Cybercrime and cyber conflicts: Ukraine

Cyber wars

On February 25, 2022, information appeared that the Ukrainian Ministry of Defense turned to hackers for help in the confrontation with Russia. The messages sent by the Ukrainian military contain an offer to take part in the cyber war, but it is on the side of Ukraine:

• Cyber ​ ​ war of Russia and Ukraine

2023

How hackers gained access to data from foreign diplomats in Ukraine with BMW ads

On July 12, 2023, it became known that hackers gained access to data from foreign diplomats in Ukraine through BMW advertising. According to Reuters, citing its sources, the cyber attack was directed against diplomats working in at least 22 of about 80 foreign missions in the capital of Ukraine.

According to the interlocutors of the news agency, the hacker group APT29 (its other name is Cozy Bear), allegedly cooperating with, was involved in the attack. Foreign Intelligence Service Russia

It is reported that in mid-April 2023, a Polish diplomat sent an advertisement to various embassies by email about the sale of a used BMW 5-series sedan in Kyiv. This ad, according to the agency, was allegedly intercepted by the hacker group APT29, also known as Cozy Bear. Hackers injected malicious software into advertising, after which they sent it to dozens of foreign diplomats working in Kyiv, reports Reuters.

As the experts of the Unit 42 division noted, the hackers injected ON photos of a used car into the album. Attempts to open these pictures allegedly should have infected the computer.

A Polish diplomat confirmed to the agency that his ad played a "role" in the hacker attack, but for security reasons did not give his name. According to the diplomat, the hackers reduced the price of BMW indicated in the advertisement to 7.5 thousand euros (the agency associates this with an attempt to encourage more people to view the pictures).

When I began to check, I realized that they were talking about a slightly lower price, - said the Polish diplomat.

The State Department USA said it was "aware of this activity" and that "the attack did not affect the systems or accounts of the State Department," the agency said.^[1]

5 viruses simultaneously attacked the news agency of Ukraine and destroyed a large amount of data

On January 27, 2023, it became known about a massive hacker on the national news agency of Ukraine (Ukrinform). According to the Ukrainian Computer Incident Response Service (CERT-UA), as part of the cyber attack, the attackers used five different malicious programs at the same time:

• CaddyWiper (for Windows);
• ZeroWipe (Windows);
• Delete (Windows);
• Terrible shred (Linux);

- BidSwipe ( FreeBSD ). Read more here.

2022

Ukrainian government networks hacked with Trojans disguised as Windows 10 distribution

On December 15, 2022, a company Mandiant working in the field cyber security announced a new hacker attack focused primarily on Ukrainian government resources.

The cyber program was designated UNC4166. It is said that attackers spread malicious installers of the Windows 10 operating system through torrent sites. Such files use the Ukrainian language pack. The investigation showed that the malware was posted on the Toloka platform. In addition, the infected installer was distributed through some Russian-language torrent trackers.

The module includes malware that can collect data from infected computers, inject additional malicious tools, and transfer stolen information to servers controlled by attackers. Moreover, the ISO file is configured to disable Windows security alerts, block automatic updates, and cancel license verification.

Cybersecurity experts note that there is no financial motivation in the event of this attack. There are also no prerequisites for deploying ransomware or cryptomainers. At the same time, Mandiant specialists discovered planned tasks created in mid-July 2022 and designed to receive commands for execution through PowerShell.

After initial reconnaissance, attackers inject Stowaway, Beacon, and Sparepart backdoors that allow them to access compromised computers, execute commands, transfer files, and steal information, including credentials and keystrokes. Although the malicious Windows 10 installers did not specifically target the Ukrainian government, the attackers analyzed the infected devices and launched further, more targeted attacks on those found to belong to government agencies in this country.^[2]

Russian hackers XakNet announced the hacking of the Ministry of Finance of Ukraine

The hacker group XakNet announced an operation to hack the Ministry of Finance of Ukraine. The work was carried out for several months, Russian hackers reported on November 22, 2022 in their Telegram channel. Read more here.

Britain, USA, Germany, the Netherlands, Poland and Estonia support the work of fraudulent call centers in Ukraine

At the end of October 2022 Russian Foreign Ministry , he accused Western countries of supporting "hostile" call centers on. To Ukraine A number of Western countries, including,,, and Britain USA, GERMANY Netherlands Poland Estonia are pursuing a policy of infrastructure support for the functioning of Ukrainian call centers engaged in fraud against Russians.

