Main Cyber Highlights 19-25 of September

EXECUTIVE SUMMARY

Foreign business is actively studying the experience of the russian-Ukrainian cyber war, because it perfectly understands that in the future the problem of resisting the aggressive actions of states and numerous groups of hackers in cyberspace will become one of the key for the further development of both their companies and states in general. And no one can feel safe or think that they will not be of interest to hackers. ¹

Ukraine’s experience in cyber warfare will have an extraordinary impact on the formation of cyber security architecture in the future.

Over the past six months, the level of coordination between cyber security entities has increased significantly. All subjects work synchronously under the coordination of the National Security Council. An interdepartmental working group under the auspices of the NCCC developed the Procedure for the interaction of cyber security entities during response to cyber incidents/cyber attacks. ²

Ukraine in Сyberspace

• The SSU neutralized a hacker group that «hacked» almost 30 million accounts of Ukrainian and EU citizens. ³
• The government of Estonia is one of the most active providers of assistance and support to the Ukrainian authorities in defense against russian cyberattacks. Estonia supported the continuity of Ukrainian digital services in the cloud and from outside Ukraine, and the Estonian government and local technology companies provided material support to Ukraine, including free equipment for monitoring and countering cyber attacks. ⁴
• In Lviv, a hacker from the Kherson Region who hacked private accounts of Internet users and sold data will be tried. ⁵

russia in Cyberspace

• The Ministry of Digital Affairs of the russian federation is forming a personnel reserve of IT specialists in order to develop the IT sphere in the public sector. ⁶
• The Sandworm group masquerades as Ukrainian telecommunications providers. This is how criminals try to deceive Ukrainian organizations and infect them with malicious software. ⁷

IP addresses used by Sandworm (Recorded Future)

Cyber Attacks on russia

Dos/DDos:

• More than 4,000 online resources were attacked by the IT Army of Ukraine between September 12 and 25:⁸
• The website of Wagner’s group, which collects russian prisoners for the war in Ukraine. All data stored on the site was obtained.
• Resources of the Young Guard of United r Received lists of young putinists who were or are in the occupied territories, help to hide war crimes and hold illegal referendums.
• «Gosuslugyrus
• Job search sites.
• Military traders of the russian f
• Sites for the sale of auto tools.
• Commercial bank Otkritie.

Drain of the Information:

• Anonymous hacked the website of the Ministry of Defense of russia and placed on the Internet a database with the data of more than 300,000 men who are subject to partial mobilization in the first place⁹
  

  

• A dump of 3.744 million users of one of the largest russian network hypermarkets, Online-Trade, got into open access. ¹⁰
• Ukrainian hackers from the Ukrainian Cyber Alliance hacked the Federal Penitentiary Service (FPS) of the russian f ¹¹

Deface:

• In occupied Crimea, hackers broadcast Zelensky’s address on TV and a call to the occupiers to surrender to the Armed Forces of Ukraine.¹²

• Websites of major russian airports (Pulkovo (St. Petersburg), Yekaterinburg, Khabarovsk, Ufa, Blagovishchensk and Samara airports) were hacked and anti-war banners were posted calling on russians to avoid mobilization. ¹³