Main Highlights of the Week: August 29-September 4

Executive summary

Viktor Zhora, the deputy head of the State Service of Special Communications, spoke about Ukraine’s resistance to attacks by russian hackers. ¹

Most cyber attacks on Ukraine are carried out from the russian federation and the republic of belarus. russia has fostered cyber terrorism for years, actually starting its cyber aggression against the civilized world with the 2007 attacks on Estonia. Over the past eight years, our country has been one of the main targets of russian hackers.
In six months of full-scale war, we managed to prevent major incidents in critical infrastructure. In fact, the enemy, who has no motivation to restrain himself, has put a lot of effort into finding weak points, opportunities to attack us and cause significant damage.
The enemy does not have a defined strategy – this is such an opportunistic, chaotic activity aimed at finding vulnerabilities and weaknesses in defense; attempts to gain access to networks, information systems, and only then – determination of what to do with this access, what damage to cause.
We help affected organizations to recover, conduct investigations, obtain evidence, interact with law enforcement agencies, cyber police, SSU. And we also help strengthen protection.
The enemy’s intentions are to cause us as much damage as possible. Are they successful? Not yet. Despite the significant number of cyber incidents and cyber attacks that have occurred since the beginning of this year, the adversary has not achieved any strategic goals.
The aggressor is no longer able to use the software and hardware that was available before. You can’t create infrastructure for cyberattacks out of thin air. I would like to believe that this is an indicator of the effectiveness of sanctions. And a signal for us and the world community to strengthen them. The aggressor has to go back to the stone age and instead of modern computers, at best count with arithometers. He should not have licenses for software, receive high-tech server equipment to prepare structures for an attack, have funds to finance military and cyber aggression.

Ukraine in Cyberspace

Representatives of the State Service of Special Communications took part in the NATO International Cyber Security Summer School (ICSSS). ²
The national telecom operator Kyivstar received certification for providing the service «protection against DDoS attacks». ³
State Service of Special Communications of Ukraine and the National Cyber Security Directorate of Romania signed a memorandum of understanding in the field of cyber security cooperation. ⁴
Oleksandr Potii, deputy head of the State Service of Special Communications, met with Karol Molenda, commander of the Polish Cyberspace Defense Forces. This is the first meeting of the parties, aimed at implementing the memorandum of understanding in the field of cyber protection, signed on August 22 between the Governments of Ukraine and Poland. ⁵
The SSU Cyber Department has dismantled another 2 bot farms: in Kyiv region and in Odesa. The ‘bot army’ of almost 7,000 accounts was used to spread destructive content. ⁶

Cyber attacks on Ukraine

Phishing/Malware:

Online Fraud Using the Theme of «Cash Payments» in the Facebook social network. ⁷
Unknown people tried to gain access to the Telegram account of Serhiy Nikitenko, the editor of the Kherson website rusMOST». ⁸
Mass distribution of the AgentTesla Malware. ⁹

Cyber attacks on russia

Dos/DDos:

Over the past week, the IT Army of Ukraine has conducted successful attacks on:

DNS store network; ¹⁰
labeling and electronic document management resources; ¹¹^,¹²^,¹³^,¹⁴
propaganda resources (Rambler, Газета.Ru, Lenta.ru). ¹⁵

Deface/replace of the information:

Ukrainian hackers hacked the website of Radio Crimea, a radio station in the occupied Crimea, and played the national anthem of Ukraine. ¹⁶
Ukrainian hackers took care everyone in occupied Crimea could see the greetings of the Ukrainian President. ¹⁷
Hackers meddled with ride-hailing service Yandex Taxi to create a two-hour-long traffic jam in the кussian capital. ¹⁸

Data leakage:

russian streaming giant suffers a massive data leak affecting 44m users. ¹⁹
Ukrainian hackers established the coordinates of the russian military base near the temporarily captured Melitopol based on photographs using fake accounts in social network. ²⁰

Anonymous collective, Squad303, is running a campaign against russian businessmen:

Squad303 has revealed list of russians and russian companies operating in Poland. ²¹
Squad303 has published a list of russians who have great economic influence in the UK. ²²
In one of the posts at the request of the Czech Fonetech server, the hackers reported that russian companies operating in the Czech Republic would be next. ²³