Main Highlights of the Week: September 5-11

Executive summary

From April to June 2022, researchers from the Google TAG (Threat Analysis Group) unit, which monitors state-sponsored cyber activities, recorded «an increase in the number of financially motivated threat actors targeting Ukraine, the activities of which appear to be closely related to criminals , which are supported by the russian government». TAG points to a «blurring of lines between financially motivated and government-sponsored groups in Eastern Europe», an indicator that attackers often adapt their targets to geopolitical interests in the region. ¹

According to the Minister of Digital Transformation of Ukraine, Mykhailo Fedorov, six months before February 24, large-scale cyberattacks by russian FSB hacker groups began. These were multi-vector attacks, the purpose of which was to cause maximum damage to Ukrainian infrastructure and to reveal how information systems in Ukraine work and how they are protected. Ukraine managed to protect itself from these and further cyberattacks thanks to the creation of a special team at the State Service of Special Communications, which worked out various scenarios of attacks and protection against them. ²

The creation of cyber security infrastructure made it possible to protect Ukrainian web resources and databases from russian attacks. Thanks to the professionalism of Ukrainian IT specialists and the help of foreign partners, in particular companies such as Amazon, Ukrainian web resources and databases were protected from powerful attacks carried out from the territory of the russian federation and belarus in the first days of the full-scale invasion. No basic registry and no critical state service was stopped, and the state worked stably and responded quickly to the challenges of the war. In this way, the functioning of the state was removed from the physical and virtual attack of the aggressor. ³

Ukraine in Cyberspace

• Since the beginning of the year, the SSU has neutralized 35 bot farms and is initiating increased responsibility for their creation. ⁴
• The SSU notified the organizer of a powerful bot farm (fake accounts involving almost 11,000 cards of one of the Ukrainian mobile operators) in the Carpathian region of suspicion, and also neutralized another bot farm in Kyiv that «cooperated» with russian PR companies. ^{5, 6}
• An agreement has been signed in Brussels between the Government of Ukraine and the European Commission regarding Ukraine’s accession to the EU program «The Digital Europe Programme». ⁷

 russia’s Position in Cyberspace

• russia lacks tens of thousands of cybersecurity specialists: about 5,000 specialists work in the field of cybersecurity in the country, and today the need is twentyfold. ⁸

Cyber attacks on Ukraine

Dos/DDos:

• racists want to block distance education – they are carrying out hacker attacks on Melitopol education sites. ⁹ 

Cyber attacks on russia/belarus

Dos/DDos:

• The IT army of Ukraine attacked Gazprombank, Moskovskiy Kreditnyi Bank and Sovkombank, as well as one of the largest russian platforms for the sale of cars and spare parts – Drom. ^{10, 11, 12, 13}
• The website parkingkrd.ru and the mobile application «Krasnodar City Parking», where you can pay for parking, have been hacked. ¹⁴

Deface:

• belarusian hackers of the Joint Headquarters of the Minsk Resistance hacked the website of Zhodyn OJSC «BelAZ», on the main page there is an information sheet of the JHR. ¹⁵