The 11th of May, Cyber News


The attackers are falsifying the resources of the Ministry of Internal Affairs of Ukraine

Employees of the Cyberpolice Department together with specialists of the Informatization Department of the Main Service Center of the Ministry of Internal Affairs of Ukraine discovered the facts of creation and distribution of phishing resources, which look like the official website for providing services. According to the Cyberpolice, counterfeit resources were «promoted» by criminals through advertising on social networks. Under the guise of checking the driver’s license, fraudsters illegally collected data on the series and number of licenses. It is likely that in the future, the attackers planned to produce forged driver’s licenses with original serial numbers so that they could be checked in databases. In addition, other tabs and pages on phishing sites were inactive. A database of about a thousand driver’s licenses has been confiscated. 5 phishing web resources are currently blocked [1], [2].

russian hackers carried out a large-scale DDoS attack on the sites of Ukrainian telecom operators

The aggressor continues to attack Ukrainian infrastructure not only with shells and missiles, but also with the help of cyber attacks. On Victory Day, hostile hackers launched a large-scale DDoS attack on the websites of Ukraine’s leading telecommunications companies. The russians are no longer even trying to hide their actions and are posting reports of attacks on the Internet. There is no point in hiding – the whole world knows who has been disguised as anonymous cybercriminals all this time. Despite the partial unavailability of the sites of some of the attacked companies, their networks work without interruption. Some users may experience a slight deterioration in the quality of Internet access. But in general, neither the work of companies nor the provision of services to their customers was actually affected by this DDoS attack. Which once again testifies to the effective cyber security systems that Ukrainian telecom business representatives have managed to build. The probable purpose of the cyber attack is to use it to conduct another information and psychological operation against the people of Ukraine. russian criminals are once again trying to deprive Ukrainians of access to the Internet and truthful information, to sow panic. Currently, experts are taking all measures to reduce the impact of a hostile DDoS attack [3].

Since the beginning of the year, almost 36,000 attacks on the servers of state authorities have been repulsed in Dnipropetrovsk region

Since the beginning of the year, Dnipropetrovsk IT specialists have repulsed almost 36,000 cyberattacks. This is ten times more than usual. This was announced on Tuesday, May 10, by the Deputy Chairman of  Dnipropetrovsk Regional State Administration Ivan Nachovny. russia has launched spyware to infiltrate government servers. Attempts were blocked by specialists from the regional military administration, the National Police and the Security Service of Ukraine. «Most cyberattacks took place on the eve of a full-scale war. The enemy was trying to gain access to official databases. Acted mainly through emails. After the mass attacks, we strengthened the cyber defense of the region, and the enemy lost its zeal,» said Ivan Nachovny [4].

The website of the Institute of Mass Information underwent a powerful ddos attack and did not work for more than three hours

Prior to that, the IMI site was periodically hacked and interrupted, but this time it stopped working for the first time. IMI links the attack to the organization’s activities, as well as the participation of media expert Iryna Zemlyana in a protest rally in Warsaw on May 9, during which she doused the russian ambassador to Poland with red paint. After the action, Iryna Zemlyana received more than 700 messages on social networks. She is threatened with physical violence and promised to be doused with acid [5].

The Zaporizhia website 061.ua received letters from russians with new propaganda theses

On May 9, the editorial office of Zaporizhia city website 061.ua received a letter from the russians with new rhetorical theses. It mentions «Western donors» and «curators of the Ukrainian secret services».  Thus, a letter from «Alexandrovich Tsisar» with the subject “Must be read», sent from the mail inbox.ru, reads: «The money you pay for inciting hatred against russians will not save you. Your curators from the Ukrainian secret services and authorities will forget you at the first danger to their own skins. Your Western donors, curators and sponsors will not help you either. You will just be thrown away as used and unnecessary things». The letter was signed by the hacker group NoName057 (16) [6].

