fbpx
Wikipedia

2022 Ukraine cyberattacks

February 13, 2024

During the prelude to the 2022 Russian invasion of Ukraine and the 2022 Russian invasion of Ukraine, multiple cyberattacks against Ukraine were recorded, as well as some attacks on Russia. The first major cyberattack took place on 14 January 2022, and took down more than a dozen of Ukraine's government websites.[1] According to Ukrainian officials, around 70 government websites, including the Ministry of Foreign Affairs, the Cabinet of Ministers, and the National and Defense Council (NSDC), were attacked. Most of the sites were restored within hours of the attack.[2] On 15 February, another cyberattack took down multiple government and bank services.[3][4]

Ukrainian Ministry of Foreign Affairs website defaced by hackers

On 24 February, Russia launched a full-scale invasion of Ukraine. Western intelligence officials believed that this would be accompanied by a major cyberattack against Ukrainian infrastructure, but this threat did not materialize.[5] Cyberattacks on Ukraine have continued during the invasion, but with limited success. Independent hacker groups, such as Anonymous, have launched cyberattacks on Russia in retaliation for the invasion.[5][6]

The Canadian government in an undated white paper published after 22 June 2022 believed "that the scope and severity of cyber operations related to the Russian invasion of Ukraine has almost certainly been more sophisticated and widespread than has been reported in open sources."[7]

Background

Main article: 2021–2022 Russo-Ukrainian crisis

At the time of the attack, tensions between Russia and Ukraine were high, with over 100,000 Russian troops stationed near the border with Ukraine and talks between Russia and NATO ongoing.[1] The US government alleged that Russia was preparing for an invasion of Ukraine, including "sabotage activities and information operations". The US also allegedly found evidence of "a false-flag operation" in Eastern Ukraine, which could be used as a pretext for invasion.[2] Russia denies the accusations of an impending invasion, but has threatened "military-technical action" if its demands are not met, especially a request that NATO never admit Ukraine to the alliance. Russia has spoken strongly against the expansion of NATO to its borders.[2]

January attacks

The attacks on 14 January 2022 consisted of the hackers replacing the websites with text in Ukrainian, erroneous Polish, and Russian, which state "be afraid and wait for the worst" and allege that personal information has been leaked to the internet.[8] About 70 government websites were affected, including the Ministry of Foreign Affairs, the Cabinet of Ministers, and the Security and Defense Council.[9] The SBU has stated that no data was leaked. Soon after the message appeared, the sites were taken offline. The sites were mostly restored within a few hours.[1] Deputy secretary of the NSDC Serhiy Demedyuk, stated that the Ukrainian investigation of the attack suspects that a third-party company's administration rights were used to carry out the attack. The unnamed company's software had been used since 2016 to develop government sites, most of which were affected in the attack.[9] Demedyuk also blamed UNC1151, a hacker group allegedly linked to Belarusian intelligence, for the attack.[10]

A separate destructive malware attack took place around the same time, first appearing on 13 January. First detected by the Microsoft Threat Intelligence Center (MSTIC), malware was installed on devices belonging to "multiple government, non-profit, and information technology organizations" in Ukraine.[11] Later, this was reported to include the State Emergency Service and the Motor Transport Insurance Bureau.[12] The software, designated DEV-0586 or WhisperGate, was designed to look like ransomware, but lacks a recovery feature, indicating an intent to simply destroy files instead of encrypting them for ransom.[11] The MSTIC reported that the malware was programmed to execute when the targeted device was powered down. The malware would overwrite the master boot record (MBR) with a generic ransom note. Next, the malware downloads a second .exe file, which would overwrite all files with certain extensions from a predetermined list, deleting all data contained in the targeted files. The ransomware payload differs from a standard ransomware attack in several ways, indicating a solely destructive intent.[13] However, later assessments indicate that damage was limited, likely a deliberate choice by the attackers.[12]

On 19 January, the Russian advanced persistent threat (APT) Gamaredon (also known as Primitive Bear) attempted to compromise a Western government entity in Ukraine.[14] Cyber espionage appears to be the main goal of the group,[14] which has been active since 2013; unlike most APTs, Gamaredon broadly targets all users all over the globe (in addition to also focusing on certain victims, especially Ukrainian organizations[15]) and appears to provide services for other APTs.[16] For example, the InvisiMole threat group has attacked select systems that Gamaredon had earlier compromised and fingerprinted.[15]

Reactions to January attack

Russia

Russia denied allegations by Ukraine that it was linked to the cyberattacks.[17]

Ukraine

Ukrainian government institutions, such as the Center for Strategic Communications and Information Security and the Ministry of Foreign Affairs, suggested that the Russian Federation was the perpetrator of the attack, noting that this would not be the first time that Russia attacked Ukraine.[8][18]

International organizations

European Union High Representative Josep Borrell said of the source of the attack: “One can very well imagine with a certain probability or with a margin of error, where it can come from.”[19] The Secretary General of NATO Jens Stoltenberg announced that the organization would increase its coordination with Ukraine on cyberdefense in the face of potential additional cyberattacks. NATO later announced that it would sign an agreement granting Ukraine access to its malware information sharing platform.[2][8]

