The 31st of May, Cyber News


14 Million of Suspicious Events of Information Security for Three Months: the Report of the Operational Center for Responding to Cyber Incidents of the State Service of Special Communication

The Operational Center for Cyber ​​Incident Response of the State Center for Cyber ​​Defense of the State Service of Special Communication published a report on the results of the Vulnerability Detection and Response System in the first quarter of 2022. In the first three months of the year, the system registered 14 million suspicious information security incidents. Of these, 78 thousand were treated as critical. According to the results, 40 cyber incidents were registered. 65% of suspicious events were found in ministries and organizations, 35% fell on regional state administrations[1].

The most common categories of events:

– malicious code

– collection of information by an attacker

– attempts to intervene

Groups whose indicators of compromise were found in the networks of clients of the State Center for Cyber ​​Defense of the State Service of Special Communication:

▪️ UAC-0010 (Armageddon)

▪️ UAC-0098 (IcedID/Trickbot (?) group)

▪️ UAC-0082 (Sandworm)

▪️ UAC-0028 (APT28)

▪️ UAC-0029 (APT29)

▪️ UAC-0064 (SunSeed, Asylum Ambuscade)

▪️ UAC-0035 (InvisiMole)

▪️ UAC-0108 (KillNet)

For the first time, the Ukrainian delegation took part in a meeting of the Steering Committee of the The NATO Cooperative Cyber Defence Centre of Excellence(CCDCOE)

The meeting took place on May 30 in Tallinn. Ukraine’s accession to the CCDCOE is an important step for our country to strengthen international cooperation in the field of cybersecurity and cyber defense, as well as on Ukraine’s accession to NATO. After all, today no country in the world can counter cyber threats on its own. Ukraine is at the forefront of cyber warfare. For many years, russian hackers used our cyberspace as a training ground and later used the approaches tested in Ukraine to attack other democracies around the world. Ukraine needs to implement the world’s best solutions in the field of cyber security and is ready to share its experience with the international community. Ukraine applied to join CCDCOE in August last year. On March 4, 2022, the application was unanimously supported by all members of the Steering Committee. A technical agreement on accession, which formalizes Ukraine’s participation, is currently being prepared [2].


russian Media Sites Are Being Attacked En Masse by Hackers

Dozens of regional media outlets are currently inaccessible throughout russia. Thus, the sites of the leading media of Primorye – STRC «Vladivostok» and «OTV-prim» — have suffered an unprecedented DDOS-attack and are inaccessible for more than 12 hours. «Vesti: Primorye» wrote in its TG channel that, according to a source in roskomnadzor, the attack is being carried out from the territory of Ukraine. The website of the Stavropol media was also attacked by hackers and turned out to be inaccessible. According to the management of STRC local TG channels, the resource of the state media was subjected to a powerful DDOS attack [3].

In russia, the Online Broadcast of Three Radio Stations Was Hacked, Airing Ukrainian and Anti-War Songs

During the online broadcast of three radio stations in St. Petersburg, unknown people released Ukrainian and anti-war songs. On May 14, the anthem of Ukraine performed by Oleksandr Ponomarev, a joint composition of Pink Floyd and Boombox vocalist Andriy Khlyvnyuk on the air of Dorozhny Radio, Retro FM and New Radio on the Internet for more than two hours «Oh, red viburnum in the meadow» and the song «We don’t need war!» by the russian band «Nogu Svelo» together [4].


Criminals use Deepfake of Ilona Mask to steal cryptocurrency

According to Vice, fraudsters turn to celebrity dipkeys, journalists and NFT projects to persuade people to send various cryptocurrencies. Last weekend, a video was circulated on the Internet showing Elon Musk promoting an apparent cryptocurrency scam called BitVex. It was a fake, most likely a dip-fake — a video created by artificial intelligence, which was a new evolution in the world of shadow crypto-promotions. False Musk claims that BitVex is a project he created to spread bitcoin, and promises 30% daily profits for three months from any cryptocurrency. The video has been circulating on Twitter for several days when Musk responded to a post on Wednesday in which he was arrested. «Ugh. Definitely not me», he wrote on Twitter. Google Chrome currently identifies the BitVex.io URL as a «fraudulent» website and reports that phishing attempts have been detected. The 11-hour version of Musk is still on Youtube and has already gained more than 60,000 views [5].

Infecting with the help of a PDF document is again the focus of cybercriminals

HP Wolf Security has announced the discovery of a new epidemic of malware infection using PDF files. According to experts, the attackers send an e-mail with a notification of payment and an attached PDF document. Once opened, Adobe Reader prompts you to run the DOCX document contained in the file, which will trigger the virus. In addition, it became known that hackers also learned to cheat security systems and present the file as verified. This scheme uses vulnerability CVE-2017-11882, which was closed in November 2017, but it still occurs on the computers of some users who do not care about security. According to a report by HP Wolf Security, in the first quarter of this year, more than 45% of stopped attacks on computers used Microsoft Office formats in one way or another [6].