29.01.2023

Main Highlights: 16 – 29 January

Executive summary

The threat of russian cyberattacks on both Ukrainian systems and European partners remains high, because the concept of russian “hybrid war” involves the use of all types of influence on the country against which russia carries out aggression. Therefore, we must constantly be ready for new attacks by the russians, all the time strengthen our own defense – including in cyberspace.

This was emphasized by the head of the State Service of Special Communications and Information Protection of Ukraine, Brigadier General Yury Shchygol, during a press conference at the Ukraine-Ukrinform Media Center.

The main system that provides cyber protection of state bodies is the System of Protected Access of State Bodies to the “Internet” network (SPAI). Consumers of this system are about 200 state bodies, including bodies of the security and defense sector of the state. SPAI stops and blocks the lion’s share of cyber attacks, including in automatic and semi-automatic mode.

“SPAI, the operation of which is ensured by specialists of the State Service of Special Communications, is one of our reliable shields, which ensures the cyber stability of the state, stops and blocks attempts at interference, DDoS, infection and distribution of Malware, etc. We are talking about thousands of such cyber attacks every day. Every day we repel from 5 to 40 powerful high-level DDoS attacks. In December, we stopped and blocked 395 such attacks. Also, in December alone, the System recorded and informed consumers about 170,000 attempts to exploit vulnerabilities on state information resources that we protect. Cyber defense is our daily work,” Brigadier General said.

In addition, the State Service of Special Communications investigates the most complex cyber incidents in other state bodies and critical infrastructure facilities. This is exactly the kind of work our CERT-UA Government Computer Emergency Response Team is doing. In addition, it also investigates incidents in the private sector – only here it is about 200-300 cyber incidents per day, which are investigated mainly in a semi-automatic mode.

According to the data announced by the head of the State Service of Special Communications, in 2022 the Government Computer Emergency Response Team CERT-UA registered 2,194 such cyber incidents. A quarter of them were directed against the Government and local authorities. Also, the most attacked industries include energy, the security and defense sector, telecom and developers, the financial sector, and logistics.

Annual statistics show that russian terrorists do not distinguish between military and civilian targets in cyberspace, as Yuriy Shchygol noted. The main goal of russian attacks on Ukrainian cyberspace is the destruction of critical information infrastructure, espionage (obtaining intelligence on logistics, weapons, plans and operations of the Security and Defense Forces), as well as informational and psychological operations and disinformation aimed at undermining confidence in the capabilities of state authorities, security and defense forces, the spread of panic among the population.

Traditionally, the most common practice used by russian military hackers in Ukraine is to distribute malware that steals credentials or destroys information systems. Such attacks make up more than a quarter of all and can be a component of more complex and powerful operations. To prepare such attacks, hackers exploit public trust in the security and defense sector and disguise themselves using themes related to the protection of life and health of citizens and critical infrastructure.1

Ukraine in Cyberspace 
  • Ukraine signed an agreement on joining NATO Cooperative Cyber Defence Centre of Excellence. 2
  • Ukraine proposes to create a global organization that will help exchange information about threats and prepare for future russian attacks. This was stated in an interview with Politico by the head of the State Service of Special Communications Yuriy Shchygol. 3
  • he Ukrainian application SpyBuster from MacPaw was nominated for the Golden Kitty Award in the category “Focus on Privacy”. It helps detect applications that may compromise data privacy. 4
  • The SSU neutralized an attempt by russian hackers to break into the computer networks of apartment buildings. 5
russia in Cyberspace 
  • Because of the shortage of IT specialists in russia, it was suggested to look for new employees in this field among gamers. 6
  • pro-russian group NoName057, known for attacking governments and organizations that support Ukraine, offers cryptocurrency payments to volunteer hackers in exchange for technological firepower.7
Cyber attacks on Ukraine

DDoS:

  • Online media of the Poltava region are constantly subjected to DDoS attacks, and their pages are blocked in social networks by bots. 8

Malware:

  • Cyber attack on DELTA national military system users using RomCom/FateGrab/StealDeal malware. 9

Other:

  • A cyber attack on the Ukrinform information and communication system related to the Sandworm group, whose activities are associated with the russian f 10 In response to inquiries about a powerful cyberattack, Ukrinform informs that the agency is working. 11
  • On January 26, due to a hacker attack, the websites of the Chernihiv Regional Military Administration, the Chernihiv City Council, as well as the Department of Civil Protection and Defense Work, the Chernihiv, Novgorod-Siver, Nizhyn and Koryukiv district councils did not work. 12
Cyber attacks on russia

Deface:

  • Anonymous hacked the website of the all-russian State University of Cinematography. 13

Main Highlights: 16 – 29 January

Data Breach:

  • Hackers have hacked all key services of Yandex and leaked data to the network. As a result of a large-scale hack, 45 GB of data of popular search engine programs, including Yandex Market, Yandex Mail and Yandex Taxi, were made publicly. 14
  • The source codes of the Gazprombank Investments service for investments on the stock and currency market were posted on the network. The files contain user data. 15
  • The IT Army of Ukraine gained access to information on the activities of the largest filler of the state budget, and accordingly the main sponsor of terrorism and the invasion of Ukraine — Gazprom PJSC. The archive with a capacity of 1.5 GB contains more than 6,000 files of the “Gazprom” group of companies related to financial and economic activities, namely reports on testing and drilling, implementation and adjustment of automated systems at the Koviktinsky well (Irkutsk region), which is considered one of the largest gas fields russian federation. 16

DDoS:

The IT Army of Ukraine attacked:

  • russian post; 17, 18
  • fixed data operators “Kontur” and “Astral”, ofd.ru, atol.rub service from Sbys, Pervyj OFD. 19, 20, 21, 22