February attacks

DDoS attack

On 15 February, a large DDoS attack brought down the websites of the defense ministry, army, and Ukraine's two largest banks, PrivatBank and Oschadbank.[3][20][4] Cybersecurity monitor NetBlocks reported that the attack intensified over the course of the day, also affecting the mobile apps and ATMs of the banks.[3] The New York Times described it as "the largest assault of its kind in the country's history". Ukrainian government officials stated that the attack was likely carried out by a foreign government, and suggested that Russia was behind it.[21] Although there were fears that the denial-of-service attack could be cover for more serious attacks, a Ukrainian official said that no such attack had been discovered.[12]

According to UK government[22] and National Security Council of the US, the attack was performed by Russian Main Intelligence Directorate (GRU). American cybersecurity official Anne Neuberger stated that known GRU infrastructure has been noted transmitting high volumes of communications to Ukraine-based IP addresses and domains.[23] Kremlin spokesperson Dmitry Peskov denied that the attack originated from Russia.[24]

On 23 February, a third DDoS attack took down multiple Ukrainian government, military, and bank websites. Although military and banking websites were described as having “a more rapid recovery”, the SBU website was offline for an extended period.[25]

Wiper malware attack

Just before 5 pm on 23 February, data wiper malware was detected on hundreds of computers belonging to multiple Ukrainian organizations, including in the financial, defense, aviation, and IT services sectors. ESET Research dubbed the malware HermeticWiper, named for its genuine code signing certificate from Cyprus-based company Hermetica Digital Ltd. The wiper was reportedly compiled on 28 December 2021, while Symantec reported malicious activity as early as November 2021, implying that the attack was planned months ahead of time. Symantec also reported wiper attacks against devices in Lithuania, and that some organizations were compromised months before the wiper attack. Similar to the January WhisperGate attack, ransomware is often deployed simultaneously with the wiper as a decoy, and the wiper damages the master boot record of the device.[26][27]

A day prior to the attack, the EU had deployed a cyber rapid-response team consisting of about ten cybersecurity experts from Lithuania, Croatia, Poland, Estonia, Romania, and the Netherlands. It is unknown if this team helped mitigate the effects of the cyberattack.[28]

The attack coincided with the Russian recognition of separatist regions in eastern Ukraine and the authorization of Russian troop deployments there. The US and UK blamed the attack on Russia. Russia denied the accusations and called them “Russophobic”.[25]

Viasat hack

The Viasat hack, which occurred between 5am and 9am EEST on 24 February,[29] might have been intended to disrupt Ukrainian military networks, which used Viasat’s network to provide them communications services.[30][31] The attack might have intended to hit "aspects of military command and control in Ukraine".[32][33] The attack "rendered inoperable thousands of Viasat KA-SAT satellite broadband modems in Ukraine, including those used by military and other governmental agencies, causing major loss in internet communication."[34][30][35][36]

In a jointly-timed communication on 10 May 2022, many western governments adduced evidence that Russia was responsible for the attack because of their invasion.[37][38][39][40][41]

Initial Ukrainian response

On February 26, the Minister of Digital Transformation of Ukraine Mykhailo Fedorov announced the creation of an IT army, which will include cyber specialists, copywriters, designers, marketers and targetologists. As a result, numerous Russian government websites and banks were attacked.[42] Dozens of issues of Russian stars and officials have been made public, and Ukrainian songs have been broadcast on some television channels, including "Prayer for Ukraine".[43][44]

Starlink

Main article: Starlink in the Russo-Ukrainian War

In order to defend themselves and to maintain Internet connectivity during the war, Ukrainian officials deemed a Starlink internet access in their country a potential solution.[45]

Unlike conventional satellite internet like Viasat, Starlink internet access works in a network fragmented into individual parts.[46][47] The internet is beamed down on a specific dish having limited range giving internet access in the limited area of the dish, like a personal Internet hotspot.[47][48] The entire system prevents Starlink from being able to be taken out a single attack by Russia.[49]

On February 26, the Ukrainian government and Ukrainian minister Mykhailo Fedorov asked Elon Musk on Twitter to provide Starlink assistance to Ukraine.[50][51] Musk agreed, and SpaceX responded by activating country-wide service, with the first shipment of Starlink terminals arriving two days later on February 28.[50]

March attacks

 
Ratio of DNS queries defensively blocked by Quad9 in Ukraine and Poland, 7–9 March 2022.

Beginning on 6 March, Russia began to significantly increase the frequency of its cyber-attacks against Ukrainian civilians.[52]

On 9 March alone, the Quad9 malware-blocking recursive resolver intercepted and mitigated 4.6 million attacks against computers and phones in Ukraine and Poland, at a rate more than ten times higher than the European average. Cybersecurity expert Bill Woodcock of Packet Clearing House noted that the blocked DNS queries coming from Ukraine clearly show an increase in phishing and malware attacks against Ukrainians, and noted that the Polish numbers were also higher than usual because 70%, or 1.4 million, of the Ukrainian refugees were in Poland at the time.[53] Explaining the nature of the attack, Woodcock said "Ukrainians are being targeted by a huge amount of phishing, and a lot of the malware that is getting onto their machines is trying to contact malicious command-and-control infrastructure."[52]

