25.04.2022

Main Cyber Highlights of the Week: April, 18-24

In the first quarter of 2022, the Government’s Computer Emergency Response Team CERT-UA, which operates under the auspices of the State Service of Special Communication, registered 802 cyberattacks. A year ago, only 362 cyberattacks were registered during the corresponding period. [1]

The state authorities, media resources, the energy sector, and the logistics sector are under attack the most. In cyberspace, the russians pursue the same goals as their military – to cause as much damage to infrastructure as possible, not so much military as civilian. [2]

The five groups that have carried out the most cyber attacks on Ukraine’s critical information infrastructure include hackers, whose activities are linked to the aggressor country or accomplice in the war against our state – belarus. [1]

Since the beginning of the full-scale russian invasion, the Security Service of Ukraine has neutralized more than 250 powerful cyber attacks, neutralized a dozen bot farms and blocked 50,000 social media accounts. For two months hundreds of Internet agents were exposed who acted in favor of the occupiers, spreading disinformation and propaganda, justifying russia’s armed aggression, discrediting the Armed Forces and even calling for the physical destruction of the Ukrainian people as a nation. [3]

russia is suffering serious cyber attacks. As of April 21, more than 6 TB and 6 million russian documents and emails had been leasked by Anonymous following their declaration of cyber war against the Kremlin’s criminal regime. [4] From April 18 to 24, 125 Russian online resources were  being attacked by IT ARMY of Ukraine. [5]

Given the growing sanctions pressure on russia’s IT and telecoms, putin has issued a decree establishing an interagency commission responsible for russia’s “technological sovereignty” of russia’s information space, preparing the country for the Iron Curtain in the digital environment. [6]

Cyber attacks on Ukraine

Phishing

– imitation of the resource of the TV channel «Ukraine 24»: «receiving financial assistance from EU countries» [7]

– SMS-messages: “payments of material assistance to internally displaced persons” [8]

Malicious software

– cyber attack on state organizations of Ukraine using the topic «Azovstal» and the malicious program Cobalt Strike Beacon [9]

DDos

– «Media Detector» publication [10]

Fakes

– notification of alleged hacking of the moving line during the broadcast of the Ukrainian telethon and dissemination of reports about the «assassination of the President» and the requirement to «lay down arms» [11]

Cyber ​​attacks on russia

Breaks of Anonymous

– PSKB, St. Petersburg Social Commercial Bank (800 GB leak) [12]

– Gazregion, a construction company whose client is Gazprom (222GB leak) [13]

– Neocom Geoservice, a geological company that operates Gazprom (107 GB leak) [14]

– Synesis Surveillance, a surveillance system linked to the belarusian government (1.2 GB leak) [15]

– GUOV and CB, related to the Ministry of Defense of the russian Federation (9.5 GB leak) [16]

– Tendertech, a financial firm whose clients include russian banks (160GB leak) [17]

– Sawatzky, a real estate management company (leaked 432 GB) [18]

– Worldwide Invest, an investment company related to the russian railway (130 GB leak) [19]

– Metrospechnika, supplier of “every metro in russia” (access to the system) [20]

– Accent Capital, a russian real estate investment company (leaked 211 GB) [4]

– Enerpred, the largest manufacturer of hydraulic equipment in russia (leaked 432 GB) [21]

– russian Space Agency, Luna Resource Mission (document leak) [22]

Attacks of the IT ARMY of Ukraine [5]

– veterinary inspection system

– online ticket purchase services

– fiscal data operators

– 1C services

Other

– a subordinate website of the russian Ministry of Emergencies reported a hack after the publication of recommendations “in the event of a nuclear retaliatory strike by NATO” [23]

[1] – https://cip.gov.ua/ua/news/p-yat-khakerskikh-ugrupuvan-yaki-naichastishe-atakuyut-ukrayinu

[2] – https://cip.gov.ua/ua/news/kilkist-kiberatak-pid-chas-viini-zrosla-vtrichi

[3] – https://www.facebook.com/watch/?v=1055125788405443

[4] – https://twitter.com/YourAnonTV/status/1517160363837558785

[5] – https://t.me/mintsyfra/2948

[6] – https://techno.nv.ua/ukr/it-industry/u-rosiji-hochut-vidmovitisya-vid-globalnoji-merezhi-internet-putin-doruchiv-ce-medvedyevu-50235062.html 

[7] – https://cert.gov.ua/article/39727

[8] – https://t.me/dsszzi_official/3106 

[9] – https://cert.gov.ua/article/39708

[10] – https://ms.detector.media/trendi/post/29378/2022-04-22-detektor-media-zaznaie-ddos-ataky-zapustyly-dzerkalo-saytu/

[11] – https://cip.gov.ua/ua/news/feikova-kiberataka-vid-feikovoyi-derzhavi

[12] – https://twitter.com/Anonymous_Link/status/1516116675078377474

[13] – https://twitter.com/YourAnonTV/status/1516086586798186502

[14] – https://twitter.com/YourAnonTV/status/1516286901963177990

[15] – https://twitter.com/PucksReturn/status/1516428930714116110

[16] – https://twitter.com/YourAnonTV/status/1516286714377117696

[17] – https://twitter.com/YourAnonTV/status/1516502940546183169

[18] – https://twitter.com/YourAnonTV/status/1516871660380557313

[19] – https://twitter.com/YourAnonTV/status/1516869863687573504

[20] – https://twitter.com/YourAnonTV/status/1516549406438445057

[21] – https://twitter.com/YourAnonTV/status/1517558587559759872

[22] – https://twitter.com/PucksReturn/status/1518294506780733440

[23] – https://nv.ua/ukr/world/geopolitics/rosiya-zagrozhuye-yadernoyu-zbroyeyu-mns-rf-poperediv-pro-zagrozu-udaru-u-vidpovid-z-boku-nato-50235291.html