Foto — pixabay.com
EXECUTIVE SUMMARY
russia’s war against Ukraine continues not only on the battlefield but also in cyberspace. Massive cyberattacks against state structures of Ukraine and business began long before the military invasion. With the start of hostilities, the attacks doubled from about 200 to more than 400 a month. With the help of cyber attacks, russia wants to create a humanitarian catastrophe in Ukraine, because hackers are trying to hinder the work of the energy sector, emergency services, communications, logistics [1].
Ukraine has gained unique experience in the use of cyberspace during the war. A powerful IT army has been created, which now has about 300,000 members. The state has united Ukrainian and international professionals [2].
Today, almost half a thousand employees of the State Service of Special Communication take part in the country’s cyber defense. Moreover, tens of thousands of specialists from other cybersecurity subjects of Ukraine, volunteers, and representatives of the international community make every effort every day to defeat the enemy on the cyber front.
During the three months of the war, 620 cyberattacks were detected, and more than 300 institutions received the help of cyber specialists [3].
russian criminals are once again trying to deprive Ukrainians of access to the Internet and truthful information, to sow panic. In addition, the russians are no longer even trying to hide their actions and spread reports of attacks on the Internet [4]. However, in general, most attacks on Ukraine fail and are successfully repulsed, which once again demonstrates the effective cybersecurity systems that Ukrainian representatives of government agencies and businesses have managed to build. According to Lviv Mayor Andriy Sadovy, the attack on the Lviv City Council was the largest in recent years. But «Moscow’s misfortunes could not cause serious damage, no matter how hard they tried. A small part of the services and computers of the city council employees were shut down» [5].
Since the beginning of the year, almost 36,000 attacks on the servers of the state authorities have been repulsed in Dnipropetrovsk region. This is ten times more than usual [6].
Among the 280 crimes that russia committed against journalists and media in Ukraine during the three months of the war, 32 cybercrimes and 50 threats were identified [7].
Since the beginning of March, there has been a steady trend of intimidation of journalists by threatening them with imprisonment in Siberia, torture and interrogation. Poetic threats began to be sent to journalists in April. In May, nuclear weapons threats were reported for the first time. Both central and regional media outlets received threats.
Ukrainian media sites are steadily suffering from constant cyber attacks by russians. Hackers change materials, place the russian flag, their Z and V symbols, and so on.
The EU condemns russia’s cyber-attack on Ukraine an hour before the Kremlin’s war, which caused disruptions not only in Ukraine but also in several EU countries. A statement from the EU High Representative on behalf of all 27 member states said the unacceptable cyber attack was further evidence of russia’s irresponsible behavior in cyberspace as part of its illegal and unprovoked invasion of Ukraine. Such behavior contradicts the expectations of all UN member states regarding the responsible behavior and intentions of states in cyberspace [8]. A joint statement from Canada’s foreign, defense and public security ministers said that Canada, along with the United States, Britain, Australia, New Zealand and EU member states, would continue to develop stable cyberspace «based on the application and respect of international law and responsible conduct. in cyberspace» [9].
All governments in democracies — the United States, Canada, the United Kingdom, most EU countries and others — offer their assistance to Ukraine in cyber defense. Ukraine is also supported by such leading companies as Microsoft, Google, Amazon, Cisco, Oracle and others [10].
Interpol Secretary General Jürgen Stoke told the World Economic Forum in Davos that cybercrime groups had become more sophisticated today. Hacking has become a global problem, and the actions of law enforcement officers at the national level make it difficult to detain criminals [11].
Singapore’s Minister of Communications and Information, Josephine Theo, said hacking was a threat to organizations around the world: «Cybercriminals are catching up with state cyber spies in terms of their level of training. This has become a matter of national security. The cybercrime world is profitable and self-financing, so it will prosper» [11].
Speaking at the international conference CYBERSEC FORUM «United in Cyber Force» on May 17-18 in Katowice, Deputy Head of the State Service of Special Communication Alexander Potiy stressed that the development of the concept of cyber deterrence should be based on the experience of nuclear deterrence [12].
