Main Cyber Highlights of the Week: May, 2-8

Foto — pixabay.com

EXECUTIVE SUMMAR

russian military hackers are doing the same thing in cyberspace as their «colleagues» on the ground. They are trying to destroy everything they can get their hands on, sow chaos, destabilize the government, intimidate the population, create a humanitarian catastrophe, deprive people of access to vital services. That’s why they attack everything from the authorities and the security and defense sector to local providers and just civilians. Critical infrastructure is most affected.

The two main «tools» of russian military hackers are phishing and malware. During phishing emails, they try to steal credentials and then use them to attack information systems [1].

During the two months of the war, at least six groups of russian hackers carried out more than 430 cyberattacks. Many of them coincided in time with rocket attacks and ground attacks on certain objects [2]. However, on May 1, the State Special Communications Service stated that russian cyberattacks against Ukraine had reached a maximum [3]. The russians have failed to carry out a large-scale attack that would indeed cause significant damage to the Ukrainian economy, army or population [4].

All governments in democracies – the United States, Canada, the United Kingdom, most EU countries and others – offer their assistance to Ukraine in cyber defense. Ukraine is also supported by such leading companies as Microsoft, Google, Amazon, Cisco, Oracle and others [5].

CYBER ATTACKS ON UKRAINE

Dos / DDos:

• Volyn site of IA «Konkurent» [6]

• Kharkiv sites «Nakipilo», «Slobidsky Krai»
• KHARKIV Today and InsiderNews [7]

• Odessa.Online publication [8]

Phishing / SPF:

• Mass distribution of the JesterStealer malware using the topic of chemical attack [9]

• cyber attack of the APT28 group using the malicious program CredoMap_v2 [10]

Other:

• threats from hackers Noname057 were received by Zaporozhye sites infоrm.zp.ua and 061.ua[11], [12], [13]
• Volyn media «Volyn Online», racurs.ua, IA «Konkurent» received threats from hackers Noname057 [14]

• threats were received by Kharkiv sites KHARKIV Today, «Slobidsky Krai», «Nakipilo», InsiderNews, 057.ua [15]

• threats from hackers Noname057 were received by the publication «Odessa.Online» [16]

CYBER ATTACKS ON RUSSIA

From May 2 to 8, the IT Army of Ukraine attacked more than 200 russian online resources:

• the EGAIS system, which led to the shutdown of breweries

• online shopping

• tender grounds

• electronic reporting systems (including 1C)

• russian propaganda services [17]

Victims of Anonymous and the hackers connected with the group:

• Qiwi, russia’s most popular electronic payment system (NB65 erased 10.5 TB) [18]

• Capital LLC, a specialized accounting firm cooperating with the SAFMAR Group, including PJSC russNeft (20.4 GB leak) [19]

• CorpMSP, a federal institution that provides support to small and medium-sized businesses, whose controlling shareholder is russia [20]

Other:

• Darknet sells data of 31 million customers of Hemotest, a large russian network of medical laboratories [21]

• According to the new decree of the russian dictator Vladimir putin «On additional information security measures», from 2025 many organizations must stop purchasing software from unfriendly (all Western) countries, and plans to create regulations to respond to cyber threats [22]

Global Cyber Cooperative Center (GC3) — integration platform intended to develop productive cooperation between global and local creators of safe cyberspace.