On March 28, RTComm.ru, a Russian Internet service provider, BGP hijacked Twitter's 104.244.42.0/24 IPv4 address block for a period of two hours fifteen minutes.[54][55]

See also

References

  1. ^ a b c "Ukraine cyber-attack: Government and embassy websites targeted". BBC News. 2022-01-14. from the original on 2022-01-15. Retrieved 2022-01-14.
  2. ^ a b c d Polityuk, Pavel; Balmforth, Tom (2022-01-14). "'Be afraid': Ukraine hit by cyberattack as Russia moves more troops". Reuters. from the original on 2022-01-14. Retrieved 2022-01-14.
  3. ^ a b c "Ukraine banking and defense platforms knocked out amid heightened tensions with Russia". NetBlocks. 2022-02-15. from the original on 2022-02-24.
  4. ^ a b "Ukraine's defence ministry and two banks targeted in cyberattack". euronews. 2022-02-15. from the original on 2022-02-23.
  5. ^ a b "Ukraine war: Don't underestimate Russia cyber-threat, warns US". BBC News. 2022-05-11. Retrieved 2022-05-12.
  6. ^ "Anonymous: How hackers are trying to undermine Putin". BBC News. 2022-03-20. Retrieved 2022-05-12.
  7. ^ "Cyber Threat Activity Related to the Russian Invasion of Ukraine" (PDF). Communications Security Establishment. Retrieved 2023-05-03.
  8. ^ a b c Kramer, Andrew E. (2022-01-14). "Hackers Bring Down Government Sites in Ukraine". The New York Times. ISSN 0362-4331. from the original on 2022-01-15. Retrieved 2022-01-14.
  9. ^ a b Polityuk, Pavel (2022-01-14). "EXCLUSIVE Hackers likely used software administration rights of third party to hit Ukrainian sites, Kyiv says". Reuters. from the original on 2022-02-21. Retrieved 2022-01-16.
  10. ^ Polityuk, Pavel (2022-01-16). "EXCLUSIVE Ukraine suspects group linked to Belarus intelligence over cyberattack". Reuters. from the original on 2022-02-18. Retrieved 2022-01-16.
  11. ^ a b "Destructive malware targeting Ukrainian organizations". Microsoft Security Blog. 2022-01-16. from the original on 2022-02-24. Retrieved 2022-01-17.
  12. ^ a b c "Cyberattacks knock out sites of Ukrainian army, major banks". AP News. 2022-02-15. from the original on 2022-02-24. Retrieved 2022-02-17.
  13. ^ Sanger, David E. (2022-01-16). "Microsoft Warns of Destructive Cyberattack on Ukrainian Computer Networks". The New York Times. ISSN 0362-4331. from the original on 2022-02-23. Retrieved 2022-01-20.
  14. ^ a b Kyle Alspach (2022-02-04). "Microsoft discloses new details on Russian hacker group Gamaredon". VentureBeat. Retrieved 2022-03-22.
  15. ^ a b Charlie Osborne (2022-03-21). "Ukraine warns of InvisiMole attacks tied to state-sponsored Russian hackers". ZDNet. Retrieved 2022-03-22.
  16. ^ Warren Mercer; Vitor Ventura (2021-02-23). "Gamaredon - When nation states don't pay all the bills". Cisco. Retrieved 2022-03-22.
  17. ^ McMillan, Robert; Volz, Dustin (2022-01-20). "Ukraine Hacks Signal Broad Risks of Cyberwar Even as Limited Scope Confounds Experts". The Wall Street Journal. ISSN 0099-9660. from the original on 2022-02-24. Retrieved 2022-01-26.
  18. ^ "News Ukraine government websites hacked in 'global attack'". Deutsche Welle. from the original on 2022-01-14. Retrieved 2022-01-14.
  19. ^ Brzozowski, Alexandra; Pollet, Mathieu (2022-01-14). "EU pledges cyber support to Ukraine, pins hopes on Normandy format". www.euractiv.com. from the original on 2022-02-01. Retrieved 2022-01-31.
  20. ^ Zilbermints, Regina (2022-02-15). "Ukraine Defense Ministry, banks hit by cyberattack amid tensions with Russia". The Hill. from the original on 2022-02-24.
  21. ^ Hopkins, Valerie (2022-02-15). . The New York Times. ISSN 0362-4331. Archived from the original on 2022-02-17. Retrieved 2022-02-17.
  22. ^ "Government response: UK assess Russian involvement in cyber attacks on Ukraine". UK government. 2022-02-18. from the original on 2022-02-25. Retrieved 2022-02-25.
  23. ^ "Biden says he's now convinced Putin has decided to invade Ukraine, but leaves door open for diplomacy". CNN. 2022-02-19. from the original on 2022-02-19.
  24. ^ "Нова кібератака на банки була "найбільшою в історії України" й досі триває". BBC News. 2022-02-16. from the original on 2022-02-24. Retrieved 2022-02-25.
  25. ^ a b "Cyber-attacks bring down many Ukraine websites". BBC News. 2022-02-23. from the original on 2022-02-24. Retrieved 2022-02-24.
  26. ^ "HermeticWiper: New data‑wiping malware hits Ukraine". WeLiveSecurity. 2022-02-24. from the original on 2022-02-25. Retrieved 2022-02-24.
