The 4th of April, Cyber Digest


On the night of the russian invasion, the enemy wanted to destroy all of Ukraine’s cyber defense

From the beginning of the full-scale aggression of the russian Federation, more than 120 powerful cyber attacks on the resources of state authorities and military administration of Ukraine have been promptly detected and neutralized. However, the effective work of the SSU and other cybersecurity agencies have not allowed the aggressor to use cyberspace to gain military advantages. SSU officers thwarted all attempts of the occupiers to paralyze strategically important electronic resources or using of them to spread propaganda. Critical infrastructure, telecommunications and media IT systems have been prevented from crashing. The SSU has launched a series of investigations to identify and bring the perpetrators to justice. According to preliminary data, the cyber sabotage was organized by the special services of the russian Federation, and specialized hacker groups APT28, ART29, Sandworm, BerserkBear, Gamaredon, Vermin, etc. Implemented it. See the source

An IT battalion has been set up in Kyiv to protect the infrastructure

The IT battalion – the Center for Protection and Monitoring of Digital Systems of Kyiv – will be established in the capital. Deputy Mayor for IT Petro Olenych spoke about this in his Telegram channel. According to him, this is a formal consolidation of the status of the organization in force for a month. The tasks of cyber defenders of Kyiv include: support of vital IT services of the capital; organization of interaction of critical enterprises of Kyiv for stable work of their resources; adaptation of Kyiv to wartime conditions: informing, creation of new services, camouflage of data; coordination of digital systems in cloud services outside Ukraine. It is reported that the mayor of the capital Vitaliy Klitschko has already supported the initiative to establish a Center for Protection and Monitoring of Digital Systems in Kyiv. See the source

The most popular types of attacks are phishing, malware distribution, DDoS attacks

According to the head of the State Service of Special Communication Yuri Shchigol, hackers are attacking primarily government agencies, the financial and defense sectors, telecom operators, local authorities, logistics companies and the media. We also see numerous attempts of the hackers to crack resources that gather information about the war crimes of russia in Ukraine. The State Service of Special Communication is making efforts to ensure their cyber defense. We assure you that it is safe to use them. In total, almost three times more hacking attacks of various kinds have occurred during the month of the war than during the same period last year. However, most of them are unsuccessful and have little effect on the operation of critical information infrastructure. See the source

During the war, Ukraine’s telecom industry became one of the key targets of the hackers

Attempts of the enemy to attack the telecom infrastructure take place every week, – said in an interview with “Today” the head of the State Service of Special Communication Yuri Shchigol. The cybersecurity systems of mobile operators, which have equipped their systems with advanced technologies capable of resisting russian hackers, have worked effectively. The operators actively cooperated with us on cyber defense long before the war. “russian cyber forces have encountered powerful professional security systems in Ukraine. And here I want to note the professionalism of both of our state specialists in the field of cyber security and the Ukrainian IT community, as well as the effective work in the war of providers and operators. On the eve of the war, we brought together the best IT and cybersecurity professionals who are now helping us to keep Ukrainian information resources safe, ”said Yuriy Shchyhol. See the source

The website of Chernihiv 0462.ua rhas eported about a ddos ​​attack

The editorial office of the Chernihiv website 0462.ua reported about a DDoS attack on the resource, which took place on the morning of April 1. “In the morning there is a powerful DDoS-attack on our information web resource. Apparently, our materials have got the enemies on titis. To protect the site, the support service has limited the access of users from outside Ukraine for some time. Therefore, if you visit the site from European or other countries, access to it will be limited. Sorry for the inconvenience, we are working to restore the site as soon as possible for all users, “- said in a statement. The resource from February 24, 2022 actively covers the course of russian armed aggression on the territory of Ukraine, records the crimes of the occupiers in Chernihiv region. The site is one of the five most visited in the region. See the source

Kropyvnytskyi Zlatopil newspaper has reported about an attempt to “put” the site

Kropyvnytskyi news portal Zlatopil suffered a cyber attack, as a result of which access to the resource was temporarily lost. This was reported to the regional representative of IMI in the Kirovohrad region by the editor of the newspaper Olena Shenderovska. “On the night of March 31 to April 1, there was an attempt to shut down the site, overloading our server. It is difficult to establish where the attack took place, because the attackers used proxy servers. So far, the site has been restored,” – Shenderovskaya said. The editor stressed that since the beginning of the full-scale war of Russia against Ukraine, the publication pays special attention to cybersecurity to protect the site from possible hacking and loss of information. See the source

