Tag Archive for: Ukraine’s

teiss – News – Ukraine’s largest mobile-only bank, Monobank, faces severe DDoS cyberattacks


Monobank, Ukraine’s leading mobile-only bank, encountered a relentless wave of denial of service (DDoS) attacks on January 21, severely disrupting its operations and causing widespread chaos.

 

Please take 30 seconds to register


or if you have an account please login

Source…

Ukraine’s Largest Phone Operator Hacked in “Act of War”


Kyivstar, Ukraine’s leading mobile network operator, is experiencing a significant shutdown allegedly due to a cyber-attack.

The company, owned by Amsterdam-based Veon, warned on December 12 that it had suffered a “powerful” cyber-attack that caused a technical failure, rendering internet access and mobile communications temporarily unavailable for its customers.

Although Kyivstar did not make directly attribute the attack initially, its director general later told Agence France Presse (AFP) that the firm considered the attack to be linked with the war against Russia.

In a Facebook post, Kyivstar said it was investigating the issue with law enforcement agencies, had reported it to Ukrainian state services, and was “working to eliminate the consequences and restore communications as soon as possible.”

“The most important thing is that, as of now, the personal data of subscribers has not been compromised. Our team will definitely compensate those subscribers who had no connection or could not use our services,” the firm added on social media.

“Yes, our enemies are cunning. But we are ready to face any challenges, overcome them and continue working for Ukrainians.”

Ukraine’s government confirmed to AFP that it started investigating the incident and that Russia was “suspected” of being behind it.

Both Cloudflare, a content delivery network (CDN) provider, and Netblocks, an internet monitoring firm, noticed disruptions on the Kyivstar internet network on December 12.

Additionally, Ukrainian payment system Monobank reported being targeted by a distributed denial-of-service (DDoS) attack just a few hours after Kyivstar’s social media post.

At the time of writing, there is no evidence that these two events are related.

Source…

Ukraine’s cyber chief says Kyiv is winning ‘world’s first cyberwar’


For Ukraine’s main cybersecurity agency, Russia’s full-scale war began over a month before Russian tanks rolled into Ukraine from all directions – with a large cyber attack on Jan. 14, 2022.

“It all started with an attack on state authorities, it was the largest attack in 17 years,” says Yurii Shchyhol, head of the State Special Communications Service, which is responsible for defending Ukraine’s cyberspace.

Shchyhol says over 90 government websites were targeted, about 20 of them were defaced, and some data was erased. It took Ukrainian authorities 2-3 days to get those websites back up.

“This was the first indication for us that (Russia) was planning something big,” he adds.

The month leading up to the full-scale invasion, Ukraine experienced several major cyberattacks – on Feb. 15 and Feb. 22.

By the time Russia launched its full-scale war, Ukraine was ready to face Kremlin’s cyberwarfare, taking place alongside the ground offensive.

The 7,500 employees of the Special Communications Service are now in charge of protecting Ukraine from cyberattacks, ensuring the military and political communication is secure, and conducting online operations to hamper Russia’s war effort.

Read also: Fighting smarter: Ukraine’s transformation into a military innovator

The agency has also created a database of critical infrastructure, and coordinates its defense.

“There has never been such a war in history,” Shchyhol, who took charge of the agency in 2021, says. “It is the world’s first cyberwar in general, and there is no country in the world (except Ukraine) with this experience.”

He adds that Ukraine has faced around 20 cyberattacks per day since February 2022, with most of them deterred automatically, while some requiring timely intrusions by the agency.

In the 16 months since the start of the full–scale war, Shchyhol says Ukraine hasn’t lost any critical information, nor were any major systems downed.

Shchyhol says the agency is now drawing up a list of sanctions and laws required to stop Russia from being able to conduct cyberwarfare.

“Even after our victory on the ground, we understand that the cyberwar will not cease, and they will persist in attacking our systems,”…

Source…

Russia-backed hackers unleash new USB-based malware on Ukraine’s military


Russia-backed hackers unleash new USB-based malware on Ukraine’s military

Getty Images

Hackers working for Russia’s Federal Security Service have mounted multiple cyberattacks that used USB-based malware to steal large amounts of data from Ukrainian targets for use in its ongoing invasion of its smaller neighbor, researchers said.

“The sectors and nature of the organizations and machines targeted may have given the attackers access to significant amounts of sensitive information,” researchers from Symantec, now owned by Broadcom, wrote in a Thursday post. “There were indications in some organizations that the attackers were on the machines of the organizations’ human resources departments, indicating that information about individuals working at the various organizations was a priority for the attackers, among other things.”

The group, which Symantec tracks as Shuckworm and other researchers call Gamaredon and Armageddon, has been active since 2014 and has been linked to Russia’s FSB, the principal security service in that country. The group focuses solely on obtaining intelligence on Ukrainian targets. In 2020, researchers at security firm SentinelOne said the hacking group had “attacked over 5,000 individual entities across the Ukraine, with particular focus on areas where Ukrainian troops are deployed.”

In February, Shuckworm began deploying new malware and command-and-control infrastructure that has successfully penetrated the defenses of multiple Ukrainian organizations in the military, security services, and government of that country. Group members seem most interested in obtaining information related to sensitive military information that could be abused in Russia’s ongoing invasion.

This newer campaign debuted new malware in the form of a PowerShell script that spreads Pterodo, a Shuckworm-created backdoor. The script activates when infected USB drives are connected to targeted computers. The malicious script first copies itself onto the targeted machine to create a shortcut file with the extension rtf.lnk. The files have names such as video_porn.rtf.lnk, do_not_delete.rtf.lnk, and evidence.rtf.lnk. The names, which are mostly in the Ukrainian language, are an attempt to entice…

Source…