Ukraine subjected to DDoS attacks from hacked WordPress sites

Ukraine was subjected to - DDoSto the attacks from hacked WordPress sites. This became known on April 29, 2022.

The Ukrainian computer Emergency Response Team (CERT-UA) has published a report on ongoing DDoS attacks on pro-Ukrainian sites and a government web portal.

Unknown attackers compromise WordPress sites and inject malicious JavaScript code into the HTML structure. The script is encoded in base64 format to avoid detection.

The code is executed on the visitor's computer and generates a huge number of requests to stop the work of websites. Cyber ​ ​ attacks occur without the knowledge of the owners of compromised sites and create subtle performance failures for users.

CERT-UA works closely with the National Bank of Ukraine to implement protective measures against DDoS campaigns and numerous cyber attacks carried out earlier. In their report, the CERT-UA team provided instructions for removing malicious JavaScript code and added a threat detection tool to scan sites for hacking.

To detect such activity in the log files of the web server, you should pay attention to events with response code 404 and, if they are non-standard, correlate them with the values ​ ​ of the HTTP header "Referer," which indicates the address of the web resource that created the request, advises CERT-UA.

In addition, it is important to keep the Content Management Systems (CMS) of the site up to date, update plugins and restrict access to site management^[3].

A large call center of fraudsters in Berdyansk acted in agreement with the authorities of Ukraine

During a military special operation, the Russian military in April 2022 found a call center abandoned by Ukrainian fraudsters in Berdyansk, which had data from at least 20 million Russians. It acted in agreement with the authorities, Ukraine while its activities were supported from,, and Netherlands Germany. USA Estonia

Chinese hackers attacked Ukrainian sites for cyber espionage

On February the Ukrainian 23, are attacked hackers China 2022, the sites were allegedly linked to. This became known on April 8, 2022. According to a spokesman for Western intelligence, the target of cybercriminals was. espionage

Some Western officials believe that the incident was much larger and affected systems in Russia, Belarus and Poland.

The attacks were said to be more amateurish and "noisy" than usual, as if the hackers were not particularly worried about their stealth. In addition, unlike the usual behavior of Chinese cybercriminals, hackers began their campaign with Western infrastructure.

Chinese attackers could take advantage of the military conflict in Ukraine to spy not only on Ukraine, but also on Russia, Belarus and other countries. The criminals wanted to carry out their operations under a "foreign flag," trying to redirect suspicions to Western governments^[4].

Hacker attack on Ukrtelecom

At the end of March 2022, massive cyber attacks hit Ukrtelecom. As shown by the NetBlocks service, which displays the availability of the Internet around the world, users throughout Ukraine faced the problem. According to NetBlocks, the number of connections to the operator's networks fell to 13% of the level that was before the start of the Russian special operation in Ukraine on March 24, 2022. Read more here.

Chinese group Scarab attacked companies in Ukraine

The Chinese group Scarab attacked companies in Ukraine. This became known on March 28, 2022.

phishing The attacks use a decoy document allegedly sent on behalf of. National Police of Ukraine

Scarab used a special backdoor called HeaderTip.

According to experts from SentinelOne, the organizers of the targeted phishing campaign send an RAR archive with an executable file designed to secretly install a malicious DLL called HeaderTip in the background.

The Scarab group was discovered Symantec by the Threat Hunter team in January 2015. Criminals have carried out attacks against Russian-speaking individuals since at least January 2012 with the aim of deploying a backdoor called Scieron.

Experts have linked HeaderTip to the Scarab group, based on the similarity of malware ON and infrastructure to Scieron. The HeaderTip, created as a 32-bit DLL file and written in, C++ programming language is 9.7 KB in size, and its functionality is limited to working as a first-stage package to load next-stage modules from remote. servers

According to information security specialists, members of the Scarab group act in order to collect geopolitical information.

Phishing attacks use a decoy document allegedly sent on behalf of the National Police of Ukraine. Decoy documents from various campaigns contain metadata indicating what their creator is using operating system Windows with settings in Chinese^[5]

Ukraine linked phishing attacks on the military with Belarusian hackers

On February 28, 2022, it became known that the computer Emergency Response Team Ukraine (CERT-UA) had warned of a targeted campaign. phishing Hackers attacked private accounts email belonging to members of the Ukrainian armed forces.

