The 6th of April, Cyber Digest
IN UKRAINE
According to the Ministry of Digital Transformation, Ukrainian IT army has attacked more than 600 russian online resources during the war
Created before the russian invasion of Ukraine, the cyber army, whose task is to fight with the enemy in the digital space, has achieved great success during the war. According to the agency, the IT army has already managed to break 660 russian resources. The services of state bodies, propaganda media, banks, telecom operators, EDS services, as well as business sites supporting russian aggression against Ukraine have been blocked. In addition, cyber warriors use all channels of communication to convey to the russians information about the atrocities committed by the russian army. The Ministry of Digital Transformation calls on all those wishing to join the ranks of online troops. See the source, source1, source2, source3
SSU and NATO have strengthened the cooperation in cybersecurity: mutual integration of threat monitoring systems has started working
The SSU continues developing cooperation with international organizations. Within its framework, the cyber threat monitoring systems of Ukraine and NATO have been integrated. The Multinational Malware Information Sharing Platform (MN MISP), which exists and is being developed by the North Atlantic Alliance since 2012, will be integrated with the Ukrainian MISP-UA – a tool for countering threats in the digital space, created in 2018. The latter has nearly 1,300 critical infrastructure, government and military resources that could be targeted by enemy attacks. Since the beginning of the war with Russia, MISP-UA users have regularly received reports of possible cyber threats, the probability of which is established by the SSU, and can share information in a closed community. According to the SSU, cooperation with NATO will allow even more effective protection of Ukrainian cyberspace from threats. See the source, source2
Cyberattacks aimed at gaining access to Ukrainian Telegram accounts
The joint efforts of specialists of the Cyber Police Department of the National Police of Ukraine and the Government Team for Responding to Computer Emergencies of Ukraine CERT-UA obtaining unauthorized access to the accounts of the mentioned service, including the possibility of intercepting one-time SMS-code. As a result of such attacks, attackers steal session data, contact list and correspondence history. The Cyber Police Department of the National Police of Ukraine urges to be vigilant and take into account the described vector of attacks, as well as not to follow suspicious links and set an additional password for two-stage authentication in Telegram (along with the code with SMS). In case of receiving such notifications, we ask you to immediately inform the parts of cyber security of Ukraine in order to take urgent measures to block malicious web resources. This activity is tracked by UAC-0094. See the source, source1
Rivne most popular media, Radio Track, is under systematic DDoS attacks
Rivne most popular media, Radio Track, has had systematic DDoS attacks since the beginning of the full-scale war in Ukraine. Mykola Kulchynskyi, Editor-in-Chief of Radio Track, told IMI about this. Radio Track users sometimes can’t load the page because the browser is displaying an error. According to Mykola Kulchynsky, the attack is on a server in Lviv. The site does not work during powerful attacks. More often than not, the editorial office is faced with the fact that it cannot publish materials. “This is an obstacle to journalism, because we can’t work properly,” – Mykola Kulchynskyi said. See the source
Zello, which was used during the Revolution of Dignity, proved to be dangerous
The so-called social radio, which helped Ukrainians during the Maidan, is now completely under russian control. They received technical information about users. This allowed us to identify them by tracking data around the clock. The Zello program from Zello Inc was created by russian programmers, according to the Department of Strategic Communications of the Armed Forces of Ukraine. The agency warns that it is dangerous to use a walkie-talkie now, as russian intelligence has access to user data. According to the Armed Forces, the latter listens to the conversations of Ukrainians around the clock, receiving information about the war. See the source, source1
IN RUSSIA
Gazprom’s main website has stopped working
The main website of Gazprom covered the opposition statement of the Chairman of the Board of PJSC Gazprom against the russian war in Ukraine – all text at the link. Some time after this press release, the website https://www.gazprom-neft.ru/ stopped working. See the source
IT-army of Ukraine attacked close to 15 subsidiary domains of Gazprom
“IT Army is trying not only to block information resources, but also to convey the truth,” the IT ARMY of Ukraine Telegram channel says. On the websites there were posted photographs of the sleazy tragedies in Buchi. Website redirect:
https://shelf.gazprom-neft.com/; https://web.archive.org/web/20220406070337/https://shelf.gazprom-neft.com/; https://aero.gazprom-neft.com/; https://web.archive.org/web/20220406064705/https://aero.gazprom-neft.com/; https://azs.gazprom-neft.tj/; https://web.archive.org/web/20220406064022/https://azs.gazprom-neft.tj/; https://shelf.gazprom-neft.ru/; https://web.archive.org/web/20220406071307/https://shelf.gazprom-neft.ru/; https://techpark.gazprom-neft.ru/; https://web.archive.org/web/20220406071058/https://techpark.gazprom-neft.ru/; http://yamal.gazprom-neft.ru/; https://web.archive.org/web/20220406070323/http://yamal.gazprom-neft.ru/; https://vostok.gazprom-neft.ru/; https://web.archive.org/web/20220406070631/https://vostok.gazprom-neft.ru/; https://techpartners.gazprom-neft.com/; https://web.archive.org/web/20220406070741/https://techpartners.gazprom-neft.com/; https://techpartners.gazprom-neft.ru/; https://web.archive.org/web/20220406070902/https://techpartners.gazprom-neft.ru/ https://supply.gazprom-neft.com/; https://web.archive.org/web/20220406071150/https://supply.gazprom-neft.com/; https://sakhalin.gazprom-neft.ru/; https://web.archive.org/web/20220406071502/https://sakhalin.gazprom-neft.ru/; https://road.gazprom-neft.ru/; https://web.archive.org/web/20220406071550/https://road.gazprom-neft.ru/.
See the source
The website of Norilsk Nickel and Magnit has been hacked
The current hour on the websites of the russian mining and metallurgical company “Nornickel” and one of the leading distribution networks near the Russian Federation “Magnit” was posted a photo of the legacy of russian military atrocities near Bucha. Website redirect:
https://www.nornickel.ru/; https://web.archive.org/web/20220406072940/https://www.nornickel.ru/;
https://www.magnit.com/; https://web.archive.org/web/20220406073412/https://www.magnit.com/en/. See the source
IN THE WORLD
The United States has imposed sanctions on russian largest platform, Hydra
The US Treasury Department has announced sanctions against the largest russian-language platform in the darknet Hydra. The Garantex cryptocurrency exchange has also been sanctioned. Since 2015, Hydra has been the largest market in the dark market in terms of revenue. The platform is popular with cybercriminals to communicate and find ways to launder money or trade in stolen data and drugs. The sanctions stipulate that all assets of these formations owned by US citizens will be frozen, regardless of location inside or outside the country. The US Treasury Department said that both Hydra and Garantex had been used by extortionists to launder millions of dollars from their crimes. See the source, source1