  27. ^ "Ukraine: Disk-wiping Attacks Precede Russian Invasion". symantec-enterprise-blogs.security.com. from the original on 2022-02-25. Retrieved 2022-02-24.
  28. ^ "Ukraine: EU deploys cyber rapid-response team". BBC News. 2022-02-22. from the original on 2022-02-24. Retrieved 2022-02-24.
  29. ^ Satter, Satter (2022-03-15). "Satellite outage caused 'huge loss in communications' at war's outset -Ukrainian official". Reuters. Retrieved 2024-02-06.
  30. ^ a b Nakashima, Ellen (2022-03-24). "Russian military behind hack of satellite communication devices in Ukraine at war's outset, U.S. officials say". The Washington Post. Retrieved 2024-02-06.
  31. ^ Pearson, James; Satter, Raphael; Bing, Christopher; Schectman, Joel (2022-03-12). "Exclusive: U.S. spy agency probes sabotage of satellite internet during Russian invasion, sources say". Reuters. Retrieved 2024-02-06.
  32. ^ Jones, David (2022-04-01). "Viasat network cyberattack linked to newly discovered Russian wiper". Cyber Security Dive. Retrieved 2024-02-06.
  33. ^ Corera, Gordon (2022-03-25). "Russia hacked Ukrainian satellite communications, officials believe". BBC. Retrieved 2024-02-06.
  34. ^ Guerrero-Saade, Juan Andres (2022-03-31). "AcidRain | A Modem Wiper Rains Down on Europe". Sentinel One. Retrieved 2024-02-06.
  35. ^ Bajak, Frank (2022-03-31). "Satellite modems nexus of worst cyberattack of Ukraine war". Associated Press. Retrieved 2024-02-06.
  36. ^ BURGESS, MATT (2022-03-23). "A Mysterious Satellite Hack Has Victims Far Beyond Ukraine". Condé Nast. Wired.
  37. ^ U.S. DEPARTMENT OF STATE, Antony J. Blinken: "Attribution of Russia’s Malicious Cyber Activity Against Ukraine", US Department of State (10 May 2022)
  38. ^ Foreign, Commonwealth & Development Office: "UK, EU, US and allies have announced that Russia is responsible for a series of cyber-attacks since the renewed invasion of Ukraine." (10 May 2022)
  39. ^ Council of the EU, "Russian cyber operations against Ukraine: Declaration by the High Representative on behalf of the European Union" (10 May 2022)
  40. ^ VICENS, AJ (2022-05-10). "UK, EU, US formally blame Russia for Viasat satellite hack before Ukraine invasion". CyberScoop.
  41. ^ Manson, Katrina (2023-03-01). "The Satellite Hack Everyone Is Finally Talking About". Bloomberg.
  42. ^ Павлюк, Олег (2022-02-26). . Суспільне | Новини (in Ukrainian). Archived from the original on 2022-02-28. Retrieved 2022-02-28.
  43. ^ Павлюк, Олег (2022-02-26). . Суспільне | Новини (in Ukrainian). Archived from the original on 2022-02-26. Retrieved 2022-02-28.
  44. ^ . zahid.espreso.tv (in Ukrainian). Archived from the original on 2022-02-28. Retrieved 2022-02-28.
  45. ^ Farrow, Ronan (2023-08-21). "Elon Musk's Shadow Rule". The New Yorker. ISSN 0028-792X. Retrieved 2023-09-09.
  46. ^ Sheetz, Michael (2022-02-28). "Viasat believes 'cyber event' is disrupting its satellite-internet service in Ukraine". CNBC. Retrieved 2023-09-09.
  47. ^ a b Mosley, Tonya (2023-08-23). "Ronan Farrow says Elon Musk has become an 'arbiter' of the war in Ukraine". www.npr.org. Retrieved 2023-09-09.
  48. ^ Trofimov, Yaroslav; Maidenberg, Micah; FitzGerald, Drew (2022-07-16). "Ukraine Leans on Elon Musk's Starlink in Fight Against Russia". Wall Street Journal. ISSN 0099-9660. Retrieved 2023-09-09.
  49. ^ Mosley, Tonya (2023-08-23). "Ronan Farrow says Elon Musk has become an 'arbiter' of the war in Ukraine". www.npr.org. Retrieved 2023-09-09.
  50. ^ "Starlink в Україні: кому доступний інтернет від SpaceX та як ним користуватися". The Village Україна. 2022-04-29. from the original on 2022-04-29. Retrieved 2022-07-12.
  51. ^ a b Krebs, Brian. "Recent 10x Increase in Cyberattacks on Ukraine". Krebs on Security. Retrieved 2022-03-11. While our overall traffic dropped in Kyiv — and slightly increased in Warsaw due to infrastructure outages inside of Ukraine — the ratio of "good queries" to "blocked queries" has spiked in both cities. The spike in the blocking ratio Wednesday (March 9, 2022) afternoon in Kyiv was around 10x the normal level compared with other cities in Europe. This order-of-magnitude jump is unprecedented.
  52. ^ "Ukraine Refugee Situation". UNHCR.
  53. ^ Ullrich, Johannes. "BGP Hijacking of Twitter Prefix by RTComm.ru". ISC InfoSec. SANS. Retrieved 2022-03-28.
  54. ^ . BGPStream. Archived from the original on 2022-03-28. Retrieved 2022-03-28.