After compromising the account, attackers using the IMAP protocol gain access to all messages of the victim. Accounts compromised in these attacks were used to send new phishing messages to contacts in the victims' address books.

Phishing emails are sent from two domains (i [.] ua-passport [.] space and id [.] bigmir [.] space) - the first tries to impersonate the free Internet portal i.ua, which has been providing email services to Ukrainians since 2008.

In the emails, victims are encouraged to follow a built-in link to confirm their contact information and avoid permanently blocking email accounts.

Information security experts linked this malicious campaign to the UNC1151 group. In 2021, specialists from Mandiant linked the group with the government of Belarus. Mandiant also discovered evidence confirming the connection between UNC1151 operators and the Belarusian military^[6].

Ukraine records large-scale DDoS attacks on the websites of government agencies

On the evening of February 23, 2022, another massive DDoS attack on Ukraine began, said Deputy Prime Minister and Minister of Digital Transformation Mikhail Fedorov.

According to him, there were problems with access to websites, and Verkhovna Rada cabinet. Ministry of Foreign Affairs of Ukraine Malfunctions in the operation of the systems state agencies were quickly eliminated, but by 13:00 Moscow time on February 24, 2022, the site still does not work, Security Services of Ukraine (SBU) as the journalist was convinced. TAdviser In addition, interruptions in the resources of a number of other bodies were observed during the day. state power

Chairman of the Verkhovna Rada of Ukraine Ruslan Stefanchuk announced on his Facebook page about cyber attacks on his family.

There were active attempts to hack into the accounts of my whole family, block bank cards, as well as other cyber attacks, he wrote.

The previous cyber attack on the information resources of Ukraine was recorded on February 15, 2022. Interruptions in the work of the web services of PrivatBank and Oschadbank were revealed, the websites of the Ministry of Defense and the Armed Forces of Ukraine were attacked. Fedorov then said that on this day the largest DDoS attack on government sites and the banking sector was carried out in the history of Ukraine. According to him, she prepared in advance, and her cost "is millions of dollars." According to the head of the Ministry of Digital Development of Ukraine, "the goal was to destabilize the situation and sow panic."^[7]

The National Police opened a criminal case on the fact of hacker attacks on Ukrainian web resources. Ukraine has blamed Russia for the cyber attacks. The Kremlin denied all accusations.

We are almost used to the fact that Ukrainians blame Russia for everything, even in bad weather in their country, - said the press secretary of the Russian president Dmitry Peskov.

As a result of hacker attacks on 70 departments of Ukraine, part of the data was erased

State Special information protection Ukraine Communications Service and reported that about 70 sites in governmental the country were attacked on hackers the night of January 14, 2022. This cyber attack in Kyiv was called the largest for four states years. The problem is aggravated by the erasure of data from state servers.

As a result of the large-scale attack, the websites of the Ministry of Foreign Affairs, the Ministry of Education and Science, as well as the State Emergency Service were hacked. The following message appeared on the resources:

All data on the computer is destroyed, it cannot be restored. All information about you has become public, fear and expect the worst.

Microsoft studied the situation in Ukraine and reported that the malware spread by cybercriminals looks like a ransomware virus. At the same time, the program does not have a mechanism for recovering from a ransom and is designed to destroy and disable the main devices, and not to obtain a ransom, the American corporation said.

Microsoft specialists have found malware on dozens of affected systems, and this number may increase as the investigation continues. These systems cover several state, non-profit organizations and information technology organizations, all of them are based in Ukraine, Microsoft said in a statement.

The Security Service of Ukraine () SSU National Police opened a criminal case on the fact. cyber attacks The SBU said they were investigating the involvement of the Russian special services in the cyber attack:

So far, we can say that there are some signs of involvement in the incident of hacker groups associated with the special services of the Russian Federation.

Press Secretary of the Russian President Dmitry Peskov said that Moscow has nothing to do with these incidents.^[8]

2021

The participation of the cyber police of Ukraine in the detention of a gang of hackers, which, using ransomware viruses, earned $0.5 billion

In June 2021, the Ukrainian cyber police announced the detention of a gang of hackers, which earned $0.5 billion with the help of ransomware viruses. As a result of the raids in Kyiv and the Kyiv region, six people were arrested, who were allegedly part of the Clop malware distribution group.

Cybercriminals were detained as a result of an international operation together with law enforcement officers of the United States and South Korea. As a result of the raids, computer equipment, expensive cars and 5 million hryvnia ($185 thousand) in cash were seized.

