Russian-Ukrainian cyberwarfare

From HandWiki
Short description: Component of the confrontation between Russia and Ukraine

Russian-Ukrainian cyberwarfare is a component of the confrontation between Russia and Ukraine since the collapse of the Soviet Union, which in 2014 grew into an open armed confrontation — the Russian-Ukrainian war. The first attacks on information systems of private enterprises and state institutions of Ukraine were recorded during mass protests in 2013.[1]

Operation “Armageddon”, a Russian campaign of systematic cyber espionage on the information systems of government agencies, law enforcement, and defense agencies, began in 2013. The information obtained in this way could probably help Russia on the battlefield.[2]

The Russian-Ukrainian cyberwar was the first conflict in cyberspace when a successful attack on the energy system was carried out, which brought it down.[3] According to the US Presidential Administration, the hacker attack on Ukraine by Russia in June 2017 using the NotPetya virus became the largest known hacker attack.[4]

In February 2014, the Russian armed aggression against Ukraine began, which was also carried out in cyberspace. According to the director of the US National Security Agency Michael Rogers, with the start of a military incursion into Crimea, Russia has launched a cyber war against Ukraine to damage such important infrastructure as telecommunications and government networks.[5] Ukrainian experts also state the beginning of a cyberwar with Russia.[6]

After the beginning of the armed aggression of the Russian Federation against Ukraine, companies specializing in the provision of cybersecurity services began to register an increase in the number of cyberattacks on information systems in the country. The victims of Russian cyberattacks were government agencies of Ukraine, the EU, the United States, defense agencies, international and regional defense and political organizations, think tanks, the media, and dissidents.[2]

In particular, researchers have identified two groups of Russian hackers who have been active in the Russian-Ukrainian cyber war: the so-called APT29 (also known as Cozy Bear, Cozy Duke) and APT28 (also known as Sofacy Group, Tsar Team, Pawn Storm, Fancy Bear).[2]

Between 2013 and 2014, some information systems of Ukrainian government agencies were affected by a computer virus known as Snake / Uroborus / Turla.[2] February-March 2014, as Russian troops entered Crimea communication centers were raided and Ukraine's fibre optic cables were tampered with, cutting connection between the peninsula and mainland Ukraine. Additionally Ukrainian Government website, news and social media were shut down or targeted in DDoS attacks, while cell phones of many Ukrainian parliamentarians were hacked or jammed.[2]

Cyberattacks

Russian cyberattacks

  • Operation “Armageddon”[2]
  • Operation “Snake”[1][7][8]
  • Attacks on the automated system "Elections"[9]
  • Ukraine power grid hack - Attacks on energy companies in Ukraine using the Trojan virus BlackEnergy (the companies that provide energy to Kyiv, Ivano-Frankivsk and Chernivtsi regions became objects)[10][11][3][12]
  • Paralysis of the State Treasury of Ukraine[13][14]
  • Mass hacker attack in 2017 using Petya virus[15]

Ukrainian cyberattacks

  • Operation “Prikormka (Groundbait)”[16][17]
  • Operation “May 9” (9 successful hacks of the sites of the separatist group "Donetsk People's Republic", as well as Russian sites of anti-Ukrainian propaganda and resources of Russian private military companies (PMC) were carried out.)[18][19][20][21][22]
  • “Channel One” break (hacking of the corporate server of the Russian "Channel One" by the Ukrainian Cyber Alliance of hackers FalconsFlame, Trinity and Rukh8)[23][24]
  • The Surkov Leaks — a leak of 2,337 e-mails and hundreds of attachments which reveal plans for seizing Crimea from Ukraine and fomenting separatist unrest in Donbas (the documents are dated between September 2013 and December 2014).[25]

See also

External links

  • Inside The Ukrainian 'Hacktivist' Network Cyberbattling The Kremlin[25]