Two Volyn mass media received threats from the russians about responsibility for «russophobic fakes»

The editorial staff of Volyn.Online and IA Konkurent again received threats from the hacker group Noname057 (16). Thus, on May 9, the editorial office of Volyn.Online received a letter in russian with the text: «Our grandfathers and great-grandfathers defeated the Nazis in 1945, and we will defeat the neo-Nazis in 2022! Our business is right! The enemy will be defeated! Victory will be ours!». This is the 15th letter from the representatives of the «russian world». However, they did not always write new threats. The editor of «Konkurenta» said that the e-mail of the publication on May 9 received threats of the following content: «All of Hitler’s accomplices had to answer for their actions. Don’t you think that you will also have to answer for your russophobic fakes, discrediting the actions of the russian Armed Forces and fooling your own audience? And, perhaps, very soon» [7].

Zaporizhzhya site Inform.Zp.Ua is threatened by russian hackers

The Zaporizhzhya edition of the inform.zp.ua website received three new threatening letters from April 30 to May 5. Two of them were signed by the hacker group NoName057 (16). The letters came from mail.ru. Thus, in a letter dated April 30 from the sender Cheslava Solovei it was reported: «We did not understand the first time – we will say it again. We will continue to demolish your sites if you do not stop the pipeline of fakes about russia. «The letter was signed by a link to the telegram channel of the hacker group Noname057 (16). On May 2, the editorial office received another letter, this time from Iryna Chyurakova, with poetic threats. The message read: «The russian Liberation Army is conducting an operation to save lives. And you, propagandists-distributors, cannot avoid criminal liability». And on May 5, the editorial mail received another threat from Noname hackers of the following content: «V» means victory, «Z» means for us! Your song is performed by propaganda lying companies! Hello, NoName057 (16)!». According to the editor-in-chief of the site, threatening letters from russia come systematically. In order to reduce the flow of threats, the editorial office also decided, in particular, to block all messages from unknown numbers in the telegram [8].



Chinese hackers have attacked Russian authorities 

According to Google, Chinese government hackers are targeting russian government agencies. russian authorities have suffered a series of cyberattacks by the Chinese ART group. This was announced by the Google Threat Analysis Group (TAG) in its report on cyber activity in Eastern Europe. Google TAG is a team of cybersecurity experts that protects Google users from attacks by government hackers. In previous reports, the group mentioned attacks by the same hacker group that affected not only russia but other countries in the region, such as Ukraine, Kazakhstan and Mongolia. «Hackers continue long campaigns against russian government organizations, including the Foreign Ministry,» said Google TAG security engineer Billy Leonard. «Over the past week, TAG has identified new threats to several russian defense contractors and manufacturers, as well as a russian logistics company». [9].



The European Union condemns russia’s cyber-attack on Ukraine an hour before the Kremlin’s war, which caused disruptions not only in Ukraine but also in several EU countries.

This is stated in the declaration of the High Representative of the EU on behalf of all 27 member states, published on the website of the European Council. «The European Union and its member states, together with international partners, strongly condemn the harmful cyber activity of the russian Federation against Ukraine against the KA-SAT satellite network operated by Viasat. The cyberattack took place an hour before russia’s unprovoked and unjustified invasion of Ukraine on February 24, 2022 to ensure military aggression,» the statement said. According to the EU High Representative, this cyber attack had a serious negative impact and caused communication disruptions and disruptions in the work of government and business institutions, other consumers in Ukraine, as well as affected several EU member states. The declaration said that this unacceptable cyber attack was further evidence of russia’s irresponsible behavior in cyberspace as part of its illegal and unprovoked invasion of Ukraine. Such behavior contradicts the expectations of all UN member states, including the russian Federation, regarding the responsible behavior and intentions of states in cyberspace [10].

Another wave of FluBot: malware being spread by SMS

Another mobile malware campaign has become active in Finland. The malware is being spread by SMS, and it is targeting Android devices. The FluBot malware may steal data from mobile devices. The malware spreads further by sending SMS and MMS messages from the infected devices. The messages that are circulating currently are written without Scandinavian letters (å, ä and ö) and in many messages words have been split by superfluous spaces. For iPhone users, the scam messages mean a risk of subscription traps and other types of fraud. «The most recent FluBot malware campaign is very similar to the previous ones. Fraudsters have sent thousands of scam messages. The malware has been updated, and in the present campaign scam messages are also being sent via MMS,» says Matias Mesiä, information security adviser at the NCSC-FI [11].