The War in Ukraine: Pulse of Cyber Defense (March 26, 2022)

 

The State Service of Special Communication and Information Protection of Ukraine: The War in Ukraine: Pulse of Cyber Defense – Weekly analytics, March 26, 2022

UKRAINIAN CYBERHUB

The largest since World War II, war on the European continent continues not only on the land and in the air, but also in cyberspace. The State Service of Special Communication and Information Protection of Ukraine is responsible for the standards of cybersecurity in the country and takes an active part in its defense. The lessons of this war are extremely important for enhancing the protection of democratic states attacked by aggressive countries like russia. To this end, SSSCIP Ukraine initiates providing public analytical report as to the state and means of cyberdefense. Cyberhub of SSSCIP Ukraine will publish its data and conclusions that may be used by the world community for their own defense.

In general, between March 15 and March 22, computer emergency response team CERT-UA registered 60 cyberattacks. The State Service of Special Communication and Information Protection of Ukraine does not register serious activities similar to those at the beginning of the year.

KEY MOMENTS

• Cyberwar is a component of russia’s war against Ukraine. Hackers are more and more attacking the vital infrastructure, but cannot cause much damage.
• Hackers are trying to destroy the information infrastructure with the help of malicious software. Between March 15 and March 22, the number of types of engaged malware that destroys data increased till 4
• Among other things, hackers are attacking media resources in order to place their own propaganda and fascist symbols on the broken sites; they are also attempting to destroy the physical infrastructure of communication and television during their air raids and land attacks.
• The majority of cyberattacks between March 15 and March 22 are connected with the groups associated with the government or special services of russia and its allies. Among them are russian federation’s militaries.
• Some of the groups that attack Ukraine’s critical infrastructure are also attacking European institutions providing aid to Ukrainian refugees.
• For their attacks, hackers use intelligence data of russian federation.
• russian propaganda is spreading fakes about an alleged “cyberlanding” of the USA and NATO in Ukraine, because they cannot believe that Ukraine is capable of defending itself in cyberspace.

DETAILS 

1. During the first month of the war, the number of cyberattacks increased  almost threefold as compared to the same period last year 

During the month of the war, CERT–UA registered 198 cyberattacks. During  the same period of time last year, their number was 76. 

Top five branches that suffer from cyberattacks are: central and local  governments, security and defense sector, commercial organizations,  financial sector, and telecom. 

More than half of the attacks are attempts to collect information and to  spread malicious software. Among the top five methods of cyberattacks  are: intrusion, loss of availability, and loss of information properties.

2. Between March 23 and March 29, russia continued its cyberattacks  against Ukraine’s critical information infrastructure and state institutions 

All in all, between March 23 and March 29, CERT–UA registered 65  cyberattacks. That is five attacks more than the previous week. Both focus  and popular methods of attacks remain unchanged. 

Similar to the previous reporting period, the State Service of Special  Communication and Information Protection of Ukraine did not register  activities as serious as those registered at the beginning of the year.

3. The attackers are military hackers from russian federation and belarus 

During the reporting period, Ukraine’s infrastructure was cyberattacked by  at least the following groupings (according to CERT–UA classification): 

• N UAC-0056: GrimPlant, GraphSteel 
• N UAC-0051 aka unc1151: Cobalt Strike Beacon 
• N UAC-0041: MarsStelaer 

These groupings are affiliated with the governments of russia and belarus.  It’s not the first time when they attack Ukraine’s state bodies. The primary  aim of these groupings is collecting the users’ data as well as spreading  malware. 

4. On March 28, the hackers launched a powerful attack against the  infrastructure of one of Ukraine’s largest providers Ukrtelecom 

On March 28, a powerful cyberattack against infrastructure of  telecom-operator Ukrtelecom was launched. For the sake of preserving  network infrastructure and further providing services to Ukraine’s  Armed Forces, other military formations and critical infrastructure users,  Ukrtelecom temporarily limited its services to the majority of private users  and business clients. 

Cybersecurity specialists promptly reacted to the attack. Less than within  24 hours, the provider’s work was restored by 85%.

      5. Research as to the safety of using DJI drones in Ukraine confirmed that  the company assists the russians in their attacks against the Ukrainian  unmanned aerial vehicles and against their operators

6. Cybersanctions against russia 

Because of their aggression against Ukraine and the entire civilized world,  russia and russian specialists in cybersecurity are under sanctions 

The USA FCC added “Kaspersky Laboratory” to the list of communication  equipment and services providers that can pose a threat to the United  States. Besides, the platform for bug identification for remuneration  HackerOne that stimulates the search for program mistakes\ is no longer  available for “Kaspersky Laboratory”. 

More via SSSCIP