16.05.2022

Main Cyber Highlights of the Week: May, 9-15

Main Cyber Highlights of the Week: May, 9-15Foto — pixabay.com

 

Executive summary

russian criminals are once again trying to deprive Ukrainians of access to the Internet and truthful information, to sow panic. In addition, the russians are no longer even trying to hide their actions and spread reports of attacks on the Internet [1].

However, in general, most attacks on Ukraine fail and are successfully repulsed, which once again demonstrates the effective cybersecurity systems that Ukrainian representatives of government agencies and businesses have managed to build. According to Lviv Mayor Andriy Sadovy, the attack on Lviv City Council was the largest in recent years. But «Moscow’s misfortunes could not cause serious damage, no matter how hard they tried. A small part of the services and computers of the city council employees were shut down» [2].

Since the beginning of the year, almost 36,000 attacks on the servers of state authorities have been repulsed in Dnipropetrovsk region. This is ten times more than usual [3].

The EU condemns russia’s cyber-attack on Ukraine an hour before the Kremlin’s war, which caused disruptions not only in Ukraine but also in several EU countries. A statement from the EU High Representative on behalf of all 27 member states said the unacceptable cyber attack was further evidence of russia’s irresponsible behavior in cyberspace as part of its illegal and unprovoked invasion of Ukraine. Such behavior contradicts the expectations of all UN member states regarding the responsible behavior and intentions of states in cyberspace [4].

A joint statement from Canada’s foreign, defense and public security ministers said that Canada, along with the United States, Britain, Australia, New Zealand and EU member states, would continue to develop stable cyberspace «based on the application and respect of international law and responsible conduct in cyberspace» [5].

Strengthening of cybersecurity of Ukraine

G7 countries will transfer technologies to Ukraine to protect against cyberattacks [6].

  • Ukrainian hackers have improved their cyber weapons against russia: the Liberator program has added the Multitarget feature, which enhances DDoS attacks and allows you to hit many targets at once [7].
  • Cybersecurity reform: the government wants to take control of the state domain GOV.UA [8].
  • Canada will provide valuable intelligence and cyber assistance to Ukraine to counter russian aggression [8.1].
  • Italian authorities claim to have prevented hacker attacks by pro-russian groups during the semi-finals and finals of the Eurovision Song Contest in Turin, Italy [9].
Weakening of russia in cyberspace
  • In the «first world cyber war» russia has no allies [10].
  • Kremlin hackers are creating fake Twitter profiles to support dictatorial policies [11].
Cyber attacks on Ukraine

Dos/DDos:

  • Sites of Ukrainian telecom operators [11.1];
  • Internet network of Lviv City Council: part of working files has been published [11.2];
  • Information resources of Ukrtelecom [12];
  • Satellite internet Starlink [13];
  • Site of the Institute of Mass Information [14].

Phishing / Malware:

  • Cyber attacks of the UAC-0010 group (Armageddon) using the malicious program GammaLoad.PS1_v2 (CERT-UA # 4634,4648): sending e-mails with the topic «On holding a revenge action in Kherson!» [15];
  • Online fraud using the topic of «financial assistance under the UN social program» (CERT-UA # 4657) [16];
  • Fake chatbot of E-support and PrivatBank website [17];
  • Phishing resources similar to the official website of the Ministry of Internal Affairs of Ukraine [18].

Other:

  • Zaporizhzhya website Inform.Zp.Ua, Zaporizhzhya website 061.ua, Volyn.Online website and Konkurent news agency received threats from the hacker group NoName057 (16) [19, 20, 21].
Cyber attacks on russia

The IT Army of Ukraine attacked more than 240 Russian online resources between May 9 and 15 [22]:

  • russian propaganda
  • Online sales of shoes for the aggressor’s army
  • Aviation sector
  • Services for business

Hackers Anonymous:

  • Hacking of rutube video hosting: almost 75% of databases and infrastructure of the main version of the platform were affected, as well as 90% of the backup and cluster for database recovery [23].

Other:

  • The russian authorities have suffered a number of cyber attacks by the Chinese ART group [24].
  • Hacking of the built-in player of Smart TVs: anti-war statements appeared in the TV programs of russian satellite TV channels [25].