The 7th of September, Cyber News


The Security Service of Ukraine Reported Suspicion to the Organizer of a Powerful Bot Farm in the Carpathian Region

The investigators of the Security Service collected a comprehensive evidence base and reported the suspicion to the organizer of the bot farm, which was eliminated by cyber specialists of the special service in 2021 in the Ivano-Frankivsk region.

The impersonator used almost 11,000 cards of one of the Ukrainian mobile operators to create fake accounts. The «powers» of this bot farm were actively used by a large russian Internet platform that illegally rents out other people’s phone numbers.

This made it possible to create thousands of fake accounts in social networks, messengers and video hosting. Because of them, there was a large-scale distortion of the information space, «fraud» of views, likes, and comments. In this way, public consciousness was influenced, in particular, in the interests of enemy propaganda. Currently, the organizer of the bot farm has been notified of suspicion under Part 2 of Art. 361 of the Criminal Code of Ukraine. 1 

The 7th of September, Cyber News

An Agreement Was Signed in Brussels Between the Government of Ukraine and the European Commission Regarding Ukraine’s Accession to the EU Program «The Digital Europe Programme»

The signing of the Agreement will enable the activation of projects in Ukraine:

– cyber security and digital skills;

– development of supercomputers;

– artificial intelligence. 2 

The Creation of a Cyber Security Infrastructure Made it Possible to Protect Ukrainian Web Resources and Databases from russian Attacks – Volodymyr Zelenskyy during a conversation with the heads of large American businesses within the opening of the New York Stock Exchange (NYSE).

Thanks to the professionalism of Ukrainian IT specialists and the help of foreign partners, in particular companies such as Amazon, Ukrainian web resources and databases were protected from powerful attacks carried out from the territory of the russian federation and belarus in the first days of the full-scale invasion.

«Saving our data, protecting data – of both government bodies and private companies – was a very important fundamental step,» he said. The Head of State noted that after the start of the full-scale war, even those Ukrainian websites that were subjected to the most powerful cyber attacks endured, in particular the portal of the National Bank, the websites of the ministries and the Office of the President of Ukraine. Data on the supply of weapons was also protected. As Volodymyr Zelenskyy emphasized, this became possible thanks to the construction of cyber security infrastructure, which was a priority from the beginning of his presidency, as Ukraine had to protect itself from russian cyber attacks.

On the eve of the war, the Ukrainian side decided on the possibility of temporary storage of data abroad, and the Amazon company was the first to react to the full-scale invasion and offered Ukraine an unlimited and free service for storing state registers. In the first weeks of the war, 36 Ukrainian authorities transferred more than 60 of their critical registers and systems to Amazon resources, including the Ministry of Internal Affairs, the Ministry of Health, ProZorro systems, the All-Ukrainian online school, etc. In this way, Amazon made it possible to create a reliable backup infrastructure for Ukraine.

On the 6th day of the war, March 1, a russian missile hit the National Data Backup Center in downtown Kyiv. Backup copies of state registers are stored there. But not a single basic register and not a single critical state service was stopped, and the state worked stably and quickly responded to the challenges of the war. In this way, the functioning of the state avoided the physical and virtual attack of the aggressor. 3


russia Lacks Tens of Thousands of Cyber Security Specialists

This opinion was expressed by the Deputy Chairman of the Board of Sber, Stanislav Kuznetsov, at one of the sessions of the Eastern Economic Forum, which is currently being held in Vladivostok. But Deputy Head of the Ministry of Statistics Maksym Parshin disagrees with him.

«Our assessment is quite sad: about 5,000 specialists work in the field of cyber security in the country. Today, the need is twentyfold,» Kuznetsova is quoted as saying by RBC. The shortage of personnel is primarily associated with the departure of IT workers from russia in the last six months. The Ministry of Statistics believes that the problem of the departure of IT specialists is «many times exaggerated» and «there is a lot of hype on this topic».

Parshin also points to a misinterpretation of the goals of creating measures aimed at supporting the industry: many believe that they should prevent the departure of specialists, although in reality such goals were not set. And support, for example, in terms of tax benefits, was launched more than two years ago.

According to experts’ estimates, since the beginning of the unleashed war, hundreds of thousands of IT specialists have left russia. 4


A Hacker Have Stolen $185,000 Worth of Cryptocurrency from Actor Bill Murray

An unknown hacker stole 119.2 Ethereum from actor Bill Murray. He held an auction for Chive Charities. A few hours later, the attacker transferred the money to his wallet and tried to steal the actor’s NFT collection.

According to Etherscan data, the hacker began transferring cryptocurrency from Murray’s wallet a few hours after the auction closed. A team from the consulting company NFT Project Venkman intervened in the process. She monitors the security of the actor’s wallet. Team representatives moved his NFT to another wallet. Murray’s personal collection includes 800 NFTs, including two CryptoPunks, Damien Hirst’s NFT, Pudgy Penguin, Cool Cat, and several Flower Girls.

The user who took second place in the Murray auction sent 120 Ethereum (about $187.5 thousand) to Chive Charities, for which the collection was organized. The perpetrator has not yet been found. Murray’s team told CoinDesk that they have filed a police report and are working with crypto-analytics firm Chainalysis. 5

ESET Has Discovered a New Group of Cyber Spies – Worok

The company ESET informed about the detection of targeted attacks of a new group of cyber espionage Worok. Among the attackers’ targets were various telecommunications and banking companies, energy and military enterprises, as well as government organizations.

According to ESET telemetry data, the Worok cybercriminal group has been active since at least 2020 and continues to operate today. In some cases, attackers used ProxyShell vulnerabilities to gain initial access.

From May 2021 to January 2022, there was a break in the group’s activities. However, already in February of this year, Worok’s activity resumed, which confirms an attack on an energy company in Central Asia and a government organization in Southeast Asia. It is worth noting that the Worok cyber espionage group develops its own tools and uses existing ones to compromise its targets. The attacker’s special toolkit contains two loaders, CLRLoad and PNGLoad, as well as the PowHeartBea backdoor. 6

Japanese Government Websites Were Subjected to Cyber Attacks by the russian federation

Due to the attack, access to government websites, including the administrative portal e-Gov Digital Agency, was temporarily blocked. This resource provides administrative information from government organizations and allows citizens to submit documents for registration online.

The pro-kremlin group Killnet published a message on social networks, saying that it was they who attacked the website with electronic services of the government portal e-Gov.

In addition, the hackers said their group disabled the country’s tax portal, local payment system JCB and the popular Japanese social network Mixi. It is reported that Killnet was attacked by Japanese resources because of Japan’s support for Ukraine, as well as because of the dispute with russia over the ownership of the Kuril Islands.