06.06.2022

Main Highlights of the Week: May 30 – June 5

Main Highlights of the Week: May 30 – June 5

Foto — pixabay.com

 

Executive summary

Since the beginning of the war in Ukraine, 114 hacker groups have emerged in the public sphere.

Currently, 74 active hacker groups are known, 46 of them pro-Ukrainian, 26 pro-russian and two unknown. Most of them organize DDoS attacks and point hacks [1].

Main Highlights of the Week: May 30 – June 5

In the first three months of the year, the State Service of Special Communications of Ukraine registered 14 million suspicious information security incidents to detect vulnerabilities and respond to cyber incidents. Of these, 78 thousand were treated as critical. According to the results, 40 cyber incidents were registered. 65% of suspicious events were found in ministries and organizations, 35% fell on regional state administrations.

The most common categories of events:

  • malicious code;
  • collection of information by an attacker;
  • attempts to intervene [2].

Since the beginning of the active phase of russian military operations in Ukraine, the IT army has already managed to attack more than 1,800 russian Internet resources. Among the most successful cases – the hacking of rutube on May 9, the shutdown of the russian national system of marking goods and services «1C»[3].

The Anonymous team hacked and released more than 12 million russian files and emails (not including databases) after declaring a «cyber war» against the Kremlin’s criminal regime [4].

Ukraine in Cyberspace

Palantir is ready to become a partner of Ukraine in the sector of defense, security and digital technologies. Palantir is a world leader in data analysis software. The company’s products are used by the US Department of Defense, large investment banks and hedge funds. The company is ready to open an office in Ukraine and start joint development with Ukrainian specialists [5].

On  May 50, the Ukrainian delegation took part for the first time in a meeting of the Steering Committee of the NATO Cooperative Cyber Defence Centre of Excellence(CCDCOE). Ukraine’s accession to the CCDCOE is an important step for our country to strengthen international cooperation in the field of cybersecurity and cyber defense, as well as on Ukraine’s accession to NATO  [6].

Also, this year, for the first time, one of the largest conferences in the world of technology, Collision, will be joined by the Ukrainian IT community, where it will present the possibilities of Ukrainian IT in the international arena [7].

Cyber attacks on Ukraine

Deface

  • tv media service – russian propaganda instead of football [8]

Malware

  • file «changes in payroll with accruals.docx», which was distributed among state organizations of Ukraine by e-mail – malicious program Cobalt Strike Beacon and exploits to vulnerabilities CVE-2021-40444 and CVE-2022-30190 [9]
Cyber attacks on russia

DDos-attacks

Deface

  • three radio stations in St. Petersburg (Road Radio, Retro FM and New Radio) – Ukrainian and anti-war songs: the anthem of Ukraine performed by Alexander Ponomarev, a joint composition of Pink Floyd and Boombox vocalist Andriy Khlyvnyuk «Oh in the meadow red viburnum» and the song «We do not need the war!» of the russian band Nogu svelo [28]
  • Moodle – Nybbas virtual learning environment [29]
  • Sberbank website – Anonymous [30]
  • https://see.rane-brf.ru – Nybbas [31]
  • Russian TV channels – message «Blood of thousands of Ukrainians and hundreds of their killed children is in your hands» – Anonymous [32]
  • website of the Ministry of Construction and Housing of russia [33]

Data drain

  • Metallurgical Engineering and Investment Group MetProm, a subsidiary of the russian energy giant Gazprom, linked to the Arab Republic of Egypt and the Islamic Republic of Iran (184 GB) – B00da, Porteur, Wh1t3, Sh4d0w [34]
  • Choose Radio Group, which serves about 100 radio stations in 18 cities across russia with more than 8 million listeners (823 GB) – Anonymous [35]
  • russian online English school SkyEng (7,442,890 lines, including logins, full names, dates of birth, telephone numbers, e-mail addresses, Skype, information about time zones and regions of residence) [36]
  • FSUE in Moscow, dealing with waste (files related to the new system of toxic waste management, including levels 1 and 2) – Team Onefist [37]
  • Lipetsk Technical University (hackers reported data leak, but did not specify details) – LulzSecMafia [38]
  • RKP Law, a russian law firm working with large banking, media, oil and industrial firms, as well as government interests, including American companies (1 TB) – B00da, Porteur [39]
  • Techno-Alliance Electronics – LulzSecMafia [40]
  • Central Bank of russia (software leak) – RootkitHuN7er [41]
  • Moscow Aviation Institute (database, Telegram-bot and API) – Anonymous [42]
  • Federal Unitary Enterprise of russian Broadcasting and Notification Network (full network, employee emails and LinkedIn) – LulzSecMafia [43]

The IT army of Ukraine attacked about 600 russian online resources between May 30 and June 5:

  • Internet providers. It was difficult for russians to pay for the Internet through intensified attacks on the special offices of their providers.
  • Regional Media. Hundreds of regional Media, like expanding Putin’s propaganda and supporting the war against Ukraine, lie stably.
  • Also this year IT-army headed for the attack of russian information systems (IS), which will ensure the selection, search, processing and transmission of information. Through attacks, it was easy for the russians to speed up with such ІС:
  • ІС of the Ministry of Labor and Social Defense of the russian Federation. All information that was posted in the information system of the ministry was not available.
  • IC of the Ministry of Labor and Social Protection of the russian Federation. All the information contained in the information system of the ministry was not available.
  • IC of housing construction, where developers enter information on the object under construction, considering the building permits issued by the local government and permits for commissioning.
  • IC of the resource on land and real estate, which contains a set of information that allows you to obtain information about a particular area, for the construction or provision of land.
  • IC of seed production, which is used to enter data on sown seeds in a single register [44].