhailo Fedorov said that many foreign hacking movements were involved in the cyber war on Ukraine’s side. They did not advertise activities and avoided undue attention, but interacted with each other. «Often these are non-public organizations, they hide their real faces and rarely want to communicate with anyone,»- says Fedorov. «But I will say that there is more or less synchronized activity with all key groups». Details – follow the link

russian hackers attack Czech government sites

This time the resources of the Ministry of Internal Affairs, the police and the fire brigade were «laid down». Websites have been unavailable since the morning of April 27 due to a cyber attack. russian hackers have overwhelmed sites with a so-called DDoS attack, in which attackers try to attack portals with multiple requests from different computers at the same time. As a result, the servers can not withstand the load and stop working. According to the Czech News Agency, this was caused by the actions of the hacking russian group Killnet. Already last week, government sites in the Czech Republic faced similar attacks. Interior Minister Vit Rakushan (STAN) then told the media that the attacks had been caused by russian hackers. Then the pro-russian hacker group Killnet joined the attacks. Today, the group said on its website that the same attacks threatened the Czech media if they did not stop naming the Killnet pro-Kremlin. The National Office of Cyber ​​and Information Security (NÚKIB) has repeatedly pointed to an increased risk of cyber espionage and cyber attacks in connection with the war in Ukraine. The Czech Republic supports Ukraine in the war with russia by supplying weapons. russia is threatening retaliatory states that support Ukraine. Details – follow the link

ESET: Hackers have started using shortcuts to attack Windows users

Attackers have found a way to attack Windows users using desktop shortcuts.

Experts have noticed that hackers have begun to modify files with the extension .lnk to use them for remoting of the attacks on users. . .lnk extensions usually have shortcuts – system files that are used to redirect the user to a specific program or folder. ESET experts said that unknown people had changed a static link to an updated one in the shortcut settings, which had launched a remote script. Typically, in this case, the program pointed to by the shortcut did not start. During the attack, the attackers used the Emotet botnet, which is needed to activate various viruses. According to experts, the activity of the botnet has increased significantly in recent days. ESET telemetry data showed that the new method was the most common attacker to attack Windows users from Mexico, Italy, Japan, Turkey and Canada. Details – follow the link