February 13, 2024
2022, ukraine, cyberattacks, during, prelude, 2022, russian, invasion, ukraine, 2022, russian, invasion, ukraine, multiple, cyberattacks, against, ukraine, were, recorded, well, some, attacks, russia, first, major, cyberattack, took, place, january, 2022, took. During the prelude to the 2022 Russian invasion of Ukraine and the 2022 Russian invasion of Ukraine multiple cyberattacks against Ukraine were recorded as well as some attacks on Russia The first major cyberattack took place on 14 January 2022 and took down more than a dozen of Ukraine s government websites 1 According to Ukrainian officials around 70 government websites including the Ministry of Foreign Affairs the Cabinet of Ministers and the National and Defense Council NSDC were attacked Most of the sites were restored within hours of the attack 2 On 15 February another cyberattack took down multiple government and bank services 3 4 Ukrainian Ministry of Foreign Affairs website defaced by hackers On 24 February Russia launched a full scale invasion of Ukraine Western intelligence officials believed that this would be accompanied by a major cyberattack against Ukrainian infrastructure but this threat did not materialize 5 Cyberattacks on Ukraine have continued during the invasion but with limited success Independent hacker groups such as Anonymous have launched cyberattacks on Russia in retaliation for the invasion 5 6 The Canadian government in an undated white paper published after 22 June 2022 believed that the scope and severity of cyber operations related to the Russian invasion of Ukraine has almost certainly been more sophisticated and widespread than has been reported in open sources 7 Contents 1 Background 2 January attacks 2 1 Reactions to January attack 2 1 1 Russia 2 1 2 Ukraine 2 1 3 International organizations 3 February attacks 3 1 DDoS attack 3 2 Wiper malware attack 3 3 Viasat hack 3 4 Initial Ukrainian response 3 5 Starlink 4 March attacks 5 See also 6 ReferencesBackgroundMain article 2021 2022 Russo Ukrainian crisis At the time of the attack tensions between Russia and Ukraine were high with over 100 000 Russian troops stationed near the border with Ukraine and talks between Russia and NATO ongoing 1 The US government alleged that Russia was preparing for an invasion of Ukraine including sabotage activities and information operations The US also allegedly found evidence of a false flag operation in Eastern Ukraine which could be used as a pretext for invasion 2 Russia denies the accusations of an impending invasion but has threatened military technical action if its demands are not met especially a request that NATO never admit Ukraine to the alliance Russia has spoken strongly against the expansion of NATO to its borders 2 January attacksThe attacks on 14 January 2022 consisted of the hackers replacing the websites with text in Ukrainian erroneous Polish and Russian which state be afraid and wait for the worst and allege that personal information has been leaked to the internet 8 About 70 government websites were affected including the Ministry of Foreign Affairs the Cabinet of Ministers and the Security and Defense Council 9 The SBU has stated that no data was leaked Soon after the message appeared the sites were taken offline The sites were mostly restored within a few hours 1 Deputy secretary of the NSDC Serhiy Demedyuk stated that the Ukrainian investigation of the attack suspects that a third party company s administration rights were used to carry out the attack The unnamed company s software had been used since 2016 to develop government sites most of which were affected in the attack 9 Demedyuk also blamed UNC1151 a hacker group allegedly linked to Belarusian intelligence for the attack 10 A separate destructive malware attack took place around the same time first appearing on 13 January First detected by the Microsoft Threat Intelligence Center MSTIC malware was installed on devices belonging to multiple government non profit and information technology organizations in Ukraine 11 Later this was reported to include the State Emergency Service and the Motor Transport Insurance Bureau 12 The software designated DEV 0586 or WhisperGate was designed to look like ransomware but lacks a recovery feature indicating an intent to simply destroy files instead of encrypting them for ransom 11 The MSTIC reported that the malware was programmed to execute when the targeted device was powered down The malware would overwrite the master boot record MBR with a generic ransom note Next the malware downloads a second exe file which would overwrite all files with certain extensions from a predetermined list deleting all data contained in the targeted files The ransomware payload differs from a standard ransomware attack in several ways indicating a solely destructive intent 13 However later assessments indicate that damage was limited likely a deliberate choice by the attackers 12 On 19 January the Russian advanced persistent threat APT Gamaredon also known as Primitive Bear attempted to compromise a Western government entity in Ukraine 14 Cyber espionage appears to be the main goal of the group 14 which has been active since 2013 unlike most APTs Gamaredon broadly targets all users all over the globe in addition to also focusing on certain victims