In Kharkiv, a bot farm was exposed, which called on the military and law enforcement to surrender to russia via SMS

The Security Service of Ukraine has exposed a new hostile bot farm in Kharkiv, which sent text messages exclusively to the Ukrainian military and law enforcement agencies with the proposals to surrender and side with the russian occupiers. In this way, according to the SSU, the special services of the Russian Federation tried to conduct a special information operation and shake the moral and psychological state of the Ukrainian security forces. Currently, all equipment has been confiscated, and the SSU is taking appropriate measures with all those involved. See the source



Hackers have attacked the site of the manufacturer of russian fighter jets

A hacker attack was carried out on the website of the russian aircraft manufacturer Sukhoi. This was stated by the General Director of the russian United Aircraft Corporation Yuri Slyusar. A statement was posted on the website: “I came to the position of a leader with the desire to strengthen the russian aviation industry, but did not even imagine that the planes produced by the company I lead will bomb peaceful areas of Kharkov, where he once founded the founder of EDB ” Sukhoi ” . Carrying out a special operation in Ukraine has become a line for me, which I cannot pass as the General Director of JSC AHC Sukhy. I cannot and do not want to be at the helm of a company that today creates weapons to kill civilians.” Later, the fact of resignation was denied by the head himself, and the company announced a hacker attack. See the source

The number of DDoS attacks on russia has been increasing recently

The number of cyberattacks on russia, which has increased rapidly since the attack on Ukraine, continues growing. Kaspersky Lab monitors the situation with cybersecurity in russian digital space. According to its experts, not only the number of attacks has increased, but also their duration. Thus, back in February this year, attacks on russian resources lasted an average of 7 hours, and the longest lasted for 90 hours. In March, the average duration of cyberattacks was 29.5 hours, and the longest was 145 hours. At the same time, in the same period last year, the average duration of a cyber attack did not exceed 12 minutes, and the maximum – an hour and a half. The media and financial institutions are most vulnerable to the threat of burglary. Thus, in March this year, attacks on banks and credit institutions accounted for 35% of the total number of hacks. At the same time, russian consumers quickly switched their devices to the local product – the number of registrations in Kaspersky DDoS Protection has increased by 80%. See the source



Cyber ​​activists Anonymous have hacked the website of the investment company, the son-in-law of russian Foreign Minister Sergei Lavrov

Cyber ​​activists Anonymous dealt another blow to the Putin regime. This time, because of the hacking of the site of a multidisciplinary investment company owned by Mikhail Vynokurov, the son-in-law of one of Putin closest officials, Sergei Lavrov. In their official Twitter account, the hackers announced the hacking of Marathon Group servers on March 31, thanks to which it was possible to obtain and publish 62,000 emails of the company owned by oligarch Mikhail Vinokurov. The latter is a significant figure in russian business and politics. See the source

Hackers have leaked data from a russian plant that makes spare parts for anti-aircraft missile complex

On April 1, hackers Anonymous broke into the Russian Lipetsk Mechanical Plant, which produces components for anti-aircraft missiles. Hackers merged 25 GB of plant data. In addition, hackers have hacked mailboxes and leaked data from the law firm Capital Legal Services and the state company Mosekspertiza. About 200,000 emails “leaked” from the russian law firm Capital LegalServices. The NB65 group has hacked and released more than 150,000 e-mails, 8,200 files and several hundred gigabytes of databases from the state-owned Mosekspertiza company set up by the Moscow Chamber of Commerce and Industry. See the source

Anonymous have leaked 15 GB of data stolen from the russian Orthodox Church

On April 2, Anonymous reported that hackers leaked 15 GB of data stolen from the ROC’s charity wing and published about 57,500 emails through DDoSecrets. Due to the nature of the data, they are currently only available to journalists and researchers. See the source

The 4th of April, Cyber Digest