12.02.2023

Main Highlights: 30 January – 12 February

Executive summary

Over the past year, more than 2,000 russian cyberattacks on registries with personal data of citizens and information systems of the Ministry of Foreign Affairs, the Ministry of Defense, and the energy sector were officially recorded in Ukraine. 1

Targeted cyber attacks remain one of the main cyber threats from fsb hackers.. 2

russian cyberattacks can undermine and block government agencies and critical infrastructure, manipulate public opinion, and spread malware through compromised email accounts. Yuriy Shchygol, head of the State Service of Special Communications, said this in a column for the Atlantic Council.

“While more traditional acts of aggression can provoke a decisive response, cyberattacks operate in a ‘gray zone’, making them convenient for the kremlin, which is trying to cause as much chaos as possible in Europe and North America without running into a direct military response.” , – notes the head of the State Service of Special Communications. In his opinion, Western countries should take into account Ukraine’s experience in countering russian cyber aggression. 3

On January 30, the Ukrainian experience of resisting russian cyberattacks was discussed in Great Britain. Viktor Zhora, the deputy head of the State Service of Special Comminications, and a representative of the Government Computer Emergency Response Team (CERT-UA), which operates under the Service, visited the National Cyber Security Center (NCSC) of the United Kingdom of Great Britain and Northern Ireland. The key topic of the dialogue with British colleagues was the further strengthening of cooperation and joint efforts to counter russian aggression in cyberspace and the need to intensify the exchange of information about cyber incidents.

Viktor Zhora noted that the world is mostly watching the russian invasion on the ground, but the aggression in cyberspace is less noticeable. However, the number of cyberattacks against Ukraine tripled last year, and a large part of them were coordinated with other areas of military operations, for example, missile strikes.

“Ukrainians are well aware that successful protection against hackers is provided exclusively by constant strengthening of cyber resistance. At the same time, we all need to clearly understand that there are no borders for cybercriminals. They can easily spread their aggression to other countries and are already successfully doing it,” Viktor Zhora emphasized.

During the trip, Ukrainian representatives took part in the CyberThreat 2022 conference, which was held in London. Deputy head of CERT-UA Yevhen Brixin told the participants of the event about the cyber incidents processed by the team. He also presented analytical and technical information on the tactics, techniques and tools used by hacker groups associated with the government of the russian federation during cyber attacks on Ukrainian organizations and institutions.

Such information is extremely important for the partners of our country. Based on the received data, they can build plans to protect their organizations and critical infrastructure facilities. At the same time, the exchange of experience in countering russian cyber aggression is a key moment in strengthening relations with the international community of cyber experts to improve collective security, defense and resilience in the global digital world. 4

Ukraine in Cyberspace 
  • The SSU exposed an enemy bot farm in Zaporizhzhia, which called for donations to support the occupiers. 5
  • The IT Army of Ukraine continues to improve its work. This week they are launching a pilot version of the leaderboard. 6
russia in Cyberspace 
  • In the russian federation, the head of the State Duma Committee on Information Policy Oleksandr Khinshtein said that hackers acting in favor of the russian side should be released from responsibility. 7
Cyber attacks on Ukraine

DDoS:

  • A DDos attack was carried out by russia on the resources of the Ministry of Culture and Information Policy. 8

Malware:

  • A web page imitating the official web resource of the Ministry of Foreign Affairs of Ukraine was discovered, which offers to download software for “detection of infected computers”. In fact, malware is hidden under the link. 9 The operational center for responding to cyber incidents of the State Cyber Protection Center of Ukraine has already prepared a detailed analysis of the activities of the WinterVivern campaign behind the attack. 10
  • UAC-0050 cyber attack on the state bodies of Ukraine using the program for remote control and surveillance Remcos. 11
  • Cyber attack on organizations and institutions of Ukraine using the Remote Utilities program. 12

Other:

  • Two Lviv internet providers Kopiyka and Kom i Tech were hacked by the russian f. 13
Cyber attacks on russia

Deface and replace of the information:

  • In St. Petersburg, in the Hermitage, the crimes committed by the russians in the Ukrainian Bucha were displayed on electronic boards. 14
  • The IT Army of Ukraine “congratulated” Artemiya Lebedev, one of Putin’s Internet propagandists, on his birthday. 15, 16

Main Highlights: 30 January – 12 February

Data breach:

  • The IT Army of Ukraine hacked the fiscal data operator ATOL and shared the data of ~210,000 of its clients. 17

DDoS:
The IT Army of Ukraine attacked:

    • logistics systems ATI.SU, Da-Trans, Business Lines and Pony Express, Platon; 18, 19, 20, 21
    • online product stores Perekrestok, Pyatyorochka and 5Post delivery, which are parts of the same X5 Group corporation; 22
    • CRM Megaplan. 23