08.01.2023

Main Highlights: 26 December – 8 January

Executive summary

The government computer emergency response team CERT-UA, which operates under the State Service of Special Communications, registered and investigated 2,100 cyber incidents and cyber attacks in 2022. And since the beginning of russia’s full-scale military invasion of Ukraine – more than 1,500. 1

In the period from September to December 2022, the following russian and pro-russian hacker groups operated in Ukraine:

  • ARMAGEDDON/GAMAREDON/PRIMITIVE BEAR (FSB of the russian federation, activity is monitored by the identifier UAC-0010);
  • SANDWORM (Central Intelligence Agency of the russian federation), activity is monitored by the identifier UAC-0082)
  • APT28/FANCY (Central Intelligence Agency of the russian federation), activity is monitored by identifier UAC-0028);
  • ART29/COZY BEAR (Foreign Intelligence Service of the russian federation), activity is monitored by the identifier UAC-0029)
  • UNC1151/ GHOSTWRITER (Ministry of Defense of the russian federation, activity is monitored by the identifier UAC-0051);
  • XAKNET, KILLNET, Z-TEAM, CYBERARMYOFRUSSIA_REBORN (pro-russian cyberterrorists, activity tracked by identifiers UAC-0106, UAC-0108, UAC-0109, UAC-0107, respectively).

Among the main goals of enemy hackers are espionage (obtaining intelligence on logistics, weapons, plans and operations of the Security and Defense Forces), attempts to disable critical information infrastructure facilities, deny citizens access to public services, banking services, etc. And also – informational and psychological operations and disinformation campaigns aimed at undermining confidence in the capabilities of state authorities, the Security and Defense Forces, and spreading panic among the population.

Despite everything, russian cybercriminals are unable to achieve their strategic goal and cause significant damage to our infrastructure. 2

Ukraine in Cyberspace 
  • Since the beginning of the year, the SSU has neutralized more than 4,500 cyberattacks on Ukraine, 3 including hundreds of cyberattacks on Ukrainian thermal power plants and Oblenergo – head of the Cybersecurity Department of the SSU, Ilya Vityuk.4
  • In 2022, the cyber center of Naftogaz of Ukraine detected and blocked more than 3 million different attacks on the network infrastructure of the group. 5
russia in Cyberspace 
  • The Molfar OSINT community identified the winning teams of the scandalous hackathon from the russian illegal armed formation w 6
  • russian companies will not be represented at one of the largest technology exhibitions in the world, CES 2023 in Las Vegas. 7
Cyber attacks on russia

Deface:

  • In the occupied part of the Kherson region in the Kakhovsky district, russian TV channels showed the address of the President of Ukraine. 8
  • The IT Army of Ukraine tried to make the New Year’s address of the President of Ukraine Volodymyr Zelenskyi visible on the official websites of the administrations of cities, districts and settlements of r 9

Main Highlights:  26 December – 8 January

Data breach:

  • National Republican Army (of russia) hackers released approximately 1.2 TB of files from Technoserv, a group of russian IT companies specializing in system integration, network and cloud services, information security and data collection. 10

DDoS:

  • The IT Army of Ukraine hacked VTB and Alfa 11, 12, banks, and then switched to the all-russian bank of Regional Development. 13