The 1st of September, Cyber News

Ukraine

Kyivstar Received Certification for Providing the Service «Protection Against DDoS Attacks»

The national telecom operator Kyivstar received certification for providing the service «protection against DDoS attacks» to clients of the B2G sector.

As noted, the telecom operator modernized the network infrastructure, which increased performance, throughput, fault tolerance, and improved the Comprehensive Information Protection System of the information and telecommunications system of the protected Internet access node. Its reliability is confirmed by the state examination and the Certificate of Conformity of KSZI ITS-ZVID, approved by the State Service of Special Communications Administration. This document certifies that the network infrastructure is protected from unauthorized access and meets the high standards of network security and the requirements of regulatory documents on technical equipment.

«In 2021, we implemented in Kyivstar and offered business clients a service of comprehensive protection against DDoS attacks (AntiDDoS service). The received Certificate makes it possible to provide services to B2G customers as well,» commented Yuriy Prokopenko, Cyber Security Director of Kyivstar.

The AntiDDoS service is a multi-level protection against targeted malicious traffic, the effectiveness of which has been tested on the operator’s own IT systems and network. The basis of the service is the FortiDDoS solution from the developer Fortinet.

Kyivstar emphasized special attention to the protection of subscribers’ information and network security. As an important infrastructural object, the operator is integrated with the MISP-UA platform – this is a state information system that provides users with notifications about cyber incidents in Ukraine and the world; it collects and analyzes information. ¹

The «Kherson Bridge» Headquarters Tried to Hack the Telegram Channel

Unknown people tried to gain access to the Telegram account of Serhiy Nikitenko, the editor of the Kherson website BRIDGE. He informed IMI about this. This morning, he started receiving messages and phone calls from numbers in the US, which made it clear that someone was trying to access his account. As can be seen from the messages, they wanted to gain access from Ukraine, although the IP address belongs to one of the Polish mobile operators. At the same time, the attackers entered the code correctly, but were unable to guess the two-factor authentication password. ²

Ukraine Joins Efforts with European Countries to Create a Safe Cyberspace and Counter Cyber Threats

State Service of Special Communications and the National Cyber Security Directorate of Romania signed a memorandum of understanding in the field of cyber security cooperation.

Cyberspace has no borders. Not only Ukraine suffers from the attacks of russian hackers, but also other democratic countries of the world. Therefore, joint efforts and coordination in countering cyber threats are of utmost importance today. Only together can you defeat the enemy.

The signing of the memorandum is another serious step to strengthen the cyber resilience of our state and partners, which provides for:

exchange of experience and best practices in the field of cyber protection;
exchange of information regarding cyber incidents, methods of identifying vulnerabilities and responding to cyber threats;
cooperation on new research in the field of cyber protection;
joint participation in projects aimed at increasing and further strengthening the cyber protection capabilities of public and private institutions, and much more.

Another important component of cooperation is education and training of cyber security specialists. In particular, as Deputy Head of the State Service of Special Communications Viktor Zhora noted, there are interesting approaches to emulating cyber attacks on automated technological process control systems. After all, this is one of the areas of our work at the UA30 Cyber Center training center. «Over the past six months, since the beginning of the full-scale military invasion of russia, Ukraine has gained a lot of experience in repelling cyberattacks – to date there have been more than a thousand of them. Ready to share their experience, as well as to learn from partners. It is important for our employees and for the employees who are responsible for cyber security in the state bodies of our country to deepen their knowledge of cyber security and to learn and for those who work at critical infrastructure facilities,» stressed Yuriy Shchygol, head of the State Service of Special Communications.³

Ukraine Deepens Cooperation with Poland in the Field of Cyber Security

Oleksandr Potii, deputy head of the State Service of Special Communications, met with Karol Molenda, commander of the Polish Cyberspace Defense Forces. This is the first meeting of the parties, aimed at implementing the memorandum of understanding in the field of cyber protection, signed on August 22 between the Governments of Ukraine and Poland.

During the meeting, which was also attended by experts in cyber security and international cooperation, the role of each body in the countries’ defense systems, their scope of activity and areas of responsibility, the work of Ukrainian and Polish cyber incident response teams, as well as the general ecosystem of cyber security and information exchange platforms were discussed.

«The expertise that Ukraine has at its disposal is invaluable for the joint construction and development of capabilities in the field of active protection against cyber threats,» said General Karol Molenda. According to Oleksandr Potii, joining forces with partners is the key to successfully resisting hostile cyberattacks. The brutal war unleashed by russia continues on the territory of Ukraine. But cyberspace has no borders, and russian hackers attack not only our state, but other countries as well – everyone who supports Ukrainian independence and democratic values. «Unification of cyber potentials of Poland and Ukraine will undoubtedly benefit both our states and peoples. This will allow us to build a safe cyberspace, to resist cyber aggression together,» the deputy head of the State Service of Special Communications emphasized. Cooperation between Ukraine and Poland in countering threats in cyberspace and building a reliable defense against cyber attacks will continue to deepen. This includes the exchange of information and experience, and the holding of joint exercises, trainings, consultations, as well as other activities that will allow strengthening the cyber capabilities of both countries. «We are starting to develop specific plans to solve new tasks and achieve new results. We will fill the Ukrainian-Polish memorandum with specific projects and programs,» Oleksandr Potii noted. ⁴

Mass Distribution of the AgentTesla Malware

On August 30 and 31, 2022, the government computer emergency response team of Ukraine CERT-UA recorded mass mailings of emails with the topic «Technisches Zeichnen» among Ukrainian, Austrian and German organizations.

Attached to the e-mail is an IMG file (for example, «Technisches Zeichnen.img») containing a CHM file of the same name, opening which will execute JavaScript code, which in turn will ensure that the node.txt file is downloaded and executed using PowerShell.

The mentioned file contains PowerShell code that will decode, decompress (Gzip) and execute DLL and EXE files. The EXE file is the AgentTesla malware. Note that similar mailings were also recorded on August 11, 2022, while the emails contained the attachment/subject «Contractual documentation». The activity is temporarily tracked by the identifier UAC-0120. ⁵

russia

Attacks of the IT Army of Ukraine

«On September 1, there were changes in the trade of branded dairy products in russia, namely –wholesalers and retailers of branded «milk» with a shelf life of more than 40 days are obliged to use electronic document management services. Today’s target is the combined resources of marking and electronic document management systems, which we have already attacked before but separately, so today we needed to mobilize our forces. A failure in these systems will prevent dairy products from being placed on store shelves and will strike at the decision-making system at the state level as tied to a small group of people close to putin who actively lobby for increased control of markets for profit.» — hacktivists wrote in their Telegram.⁶

World

China-Taiwan Military Tension Fuels an Active Cyberwar

China and Taiwan successfully avoided escalating toward military conflict. However, both sides are affected by active cyber warfare, a report says. After tensions between China and Taiwan did not materialize into a larger military conflict in August, the world had a sigh of relief. Yet while guns are silent, keyboards are not. Cyber activity between China and Taiwan is marked by multi-vector attacks, similar to what experts witnessed happening between russia and Ukraine, researchers at threat intelligence firm Cyberint say.

A recent report shows that tensions in the cyber realm are high, and the number of national-level cyberattacks affecting China and Taiwan has recently increased significantly. According to Cyberint Research Team, the increasing number of cyberattacks will attract more competing hacking groups, increasing the risk of the heated conflict spiraling out of control in the cyber realm. «It’s safe to assume that if the tension will continue, more will join the game, and as a result, more powerful threat actors will choose sides and show their abilities. Thus leading to a an escalation that we have seen on russia-Ukraine as well,» researchers told Cybernews. ⁷