20.07.2022

The 20th of July, Cyber News

Ukraine 

90% of Attacks on Ukrainian Resources Are Carried Out by Military Hackers of the russian federation and belarus, whose Activities Are Financed by the Authorities

Due to the full-scale invasion of russia on February 24, martial law was introduced in Ukraine. At the same time, the russian military carries out aggression against our country in cyberspace. The number of cyber attacks on state information systems and objects of critical information infrastructure has tripled. According to State Special Communications, 90% of attacks are carried out by military hackers of the russian federation and belarus, whose activities are financed by the authorities. The main target of russian hackers is civilian infrastructure. They are trying to cause as much damage as possible to ordinary people by means of missile and other attacks, as well as cyber attacks. Due to military operations, many institutions transferred their data – some to other, more peaceful regions of the country, some – to a cloud on the territory of Ukraine, some – to a cloud abroad. Corresponding changes were made to the legislation, which allowed even state institutions to do this. However, as before, all information systems whose protection requirements are enshrined in the legislation of Ukraine must be protected according to current standards. In particular, Complex Information Protection System, and in some cases the use of European standards ISO/IEC 27 series is permissible. It is information protection systems that are the first border that deters the enemy from destroying our country in cyberspace. [1]

russia 

Hackers Have Hacked the Website of the Ministry of Finance of russia

This was reported by the press service of the agency today. According to the information received the day before, there was a cyber attack by hackers on the official website of the ministry, and currently experts are carrying out technical work. [2]

World 

Pro-russian Hackers Attacked NATO Countries through Cloud Services

Cyberspies linked to russia’s Foreign Intelligence Service carry out cyberattacks on NATO member states using cloud services like Google Drive or Dropbox to avoid detection. This was reported by the Palo Alto cybersecurity company in its latest report. Pro-russian hackers tried to hack with the help of phishing e-mails with an alleged agenda for a meeting with the ambassador of one of the countries, which were sent to several diplomatic missions of Western countries and NATO during May-June. A Dropbox representative confirmed to Sky News that attackers used its service to carry out their actions, but the company notified industry partners and cyber researchers and immediately disabled user accounts. According to Palo Alto estimates, the attackers belong to the same organization accused of hacking US company SolarWinds in 2020. It allowed russian spies to gain access to the networks of at least nine US government agencies. Unlike the hacker groups associated with the Main Directorate of the General Staff of the Ministry of Defense of the russian federation (Main Intelligence Directorate) – effectively russian military intelligence, hackers from the Foreign Intelligence Service are believed to operate more covertly. [3]

Hackers Pose as Journalists to Gain Access to Classified Information

Cybercriminals from China, North Korea, Iran and Turkey continue to attack journalists around the world to obtain unique classified information. Analysts of the Proofpoint company say that hackers work for the state. The report states that attackers who try to break into journalists’ computers pose as media representatives. The story touches on several groups that impersonated or harassed journalists in 2021-2022. Since early 2021, the Chinese group Zirconium has been targeting American journalists with emails containing special trackers that notify the attackers that the messages have been viewed. This simple trick allowed the attackers to learn the IP address of the target, from which additional information could be obtained, for example, about the location of the victim and his Internet provider. In April 2022, another Chinese group was discovered that attacked the media using RTF files that, when opened, infected the victim’s machine with the Chinoxy virus. This group mainly attacked publications interested in Afghanistan’s foreign policy. In the spring of 2022, North Korean hackers were also seen attacking media workers using fake job advertisements. A Turkish group has organized credential-harvesting campaigns seeking to hack journalists’ social media accounts. Researchers believe that attacks will continue in the future, using phishing, social engineering and other similar tactics. At the same time, the goals of hackers can be different, from the desire to collect confidential information to attempts to manipulate public opinion. [4]