The State Service of Special Communication and Information Protection of Ukraine: The War in Ukraine: Pulse of Cyber Defense – Weekly analytics, March 26, 2022
The largest since World War II, war on the European continent continues not only on the land and in the air, but also in cyberspace. The State Service of Special Communication and Information Protection of Ukraine is responsible for the standards of cybersecurity in the country and takes an active part in its defense. The lessons of this war are extremely important for enhancing the protection of democratic states attacked by aggressive countries like russia. To this end, SSSCIP Ukraine initiates providing public analytical report as to the state and means of cyberdefense. Cyberhub of SSSCIP Ukraine will publish its data and conclusions that may be used by the world community for their own defense.
In general, between March 15 and March 22, computer emergency response team CERT-UA registered 60 cyberattacks. The State Service of Special Communication and Information Protection of Ukraine does not register serious activities similar to those at the beginning of the year.
- Cyberwar is a component of russia’s war against Ukraine. Hackers are more and more attacking the vital infrastructure, but cannot cause much damage.
- Hackers are trying to destroy the information infrastructure with the help of malicious software. Between March 15 and March 22, the number of types of engaged malware that destroys data increased till 4
- Among other things, hackers are attacking media resources in order to place their own propaganda and fascist symbols on the broken sites; they are also attempting to destroy the physical infrastructure of communication and television during their air raids and land attacks.
- The majority of cyberattacks between March 15 and March 22 are connected with the groups associated with the government or special services of russia and its allies. Among them are russian federation’s militaries.
- Some of the groups that attack Ukraine’s critical infrastructure are also attacking European institutions providing aid to Ukrainian refugees.
- For their attacks, hackers use intelligence data of russian federation.
- russian propaganda is spreading fakes about an alleged “cyberlanding” of the USA and NATO in Ukraine, because they cannot believe that Ukraine is capable of defending itself in cyberspace.
- During the first month of the war, the number of cyberattacks increased almost threefold as compared to the same period last year
During the month of the war, CERT–UA registered 198 cyberattacks. During the same period of time last year, their number was 76.
Top five branches that suffer from cyberattacks are: central and local governments, security and defense sector, commercial organizations, financial sector, and telecom.
More than half of the attacks are attempts to collect information and to spread malicious software. Among the top five methods of cyberattacks are: intrusion, loss of availability, and loss of information properties.
- Between March 23 and March 29, russia continued its cyberattacks against Ukraine’s critical information infrastructure and state institutions
All in all, between March 23 and March 29, CERT–UA registered 65 cyberattacks. That is five attacks more than the previous week. Both focus and popular methods of attacks remain unchanged.
Similar to the previous reporting period, the State Service of Special Communication and Information Protection of Ukraine did not register activities as serious as those registered at the beginning of the year.
- The attackers are military hackers from russian federation and belarus
During the reporting period, Ukraine’s infrastructure was cyberattacked by at least the following groupings (according to CERT–UA classification):
- N UAC-0056: GrimPlant, GraphSteel
- N UAC-0051 aka unc1151: Cobalt Strike Beacon
- N UAC-0041: MarsStelaer
These groupings are affiliated with the governments of russia and belarus. It’s not the first time when they attack Ukraine’s state bodies. The primary aim of these groupings is collecting the users’ data as well as spreading malware.
- On March 28, the hackers launched a powerful attack against the infrastructure of one of Ukraine’s largest providers Ukrtelecom
On March 28, a powerful cyberattack against infrastructure of telecom-operator Ukrtelecom was launched. For the sake of preserving network infrastructure and further providing services to Ukraine’s Armed Forces, other military formations and critical infrastructure users, Ukrtelecom temporarily limited its services to the majority of private users and business clients.
Cybersecurity specialists promptly reacted to the attack. Less than within 24 hours, the provider’s work was restored by 85%.
5. Research as to the safety of using DJI drones in Ukraine confirmed that the company assists the russians in their attacks against the Ukrainian unmanned aerial vehicles and against their operators
- Cybersanctions against russia
Because of their aggression against Ukraine and the entire civilized world, russia and russian specialists in cybersecurity are under sanctions
The USA FCC added “Kaspersky Laboratory” to the list of communication equipment and services providers that can pose a threat to the United States. Besides, the platform for bug identification for remuneration HackerOne that stimulates the search for program mistakes\ is no longer available for “Kaspersky Laboratory”.
More via SSSCIP
- Come Back Alive is one of the largest charitable foundations that supports Ukrainian soldiers, founded by the IT specialist Vitaliy Deynega. The organization collected more than 210 million UAH (more than $7M) in 2014. According to Na chasi, the Patreon page Come Back Alive is in the top ten projects by the number of financial donations.
- Army SOS, which develops drones;
- Everybody Can, an organization that supports internally displaced people;
- Help on the Ministry of Defense website.