Main Cyber Highlights of the Week: April 24-May 2

EXECUTIVE SUMMARY

Since the beginning of the full-scale russian invasion of Ukraine, 430 cyberattacks have been recorded. For comparison – last year there were 207. Government sites, the ecosystem of products “Action”, the energy sector and the financial sector are under the greatest attention of hackers [1].

russian hackers have begun to carry out more and more cyberattacks against ordinary Ukrainians. russia’s traditional approach to “information warfare” is a combination of cyber activities with information and psychological operations [2].

Microsoft’s report on russian cyberattacks against Ukraine [3] states that russia has been increasing cyber attacks on Ukraine since March 2021 for intelligence purposes and intensified them on the eve of the invasion. At least 8 destructive malware families have been deployed. In addition, russian hacker attacks often coincide in time with the fighting of individual units against specific institutions or facilities.

However, it should be noted that for all their activity, russian cybercriminals have never caused significant harm to Ukrainians. russia’s cyber-offensive operations in Ukraine have probably reached their maximum potential. They have already demonstrated all the available tools and technologies. Due to sanctions, russian hackers will not be able to develop as they did before [4].

Also, more than 80 databases that are critical for the russian Federation have been broken so far, such as databases of citizens, businesses, and rather sensitive data [5].

A significant strengthening of the Ukrainian side in the cyber war is the involvement of many foreign hacker movements that coordinate their attacks on russia with Ukraine. They do not advertise activities and avoid undue attention, but interact with each other [6].

CYBER ATTACKS ON UKRAINE

Fake distribution / information replacement:

– Breaking Zaporozhye youth student site “Porohy” and posting russian propaganda [7].

– Creation of a fake analogue of the SSU chatbot [8].

– The number of the military brigade hotline has been hacked [9].

Dos/DDos:

• LIGA.NET website [10]
• Website of Lviv Regional Military Administration [11]
• DOU publication site [12]
• Online sales services and Ukrzaliznytsia support line [13]
• Ukrposhta Online Store [14]

Phishing / Malware:

• UAC-0056 cyberattack using GraphSteel and GrimPlant malware and COVID-19 (CERT-UA # 4545) [15]. 
• Cyberattack of the UAC-0098 group on the state authorities of Ukraine using the Metasploit framework (CERT-UA # 4560) (sending e-mails on the topic “Presidential Decree No. 576/22 on unprecedented security measures”) [16].

Threats have been received:

• by Volyn media and Zaporizhzhya site 061.ua from russian hackers NoName [17, 18].

CYBER ATTACKS ON RUSSIA

The IT Army of Ukraine in the period from April 25 to May 1 attacked 190 russian online resources, namely [19]:

• Electronic reporting systems (including 1C)
• Tender sites
• Severstal
• Online food ordering services

Hackers Anonymous:

• 1.1 million emails of the russian customs broker ALET with companies exporting coal, oil and oil products, as well as liquefied gas have been broken [data volume 1.1 TB [20].
• russia’s large energy company Elektrocentromontazh was hacked, and 1.23 million e-mails with a total volume of 1.7 TB were published [21].

Other:

• Data from the russian propagandist Solovyov were obtained from unknown cyber activists [22].
• The website of the Pskov diocese was hacked, photos of crimes from Bucha were posted [23].