Main Highlights of the Week: July 18-24

Foto — https://unsplash.com

Executive summary

After the start of the unprovoked and criminal aggression against Ukraine, russia has significantly increased its hostile cyber activities against the EU countries and the whole world, which creates risks of side effects, misunderstandings and escalation of tensions on a global scale. This is stated in the Declaration of the High Representative of the EU on behalf of all the countries of the European Community, which was published on July 19 on the website of the European Council. ^[1]

Since the beginning of the full-scale aggression of the russian federation, the Security Service has neutralized more than 1.2 thousand cyber incidents and cyber attacks on information systems of state authorities and critical infrastructure of Ukraine. ^[2]

According to «State Service of Special Communications», 90% of attacks are carried out by military hackers of the russian federation and belarus, whose activities are financed by the authorities. ^[3]

Unlike the hacker groups associated with the Main Directorate of the General Staff of the Ministry of Defense of the russian federation (GRU) – in fact, russian military intelligence, hackers from the Foreign Intelligence Service of russia are believed to operate more covertly.^[4]

The aggressor is completely excluded from global processes in the cyber sphere. Consequently, his ability to defend and, more importantly, to attack, will decrease. In russia and belarus, there is no access either to information about the most modern tools and methods used by hacker groups for attacks, or to developments in how democratic countries resist such attacks.^[5]

russia’s position in cyberspace

The KillNet group intends to attack the largest manufacturer of weapons for the United States and NATO Lockheed Martin Corporation (in particular, the HIMARS MLRS of the American HIMARS MLRS). ^[6]
The Ministry of Digital Affairs of the russian federation is going to legalize white hackers. ^[⁷^]
The record for the duration of DDoS attacks was updated several times in the second quarter in russia. ^[⁸^]
Cyberspies linked to russia’s Foreign Intelligence Service carry out cyberattacks on NATO member states using cloud services to avoid detection. ^[4]

Cyber attacks on Ukraine

Spreading fakes

– a cyber attack on the servers and networks of TAVR Media radio stations and the spread of fake news about the health problems of the President of Ukraine ^[⁹^]

Phishing/malware:

– cyber attack on state organizations of Ukraine using the OK theme «South» and the malicious program AgentTesla ^[10^]

– a fake application «Cyber Azov» developed by the russian hacker group Turla, which collects information about Ukrainians ^[11^]

Main Highlights of the Week: July 18-24

Drain information:

– a Ukrainian hacker distributed stolen data about companies in closed hacker forums administered from the territory of the russian federation. ^[12]

Cyber attacks on russia

Dos/DDos:

In the period from July 11 to 24, the IT Army of Ukraine disabled more than 750 russian online resources ^[¹³^]:

critically important online resources of the Ministry of Foreign Affairs of the russian federation
more than a hundred online stores of drones and military dealers of the russian federation
telecommunication services from Beeline and their online resources
russian mass media

The official website of the Ministry of Finance of the russian federation was hacked. ^[14^]