Tag Archive for: russian

Russian Agents Hack Webcams to Guide Missile Attacks on Kyiv

/in


The Security Service of Ukraine (SSU) has asked owners and operators of webcams in the country to stop broadcasts from their devices over concerns about Russia’s intelligence services using the feeds to conduct military reconnaissance against strategic targets.

The SSU’s move follows a recent incident where Russian agents hacked into two residential webcams in Kyiv to gather information on the city’s air defense systems prior to launching a missile attack on the Ukrainian capital.

Residential Webcams

In a statement, the SSU described one of the webcams as being located on top of a Kyiv apartment building — apparently near a critical infrastructure facility — and being used by the condo association to monitor the surrounding area. Russian intelligence services hacked into the camera, changed its viewing angle, and streamed its live feed to YouTube from which they monitored everything within the camera’s range.

The second camera too was located at a residential complex in Kyiv, this one for monitoring the building’s parking facility. Russian agents took control of the webcam the same way they did with the first and used it to gather information on an adjacent critical infrastructure facility. “The aggressor used these cameras to collect data to prepare and adjust strikes on Kyiv,” the SSU said. “Based on the uncovered facts, the SSU is acting to neutralize new attempts by the invaders to conduct reconnaissance and sabotage through online cameras.”

So far, this has meant blocking the operation of some 10,000 IP cameras in Ukraine that Russia could have used to inform its missile attacks on the country, the SSU said. In its statement, the state security agency reminded citizens and operators of street webcams in the country about their obligation not to broadcast video and images that Russia could use for targeted attacks. “Remember: it is forbidden to film and publish photos and videos of the operation of the Defence Forces and the consequences of enemy attacks,” the SSU said. “The publication of such material on the Internet is considered to be adjustment of enemy fire and is subject to criminal liability.”

The Broader Threat

Russia’s hacking of IP cameras and the country’s use of…

Source…

How this Ukrainian telecom company was hit by Russian hackers in one of the biggest cyberattack of war

/in


Russian hackers have hacked the system of Ukraine’s leading telecoms operator, Kyivstar, in a cyberattack that lasted for several days. The attack, which took place in December last year, affected approximately 24 million users and caused significant disruption to services. According to Reuters, the head of Ukraine’s cybersecurity department, Illia Vitiuk, revealed exclusive details about the attack, describing it as “disastrous” and aimed at causing psychological damage and gathering intelligence.

Vitiuk emphasized the importance of this attack as a warning to both Ukraine and the Western world, highlighting that no one is exempt from cyber threats. He noted that Kyivstar, being a wealthy and private company that heavily invested in cybersecurity, was targeted to send a strong message. The attack resulted in the destruction of numerous virtual servers and PCs, making it the first known instance of a cyberattack completely crippling a telecoms operator.

The Security Service of Ukraine (SBU) conducted an investigation and found evidence suggesting that the hackers had been inside Kyivstar’s system since at least May 2023, with full access likely gained in November. Vitiuk stated that the hackers could have potentially stolen personal information, intercepted SMS messages, and gained access to Telegram accounts. However, Kyivstar denied any leakage of personal or subscriber data, stating that they were collaborating with the SBU to investigate the attack and mitigate future risks.

Vitiuk further revealed that the SBU’s prompt response helped Kyivstar restore its systems and fend off subsequent cyberattacks. He acknowledged that the attack had a limited impact on Ukraine’s military, as they relied on different algorithms and protocols for drone and missile detection.

The investigation into the attack is challenging due to the extensive wiping of Kyivstar’s infrastructure. Vitiuk strongly suspected that the Russian military intelligence cyberwarfare unit known as Sandworm was responsible for the attack, citing their previous involvement in cyberattacks in Ukraine. He also mentioned a previous hack by Sandworm on another Ukrainian telecoms operator, detected by the SBU. Vitiuk highlighted…

Source…

Ukraine says Russian hackers penetrated major telecoms network for months – POLITICO

/in


Russian hackers were inside Ukrainian telecoms giant Kyivstar’s system from at least May last year in a cyberattack which crippled its services in December, Ukraine’s top cyber spy said.

In an interview with Reuters published Thursday, Illia Vitiuk, head of the Security Service of Ukraine’s cybersecurity department, said: “This attack is a big message, a big warning, not only to Ukraine, but for the whole Western world to understand that no one is actually untouchable,” adding it wiped “almost everything,” including thousands of virtual servers and PCs.

The attack caused more than 24.3 million Kyivstar customers to lose phone reception, with banks reporting disruptions to their services and Ukrainians in the country’s eastern war zone being left without a connection. Vitiuk has attributed the attack to Sandworm, a Russian military intelligence cyberwarfare unit which has been linked to cyberattacks in Ukraine and elsewhere.

“For now, we can say securely, that they were in the system at least since May 2023,” Vitiuk said, adding, “I cannot say right now, since what time they had … full access: probably at least since November.”

In a video statement in December, Kyivstar CEO Oleksandr Komarov said: “Unfortunately, the war with Russia has several dimensions. One of them is in cyberspace.”

Source…

Russian hackers send emails with malware, taking advantage of national mobile operator Kyivstar’s outage

/in


Russian hackers are taking advantage of the outage at Kyivstar, one of Ukraine’s national mobile operators, to send out emails containing malware to Ukrainians using archive files named “Amount owed by subscriber”, “Request”, “Documents”, etc., the State Service of Special Communications has warned.

Source: State Service of Special Communications and Information Protection of Ukraine (SSSCIP) and the Government Computer Emergency Response Team (CERT-UA)

Quote from SSSCIP: “Hackers persist in exploiting issues that are bothering thousands of Ukrainians to spread malware. This time, experts from CERT-UA, the Governmental Computer Emergency Response Team of Ukraine, have uncovered a massive email campaign with the subject line ‘Amount owed under your Kyivstar contract’ and an attachment named ‘Amount owed by subscriber.zip’.

Ukrainians have received emails regarding ‘Amount owed under your Kyivstar contract’, which contained attachments in the form of an archive named ‘Amount owed by subscriber.zip’ with attached password-protected RAR archives.

Moreover, CERT-UA has detected the spreading of emails with the subject heading ‘Security Service of Ukraine (SSU) request” with an attachment named ‘Documents.zip’. It includes a password-protected RAR archive ‘Request.rar’ followed by an executable file, ‘Request.exe’. As in the previous case, opening the archive and running the file leads to exposure to a RemcosRAT remote access programme.”

Details: The mobile operator Kyivstar experienced a large-scale outage on the morning of 12 December.

The CERT-UA team detected a massive email distribution with the subject line “Amount owed under your Kyivstar contract” and the attachment “Amount owed by subscriber.zip” on 21 December.

The ZIP archive contains a two-part RAR-archive “Amount owed by subscriber.rar”, containing a password-protected archive bearing the same name. The latter includes a document with the macro “Customer debt.doc”.

Once activated, the macro code will download the file “GB.exe” to the computer and run it using the SMB protocol via the file explorer (explorer.exe).

On its part, this file is an SFX archive containing a BATCH script to download the executable file “wsuscr.exe” from…

Source…