Main Highlights of the Week: July 11-17

Foto — pixabay.com

Executive summary

The operational center for responding to cyber incidents of the State Center for Cyber Protection of the State Service of Special Communication has published a report on the results of the System of Vulnerability Detection and Response to Cyber Incidents in the II quarter of 2022.

In total, 19 billion events were processed, collected with the help of means of monitoring, analysis and transmission of telemetric information about cyber incidents and cyber attacks. The number of registered and processed cyber incidents increased to 64.

Main Highlights of the Week: July 11-17

The main goal of hackers is cyberespionage, disruption of the availability of state information services and even destruction of information systems with the help of wiper programs.

In the II quarter of 2022, a significant increase in the activity of hacker groups regarding the distribution of malicious software was recorded; which includes both data-stealing and data-destructive programs. Compared to the first quarter of 2022, the number of information security (IS) events in the Malware category increased by 38%.

Main Highlights of the Week: July 11-17

At the same time, the number of critical IS events originating from russian IP addresses decreased by 8.5 times. This is primarily due to the fact that providers of electronic communication networks and services that provide access to the Internet have blocked the IP addresses used by the russian Federation. It was from these IP addresses that cyber-attacks were carried out on Ukrainian information resources, and fake information related to the discrediting of state bodies during the russian-Ukrainian war was spread.

Main Highlights of the Week: July 11-17

However, most cyber incidents are associated with hacker groups funded by the russian government.

Current hacker groups that attacked the information resources of Ukraine:

UAC-0010 (Gamaredon, Armageddon, PrimitiveBear)
UAC-0056 (Lorec53, SaintBear, GraphSteal, GrimPlant)
UAC-0028 (APT28, Fancy Bear, Iron Twilight, Sednit)
UAC-0098
UAC-0082, UAC-0113

In the second quarter of 2022, the main targets of hackers from the russian Federation were the Ukrainian mass media, the Government and local authorities. ^[¹^]

Cyber attacks on Ukraine

Malware/Phishing

Attack of the UAC-0056 group on the state organizations of Ukraine using the Cobalt Strike Beacon and humanitarian disaster topics. ^[²^]
Online fraud using the subject of «monetary compensation». ^[³^]

DDoS

The websites «CRIME.NOT» and «Niklife» were attacked. ^[⁴^]

Other

Unknown gained access to and deleted the Facebook account of the head editor «NOT» and the publication’s YouTube channel. ^[⁵^]

Cyber attacks on russia

Deface

The website for the supply of food products for the needs of the Irkutsk branch of Gazprom https://gazprompitanie38.ru/ was hacked by Anonymous. ^[⁶^]
YourAnonSpider hacked a secure host system https://secure-host.net/. ^[7^]
NB65 website of Lysven Mechanical Plant LLC was hacked. ^[⁸^]
Turkish hacktivists hacked russian websites https://zhksochi-park.ru/ та https://anatomia-mebeli.ru/.^[9^]
YourAnonSpider have made an attack on http://putin-vladimir.ru/. ^[10^]
YourAnonSpider haave hacked the site https://ronnon.ru/index.html. ^[11^]

DDoS

The IT Army of Ukraine attacked:

the russian operator of telecommunication services «Beeline», ^[12^]
honey resources of the russian Federation. ^[13^]

Data dump

Abatu posted 50,000 documents (600 MB of data) from the russian Arctic and Antarctic Research Institute. ^[14^]