especially Ukrainian organizations 15 and appears to provide services for other APTs 16 For example the InvisiMole threat group has attacked select systems that Gamaredon had earlier compromised and fingerprinted 15 Reactions to January attack Russia Russia denied allegations by Ukraine that it was linked to the cyberattacks 17 Ukraine Ukrainian government institutions such as the Center for Strategic Communications and Information Security and the Ministry of Foreign Affairs suggested that the Russian Federation was the perpetrator of the attack noting that this would not be the first time that Russia attacked Ukraine 8 18 International organizations European Union High Representative Josep Borrell said of the source of the attack One can very well imagine with a certain probability or with a margin of error where it can come from 19 The Secretary General of NATO Jens Stoltenberg announced that the organization would increase its coordination with Ukraine on cyberdefense in the face of potential additional cyberattacks NATO later announced that it would sign an agreement granting Ukraine access to its malware information sharing platform 2 8 February attacksDDoS attack On 15 February a large DDoS attack brought down the websites of the defense ministry army and Ukraine s two largest banks PrivatBank and Oschadbank 3 20 4 Cybersecurity monitor NetBlocks reported that the attack intensified over the course of the day also affecting the mobile apps and ATMs of the banks 3 The New York Times described it as the largest assault of its kind in the country s history Ukrainian government officials stated that the attack was likely carried out by a foreign government and suggested that Russia was behind it 21 Although there were fears that the denial of service attack could be cover for more serious attacks a Ukrainian official said that no such attack had been discovered 12 According to UK government 22 and National Security Council of the US the attack was performed by Russian Main Intelligence Directorate GRU American cybersecurity official Anne Neuberger stated that known GRU infrastructure has been noted transmitting high volumes of communications to Ukraine based IP addresses and domains 23 Kremlin spokesperson Dmitry Peskov denied that the attack originated from Russia 24 On 23 February a third DDoS attack took down multiple Ukrainian government military and bank websites Although military and banking websites were described as having a more rapid recovery the SBU website was offline for an extended period 25 Wiper malware attack Just before 5 pm on 23 February data wiper malware was detected on hundreds of computers belonging to multiple Ukrainian organizations including in the financial defense aviation and IT services sectors ESET Research dubbed the malware HermeticWiper named for its genuine code signing certificate from Cyprus based company Hermetica Digital Ltd The wiper was reportedly compiled on 28 December 2021 while Symantec reported malicious activity as early as November 2021 implying that the attack was planned months ahead of time Symantec also reported wiper attacks against devices in Lithuania and that some organizations were compromised months before the wiper attack Similar to the January WhisperGate attack ransomware is often deployed simultaneously with the wiper as a decoy and the wiper damages the master boot record of the device 26 27 A day prior to the attack the EU had deployed a cyber rapid response team consisting of about ten cybersecurity experts from Lithuania Croatia Poland Estonia Romania and the Netherlands It is unknown if this team helped mitigate the effects of the cyberattack 28 The attack coincided with the Russian recognition of separatist regions in eastern Ukraine and the authorization of Russian troop deployments there The US and UK blamed the attack on Russia Russia denied the accusations and called them Russophobic 25 Viasat hack The Viasat hack which occurred between 5am and 9am EEST on 24 February 29 might have been intended to disrupt Ukrainian military networks which used Viasat s network to provide them communications services 30 31 The attack might have intended to hit aspects of military command and control in Ukraine 32 33 The attack rendered inoperable thousands of Viasat KA SAT satellite broadband modems in Ukraine including those used by military and other governmental agencies causing major loss in internet communication 34 30 35 36 In a jointly timed communication on 10 May 2022 many western governments adduced evidence that Russia was responsible for the attack because of their invasion 37 38 39 40 41 Initial Ukrainian response On February 26 the Minister of Digital Transformation of Ukraine Mykhailo Fedorov announced the creation of an IT army which will include cyber specialists copywriters designers marketers and targetologists As a result numerous Russian government websites and banks were attacked 42 Dozens of issues of Russian stars and officials have been made public and Ukrainian songs have been broadcast on some television channels including Prayer for Ukraine 43 44 Starlink Main article Starlink in the Russo Ukrainian War In order to defend themselves and to maintain Internet connectivity during the war Ukrainian officials deemed a Starlink internet access in their country