References

  1. 1.0 1.1 Dunn, John E (7 March 2014). "Invisible Russian cyberweapon stalked US and Ukraine since 2005, new research reveals". http://www.techworld.com/news/security/invisible-russian-cyberweapon-stalked-us-ukraine-since-2005-new-research-reveals-3505688/. 
  2. 2.0 2.1 2.2 2.3 2.4 2.5 Jen Weedon, FireEye (2015). "Beyond ‘Cyber War’: Russia’s Use of Strategic Cyber Espionage and Information Operations in Ukraine". in Kenneth Geers. Cyber War in Perspective: Russian Aggression against Ukraine. Tallinn: NATO CCD COE Publications. ISBN 978-9949-9544-5-2. https://ccdcoe.org/multimedia/cyber-war-perspective-russian-aggression-against-ukraine.html. Retrieved 2016-05-10. 
  3. 3.0 3.1 Кім Зеттер, Wired (17 March 2016). "Хакерська атака Росії на українську енергосистему: як це було". http://texty.org.ua/pg/article/newsmaker/read/66125/Hakerska_ataka_Rosiji_na_ukrajinsku_jenergosystemu_jak. 
  4. "Statement from the Press Secretary". whitehouse.gov. 2018-02-15. https://trumpwhitehouse.archives.gov/briefings-statements/statement-press-secretary-25/. 
  5. Gertz, Bill. "Inside the Ring: Cybercom's Michael Rogers confirms Russia conducted cyberattacks against Ukraine" (in en-US). https://www.washingtontimes.com/news/2014/mar/12/inside-the-ring-cybercoms-michael-rogers-confirms-/. 
  6. "Russian Electronic Warfare in Ukraine: Between Real and Imaginable - Jamestown" (in en-US). Jamestown. https://jamestown.org/program/russian-electronic-warfare-ukraine-real-imaginable/. 
  7. "The Snake Campaign". BAE Systems. 2014. http://www.baesystems.com/en/cybersecurity/feature/the-snake-campaign. 
  8. "Uroburos. Highly complex espionage software with Russian roots". G Data SecurityLabs. February 2014. https://public.gdatasoftware.com/Web/Content/INT/Blog/2014/02_2014/documents/GData_Uroburos_RedPaper_EN_v1.pdf. 
  9. Прес-служба Держспецзв’язку (23 May 2014). "Коментар Держспецзв'язку щодо інциденту в ЦВК". http://www.dstszi.gov.ua/dstszi/control/uk/publish/article?art_id=114116&cat_id=112509. 
  10. Kim Zetter (January 10, 2017). "The Ukrainian Power Grid Was Hacked Again". Vice Motherboard. https://motherboard.vice.com/read/ukrainian-power-station-hacking-december-2016-report. 
  11. "Основной версией недавнего отключения электричества в Киеве названа кибератака хакеров". ITC.ua. 19 December 2016. http://itc.ua/news/osnovnoy-versiey-nedavnego-otklyucheniya-elektrichestva-v-kieve-nazvana-kiberataka-hakerov/. 
  12. "Міненерговугілля має намір утворити групу за участю представників усіх енергетичних компаній, що входять до сфери управління Міністерства, для вивчення можливостей щодо запобігання несанкціонованому втручанню в роботу енергомереж". Міністерство енергетики та вугільної промисловості України. 12 February 2016. http://mpe.kmu.gov.ua/minugol/control/uk/publish/article?art_id=245086886&cat_id=35109. 
  13. "Щодо роботи інформаційно-телекомунікаційної системи Казначейства". Урядовий портал. 6 December 2016. http://www.kmu.gov.ua/control/publish/article?art_id=249559690&timestamp=1481039596000. 
  14. "Україна програє кібервійну. Хакери атакують державні фінанси". Економічна правда. 9 December 2016. http://www.epravda.com.ua/publications/2016/12/9/613957/. 
  15. Anton Cherepanov, ESET (30 June 2017). "TeleBots are back: Supply-chain attacks against Ukraine". We Live Security. https://www.welivesecurity.com/2017/06/30/telebots-back-supply-chain-attacks-against-ukraine/. 
  16. Alexey Minakov (1 June 2016). "Антивірусна компанія ESET на службі терористів Донбасу". Інформнапалм. https://informnapalm.org/ua/eset-na-sluzhbi-terorystiv/. 
  17. Антон Черепанов (18 May 2016). "Operation Groundbait ("Прикормка"): Аналіз інструментарію спостереження". ESET. https://eset.ua/download_files/marketing/Operation_Groundbait_ukr.pdf. 
  18. Censor.NET. ""Operation May 9": Ukrainian hackers deface several terrorists' propaganda sites. VIDEO+PHOTO" (in en). https://censor.net.ua/en/photo_news/387695/operation_may_9_ukrainian_hackers_deface_several_terrorists_propaganda_sites_videophoto. 
  19. "9 hacks on MAY 9: successful operation of Ukrainian hackers #OpMay9 (VIDEO)" (in en-US). 2016-05-11. https://informnapalm.org/en/ukrainian-hackers-opmay9/. 
  20. "Хакери знищили сайт російських пропагандистів "Anna News" і розмістили відеозвернення". InformNapalm. 29 April 2016. https://informnapalm.org/ua/hakery-znyshhyly-sajt-anna-news/. 
  21. "Hackers In Ukraine Deface Separatist Websites To Mark Victory Day" (in en). https://www.rferl.org/a/hackers-ukraine-deface-separatist-websites-victory-day-opmay9/27724532.html. 
  22. "ЗС РФ використовували станцію Р-330Ж у боях за Дебальцеве. Знімки робочого терміналу". InformNapalm. 2 May 2016. https://informnapalm.org/ua/r-330zh-u-boyah-za-debaltseve/. 
  23. "Злом пропагандистів РФ. Частина 1. Зенін: сприяння терористам, офшори та відпочинок у Європі". Інформнапалм. 6 June 2016. https://informnapalm.org/ua/zlom-propagandystiv-rf-chastyna-1-zenin/. 
  24. "Взлом пропагандистов РФ. Часть 2: переписка о МН17". Інформнапалм. 14 June 2016. https://informnapalm.org/23880-mh17-forbidden-interview/. 
  25. 25.0 25.1 "Inside The Ukrainian 'Hacktivist' Network Cyberbattling The Kremlin" (in en). https://www.rferl.org/a/ukraine-hacktivist-network-cyberwar-on-kremlin/28091216.html.