14.11.2022

Main Highlights: October 31-November 13

Executive summary

State Service of Special Communications records a further increase in the number of cyber incidents and cyber attacks on state information resources and objects of critical information infrastructure since the beginning of the war.

In the III quarter of 2022, 24 billion information security (IS) events were processed with the help of the System of Vulnerability Detection and Response to Cyber ​​Incidents and Cyber ​​Attacks. The number of registered and processed cyber incidents increased from 64 to 115 compared to the previous quarter. The number of IS events with a high level of criticality increased by 3.8 times, the number of registered cyber incidents with a high level of criticality increased by 128%.1

The statistics of the State Service of Special Communications regarding the distribution of cyber attacks by month are quite telling. If in February (from February 1 to 23) about 143 thousand attacks were carried out on the public sector, then in the following months this number increased rapidly 2:

3.2 million attacks in two decades of April,

42.7 million attacks in May,

27.7 million – in June,

32.3 million attacks in July,

28.7 million attacks in August,

25.1 million in September.

According to Ilya Vityuk, head of the Cyber Security Department of the SBU, on average, the russian federation carries out more than 10 cyber attacks on Ukraine per day. Most of them remain unnoticed by society, but not by specialists who repel and localize them. 3

The main goal of hackers is cyberespionage, disruption of the availability of state information services and destruction of information system data. Specialists of the State Center for Cyber ​​Protection have recorded a significant increase in the distribution of malicious software that enables hackers to steal data or destroy it altogether.

By attribution, the absolute majority of cyber incidents are related to hacker groups funded by the government of the russian federation. In particular, this is UAC-0010 (Gamaredon) and others. In the third quarter of 2022, the main targets of hackers from the russian federation were the financial and commercial sectors, as well as Ukrainian state and local authorities. The largest share of information security events can be attributed to APT groups and hacktivists.1

Ukraine in Cyberspace 
  • Viktor Zhora, Deputy Head of the State Service of Special Communications for Digital Development, Digital Transformations and Digitalization, took part in the 7th Singapore International Cyber Week (SICW) held in Singapore at the invitation of the organizers. 4
  • The Government Computer Emergency Response Team of Ukraine CERT-UA, which operates under the State Service of Special Communications, investigated the facts of violations of the integrity and availability of information due to the use of the Somnia malware. 5
  • In Ukraine, a platform for emergency digital security assistance was launched – Nadiyno. The resource is designed to increase digital literacy and overcome current online threats to citizens. 6
russia in Cyberspace 
  • Ukraine documents russian cyberattacks and submits information to the International Criminal Court to prosecute all those responsible. 7
  • The Ministry of Digital Affairs of russia is working on a program for the return of IT specialists to the russian f 8
  • The Ministry of Digital Media plans to improve the cyber security of mass media: now they will be required to conduct regular checks of the security of their networks. 9
  • The Iron Curtain is coming down: roskomnadzor plans to launch a system for monitoring traffic routes, which will monitor the exchange of data between communication operators and monitor those who do not comply with the regulator’s requirements. 10
Cyber attacks on Ukraine

Deface:

  • Hackers hacked the profile of the Commander-in-Chief of the Armed Forces of Ukraine Valery Zaluzhny on the Instagram social network. 11

Main Highlights: October 31-November 13

Malware:

  • A cyber attack by the UAC-0010 group was recorded: sending e-mails, apparently, on behalf of State Service of Special Communications. 12
  • The distribution of e-mails with a fake scanner, allegedly on behalf of CERT-UA, was detecte. 13

Dos/DDos:

  • russian hackers organized a powerful attack on Portmone. 14
Cyber attacks on russia

Data breach:

  • The database of Whoosh users (the russian service of the range of electric scooters) is put up for sale.15
  • The IT Army of Ukraine gained access to the networks of the Central Bank of the russian federation and took possession of personnel data, specialized automated banking systems, their output files, principles of their interaction, KZI systems and other materials circulating in the networks of the Central Bank of the russian federation. 16, 17, 18
  • The IT army of Ukraine hacked and downloaded the data of 650,000 participants of the largest russian pseudo-platform for volunteers – dobro. 19

Main Highlights: October 31-November 13

Dos/DDos:

The IT army of Ukraine attacked:

  • Sber ID; 20
  • Russian military trade platform; 21
  • Gazprombank; 22
  • Apfa-Bank; 23, 24
  • Russian trading platforms and large online stores (especially Ozon). 25, 26