a potential solution 45 Unlike conventional satellite internet like Viasat Starlink internet access works in a network fragmented into individual parts 46 47 The internet is beamed down on a specific dish having limited range giving internet access in the limited area of the dish like a personal Internet hotspot 47 48 The entire system prevents Starlink from being able to be taken out a single attack by Russia 49 On February 26 the Ukrainian government and Ukrainian minister Mykhailo Fedorov asked Elon Musk on Twitter to provide Starlink assistance to Ukraine 50 51 Musk agreed and SpaceX responded by activating country wide service with the first shipment of Starlink terminals arriving two days later on February 28 50 March attacks nbsp Ratio of DNS queries defensively blocked by Quad9 in Ukraine and Poland 7 9 March 2022 Beginning on 6 March Russia began to significantly increase the frequency of its cyber attacks against Ukrainian civilians 52 On 9 March alone the Quad9 malware blocking recursive resolver intercepted and mitigated 4 6 million attacks against computers and phones in Ukraine and Poland at a rate more than ten times higher than the European average Cybersecurity expert Bill Woodcock of Packet Clearing House noted that the blocked DNS queries coming from Ukraine clearly show an increase in phishing and malware attacks against Ukrainians and noted that the Polish numbers were also higher than usual because 70 or 1 4 million of the Ukrainian refugees were in Poland at the time 53 Explaining the nature of the attack Woodcock said Ukrainians are being targeted by a huge amount of phishing and a lot of the malware that is getting onto their machines is trying to contact malicious command and control infrastructure 52 On March 28 RTComm ru a Russian Internet service provider BGP hijacked Twitter s 104 244 42 0 24 IPv4 address block for a period of two hours fifteen minutes 54 55 See also2017 cyberattacks on Ukraine 2021 2022 Russo Ukrainian crisis Viasat hack Kaspersky bans and allegations of Russian government ties Russian invasion of Ukraine Russian Ukrainian cyberwarfare Cyberwarfare by Russia 2022 cyberattacks on Romania List of cyberattacksReferences a b c Ukraine cyber attack Government and embassy websites targeted BBC News 2022 01 14 Archived from the original on 2022 01 15 Retrieved 2022 01 14 a b c d Polityuk Pavel Balmforth Tom 2022 01 14 Be afraid Ukraine hit by cyberattack as Russia moves more troops Reuters Archived from the original on 2022 01 14 Retrieved 2022 01 14 a b c Ukraine banking and defense platforms knocked out amid heightened tensions with Russia NetBlocks 2022 02 15 Archived from the original on 2022 02 24 a b Ukraine s defence ministry and two banks targeted in cyberattack euronews 2022 02 15 Archived from the original on 2022 02 23 a b Ukraine war Don t underestimate Russia cyber threat warns US BBC News 2022 05 11 Retrieved 2022 05 12 Anonymous How hackers are trying to undermine Putin BBC News 2022 03 20 Retrieved 2022 05 12 Cyber Threat Activity Related to the Russian Invasion of Ukraine PDF Communications Security Establishment Retrieved 2023 05 03 a b c Kramer Andrew E 2022 01 14 Hackers Bring Down Government Sites in Ukraine The New York Times ISSN 0362 4331 Archived from the original on 2022 01 15 Retrieved 2022 01 14 a b Polityuk Pavel 2022 01 14 EXCLUSIVE Hackers likely used software administration rights of third party to hit Ukrainian sites Kyiv says Reuters Archived from the original on 2022 02 21 Retrieved 2022 01 16 Polityuk Pavel 2022 01 16 EXCLUSIVE Ukraine suspects group linked to Belarus intelligence over cyberattack Reuters Archived from the original on 2022 02 18 Retrieved 2022 01 16 a b Destructive malware targeting Ukrainian organizations Microsoft Security Blog 2022 01 16 Archived from the original on 2022 02 24 Retrieved 2022 01 17 a b c Cyberattacks knock out sites of Ukrainian army major banks AP News 2022 02 15 Archived from the original on 2022 02 24 Retrieved 2022 02 17 Sanger David E 2022 01 16 Microsoft Warns of Destructive Cyberattack on Ukrainian Computer Networks The New York Times ISSN 0362 4331 Archived from the original on 2022 02 23 Retrieved 2022 01 20 a b Kyle Alspach 2022 02 04 Microsoft discloses new details on Russian hacker group Gamaredon VentureBeat Retrieved 2022 03 22 a b Charlie Osborne 2022 03 21 Ukraine warns of InvisiMole attacks tied to state sponsored Russian hackers ZDNet Retrieved 2022 03 22 Warren Mercer Vitor Ventura 2021 02 23 Gamaredon When nation states don t pay all the bills Cisco Retrieved 2022 03 22 McMillan Robert Volz Dustin 2022 01 20 Ukraine Hacks Signal Broad Risks of Cyberwar Even as Limited Scope Confounds Experts The Wall Street Journal ISSN 0099 9660 Archived from the original on 2022 02 24 Retrieved 2022 01 26 News Ukraine government websites hacked in global attack Deutsche Welle Archived from the original on 2022 01 14 Retrieved 2022 01 14 Brzozowski Alexandra Pollet Mathieu 2022 01 14 EU pledges cyber support to Ukraine pins hopes on Normandy format www euractiv com Archived from the original on 2022 02 01 Retrieved 2022 01 31 Zilbermints Regina 2022 02 15 Ukraine Defense Ministry banks hit by cyberattack amid tensions with Russia The Hill Archived from the original on 2022 02 24 Hopkins Valerie 2022 02 15 A hack of the