18.07.2022

Main Highlights of the Week: July 11-17

Main Highlights of the Week: July 11-17

Foto — pixabay.com

Executive summary

The operational center for responding to cyber incidents of the State Center for Cyber ​​Protection of the State Service of Special Communication has published a report on the results of the System of Vulnerability Detection and Response to Cyber ​​Incidents in the II quarter of 2022.

In total, 19 billion events were processed, collected with the help of means of monitoring, analysis and transmission of telemetric information about cyber incidents and cyber attacks. The number of registered and processed cyber incidents increased to 64.

Main Highlights of the Week: July 11-17

The main goal of hackers is cyberespionage, disruption of the availability of state information services and even destruction of information systems with the help of wiper programs.

In the II quarter of 2022, a significant increase in the activity of hacker groups regarding the distribution of malicious software was recorded; which includes both data-stealing and data-destructive programs. Compared to the first quarter of 2022, the number of information security (IS) events in the Malware category increased by 38%.

Main Highlights of the Week: July 11-17

At the same time, the number of critical IS events originating from russian IP addresses decreased by 8.5 times. This is primarily due to the fact that providers of electronic communication networks and services that provide access to the Internet have blocked the IP addresses used by the russian Federation. It was from these IP addresses that cyber-attacks were carried out on Ukrainian information resources, and fake information related to the discrediting of state bodies during the russian-Ukrainian war was spread.

Main Highlights of the Week: July 11-17

However, most cyber incidents are associated with hacker groups funded by the russian government.

Current hacker groups that attacked the information resources of Ukraine:

  • UAC-0010 (Gamaredon, Armageddon, PrimitiveBear)
  • UAC-0056 (Lorec53, SaintBear, GraphSteal, GrimPlant)
  • UAC-0028 (APT28, Fancy Bear, Iron Twilight, Sednit)
  • UAC-0098
  • UAC-0082, UAC-0113

In the second quarter of 2022, the main targets of hackers from the russian Federation were the Ukrainian mass media, the Government and local authorities. [1]

Cyber attacks on Ukraine

Malware/Phishing

  • Attack of the UAC-0056 group on the state organizations of Ukraine using the Cobalt Strike Beacon and humanitarian disaster topics. [2]
  • Online fraud using the subject of «monetary compensation». [3]

DDoS

  • The websites «CRIME.NOT» and «Niklife» were attacked. [4]

Other

  • Unknown gained access to and deleted the Facebook account of the head editor «NOT» and the publication’s YouTube channel. [5]
Cyber attacks on russia

Deface

DDoS

The IT Army of Ukraine attacked:

  • the russian operator of telecommunication services «Beeline», [12]
  • honey resources of the russian Federation. [13]

Data dump

  • Abatu posted 50,000 documents (600 MB of data) from the russian Arctic and Antarctic Research Institute. [14]