Ukraine has won two international CYBERSEC Awards in the field of cybersecurity. The organizers noted the heroic cyber defense, which was joined by the whole Ukrainian society, including the state apparatus, IT community and volunteers [13].
In total, since the russian invasion of Ukraine, the IT army has attacked about 2,000 russian resources. Many of them were attacked again [14].
The most active hacker groups fighting on the Ukrainian cyber front are [15]:
A significant part of these groups are Ukrainian «hacktivists», who make a significant contribution to the protection of Ukraine’s cyberborders. russian propagandists and hackers are trying to copy this movement. russia has created the «Cyber Army of Russia», which seeks to replicate the success of the IT army of Ukraine and mimic the «all-russian movement» [16].
Also, according to cybersecurity expert Konstantin Korsun, the opposition in cyberspace on the part of russia involved employees of the 18th FSB Center, hackers from the Central Intelligence Agency, representatives of «bot farms» and several other russian intelligence services [1].
The most active hacker groups fighting on ther russian cyber front are [15]:
Strengthening Ukraine’s Cybersecurity
Weakening of russia in Cyberspace
CYBER ATTACKS ON UKRAINE
Dos/DDos:
Phishing/Malware:
Other:
CYBER ATTACKS ON RUSSIA
The IT army of Ukraine in the period from 1 to 29 May attacked more than 1640 russian online resources [49, 50, 51, 52]:
Statistics of attacks from disBalancer (tool Liberator DDoS-attacks) for three months of cyber warfare [53]:
Hackers Anonymous Have Hacked:
Other:
CYBER ATTACKS IN THE WORLD
REWARD
The U.S. Department of State’s Rewards for Justice is offering $10 million for information on six russian intelligence agents (GRU officers) involved in the 2017 NotPetya attacks. The malicious cyber activities collectively cost the U.S. entities nearly $1 billion in losses [67].
EUROPEAN COUNCIL
Member States, together with its international partners, strongly condemn the malicious cyber activity conducted by the russian Federation against Ukraine, which targeted the satellite KA-SAT network, operated by Viasat. This unacceptable cyberattack is yet another example of russia’s continued pattern of irresponsible behavior in cyberspace, which also formed an integral part of its illegal and unjustified invasion of Ukraine [68].
MICROSOFT
Microsoft officials claim russian hacking in Ukraine has been extensive and intertwined with military operations. At least six different Kremlin-linked hacking groups have conducted nearly 240 cyber operations against Ukrainian targets, during the war on Ukraine. russia’s military attacks on Ukraine sometimes correlate with cyber-attacks, especially when it involves attacks on telecom infrastructure in some areas [69].
DARKNET
New dump shop dubbed «The KING CCARDS Shop» which offers compromised payment cards was appeared on the Darknet. The shop is available via Telegram bot.
RANSOMWARE
Over 35 ransomware families and 250 nation-state, ransomware, and cybercrime groups have been reported by Microsoft to be part of the ransomware-as-a-service landscape, according to ZDNet. Threat actors have been delegating tasks in attacks, with one group responsible for double extortion and another tasked with ransomware payload development. Moreover, affiliates could be tapped to deploy certain ransomware payloads [70].
SOPHOS
The Sophos’ annual study of the real-world ransomware experiences reveals the following noteworthy facts:
CONTI
The U.S. Department of State announced a reward of up to $10 million for information leading to the identification or location of leaders of the Conti ransomware organized crime group. The agency also offered an additional $5 million on information leading to the arrest and/or conviction of individuals conspiring to participate in a crime with the group. The department said the FBI estimates the group has over 1,000 victims over the last two years, with payouts exceeding $150 million, making Conti the costliest strain of ransomware ever documented [72].
Global cyber cooperative center (GC) continues working with companies, law enforcement and research organizations to neutralize cyber crime.
Senator business center, 32/2, Dukes of Ostrozhsky, Kyiv
+38 (050) 428 44 68 (Ukraine), +1 (786) 755 8398 (USA)© 2023 GLOBAL CYBER COOPERATIVE CENTER (GC3). All rights reserved