Defense Ministry army and state banks was the largest of its kind in Ukraine s history The New York Times ISSN 0362 4331 Archived from the original on 2022 02 17 Retrieved 2022 02 17 Government response UK assess Russian involvement in cyber attacks on Ukraine UK government 2022 02 18 Archived from the original on 2022 02 25 Retrieved 2022 02 25 Biden says he s now convinced Putin has decided to invade Ukraine but leaves door open for diplomacy CNN 2022 02 19 Archived from the original on 2022 02 19 Nova kiberataka na banki bula najbilshoyu v istoriyi Ukrayini j dosi trivaye BBC News 2022 02 16 Archived from the original on 2022 02 24 Retrieved 2022 02 25 a b Cyber attacks bring down many Ukraine websites BBC News 2022 02 23 Archived from the original on 2022 02 24 Retrieved 2022 02 24 HermeticWiper New data wiping malware hits Ukraine WeLiveSecurity 2022 02 24 Archived from the original on 2022 02 25 Retrieved 2022 02 24 Ukraine Disk wiping Attacks Precede Russian Invasion symantec enterprise blogs security com Archived from the original on 2022 02 25 Retrieved 2022 02 24 Ukraine EU deploys cyber rapid response team BBC News 2022 02 22 Archived from the original on 2022 02 24 Retrieved 2022 02 24 Satter Satter 2022 03 15 Satellite outage caused huge loss in communications at war s outset Ukrainian official Reuters Retrieved 2024 02 06 a b Nakashima Ellen 2022 03 24 Russian military behind hack of satellite communication devices in Ukraine at war s outset U S officials say The Washington Post Retrieved 2024 02 06 Pearson James Satter Raphael Bing Christopher Schectman Joel 2022 03 12 Exclusive U S spy agency probes sabotage of satellite internet during Russian invasion sources say Reuters Retrieved 2024 02 06 Jones David 2022 04 01 Viasat network cyberattack linked to newly discovered Russian wiper Cyber Security Dive Retrieved 2024 02 06 Corera Gordon 2022 03 25 Russia hacked Ukrainian satellite communications officials believe BBC Retrieved 2024 02 06 Guerrero Saade Juan Andres 2022 03 31 AcidRain A Modem Wiper Rains Down on Europe Sentinel One Retrieved 2024 02 06 Bajak Frank 2022 03 31 Satellite modems nexus of worst cyberattack of Ukraine war Associated Press Retrieved 2024 02 06 BURGESS MATT 2022 03 23 A Mysterious Satellite Hack Has Victims Far Beyond Ukraine Conde Nast Wired U S DEPARTMENT OF STATE Antony J Blinken Attribution of Russia s Malicious Cyber Activity Against Ukraine US Department of State 10 May 2022 Foreign Commonwealth amp Development Office UK EU US and allies have announced that Russia is responsible for a series of cyber attacks since the renewed invasion of Ukraine 10 May 2022 Council of the EU Russian cyber operations against Ukraine Declaration by the High Representative on behalf of the European Union 10 May 2022 VICENS AJ 2022 05 10 UK EU US formally blame Russia for Viasat satellite hack before Ukraine invasion CyberScoop Manson Katrina 2023 03 01 The Satellite Hack Everyone Is Finally Talking About Bloomberg Pavlyuk Oleg 2022 02 26 Ukrayina stvoryuye IT armiyu Fedorov Suspilne Novini in Ukrainian Archived from the original on 2022 02 28 Retrieved 2022 02 28 Pavlyuk Oleg 2022 02 26 Hakeri atakuvali rosijski sajti i jmovirno zlamali rosijski telekanali Suspilne Novini in Ukrainian Archived from the original on 2022 02 26 Retrieved 2022 02 28 Na kanalah Rosiyi ukrayinska muzika hakeri zlamali telebachennya vorogiv Espreso Zahid zahid espreso tv in Ukrainian Archived from the original on 2022 02 28 Retrieved 2022 02 28 Farrow Ronan 2023 08 21 Elon Musk s Shadow Rule The New Yorker ISSN 0028 792X Retrieved 2023 09 09 Sheetz Michael 2022 02 28 Viasat believes cyber event is disrupting its satellite internet service in Ukraine CNBC Retrieved 2023 09 09 a b Mosley Tonya 2023 08 23 Ronan Farrow says Elon Musk has become an arbiter of the war in Ukraine www npr org Retrieved 2023 09 09 Trofimov Yaroslav Maidenberg Micah FitzGerald Drew 2022 07 16 Ukraine Leans on Elon Musk s Starlink in Fight Against Russia Wall Street Journal ISSN 0099 9660 Retrieved 2023 09 09 Mosley Tonya 2023 08 23 Ronan Farrow says Elon Musk has become an arbiter of the war in Ukraine www npr org Retrieved 2023 09 09 a b Reese Isaac 2022 03 05 Can Elon Musk s Starlink Keep Ukraine Online reason com Reason Retrieved 2022 03 14 Starlink v Ukrayini komu dostupnij internet vid SpaceX ta yak nim koristuvatisya The Village Ukrayina 2022 04 29 Archived from the original on 2022 04 29 Retrieved 2022 07 12 a b Krebs Brian Recent 10x Increase in Cyberattacks on Ukraine Krebs on Security Retrieved 2022 03 11 While our overall traffic dropped in Kyiv and slightly increased in Warsaw due to infrastructure outages inside of Ukraine the ratio of good queries to blocked queries has spiked in both cities The spike in the blocking ratio Wednesday March 9 2022 afternoon in Kyiv was around 10x the normal level compared with other cities in Europe This order of magnitude jump is unprecedented Ukraine Refugee Situation UNHCR Ullrich Johannes BGP Hijacking of Twitter Prefix by RTComm ru ISC InfoSec SANS Retrieved 2022 03 28 Possible BGP Hijack BGPStream Archived from the original on 2022 03 28 Retrieved 2022 03 28 Retrieved from https en wikipedia org w index php title 2022 Ukraine cyberattacks amp oldid 1204025110, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.