According to the cyber police, six defendants committed hacker attacks using ransomware viruses on the servers of American and Korean companies. For decryption of data demanded a ransom, and in case of non-payment - threatened to publish confidential data of the victims. So, in 2019, the Clop ransomware virus attacked four Korean companies, as a result - 810 internal servers and personal computers of workers were blocked.

Cybercriminals sent emails with a malicious file to the mail of company employees. After opening the infected file, the program sequentially downloaded additional programs from the distribution server and completely infected the victims' computers with the remote managed program Flawed Ammyy RAT. Using remote access, the defendants activated the malicious Cobalt Strike software, which provided information about the vulnerabilities of infected servers for further capture.

In 2021, the defendants carried out an attack and encrypted personal data of employees and financial reports of the Medical School of Stanford University, the University of Maryland and the University of California.^[9]

Sobyanin called Ukraine the source of most cyber attacks on Moscow

At the end of April 2021, Moscow Mayor Sergei Sobyanin announced a surge in cyber attacks in the capital and noted that most of them come from Ukraine.

Today, Internet crime is not even concentrated with us, but along the border. And today most of the attacks come from the territory of Ukraine, and not from Moscow to Muscovites... These are new challenges, and we must fight them differently, "he said at a session of the HSE and Sberbank discussion club.

It is worth noting that Ukraine repeatedly accuses Russia of hacker attacks. In January 2021, the Foreign Intelligence Service of Ukraine (SVRU) published a newsletter called "White Paper," in which she spoke about the "mechanisms of Russian information influences," one of which is work in social networks. According to the service, a characteristic feature in this sense is the infiltration of bots into local chats and comments under articles in order to sow discord and undermine confidence in existing institutions.

According to the mayor of the capital, the number of cybercrimes over the year increased by 40%. Internet crime is growing "simply in arithmetic progression," Sobyanin stressed.

And here, of course, everything needs to be rebuilt: law enforcement, the Criminal Code, and the criminal procedure, and in general understanding all these things. They are also not abstract, - said the mayor of Moscow.

He also added that against the background of the growth of Internet crime, it is possible to observe a decrease in other, but even more dangerous crimes. So, for example, with the help of a photo and video surveillance system for finding cars in the city, car theft has decreased.

According to the Ministry of Internal Affairs, in January 2021, the share of crimes in the field of high technologies from the total number increased to 25%, while a year ago it was 17.7%. Most of such crimes were detected in Moscow, as well as in the Murmansk region, Chuvashia, Khanty-Mansiysk and Yamalo-Nenets autonomous districts.^[10]

2020

US plans to install network systems at Ukrainian military facilities

The United States intends to install network systems for the Ministry of Defense of Ukraine. An American company working under a contract with the US Department of Energy has announced a tender for the services of specialists who will work at Ukrainian military facilities. The performers will install IT equipment delivered from the United States, as well as auxiliary means - routers, switches, firewalls, servers. As noted in the document, which RT got acquainted with, personnel need to have access to the penultimate level of secrecy according to NATO classification, ^[11].

Mission Support and Test Services, under a contract with the US National Nuclear Safety Administration, part of the US Department of Energy, plans to install network systems for the Ministry of Defense of Ukraine. RT got acquainted with the tender.

"Mission Support and Test Services, LLC (MSTS), under contract with the Nevada branch of the National Nuclear Security Administration of the US Department of Energy, is looking for a contractor to assist the procurement process and install network systems for the Ministry of Defense of Ukraine," the document says.

The project provides for the installation and interaction with other existing systems of various institutions of the Ministry of Defense of Ukraine throughout the country. The main place of work is Kyiv.

The American department expects to implement the project within two years, and to organize the supply of equipment from October 2020.

The performers will work under the guidance of MSTS. They will have to install IT equipment, the delivery of which will be carried out from the United States, as well as auxiliary means - routers, switches, firewalls, servers. In addition, contractors will be required to develop technical documentation and conduct training.

The

agency's application emphasizes that local personnel should have access to military bases in Ukraine. And participants on the American side need admission to the penultimate level of secrecy according to NATO classification.

"Requirements: to provide management, technical and other personnel necessary to support the expansion of the network of the Ukrainian Armed Forces. (Personnel from among Ukrainian citizens must have admission to Ukrainian military bases.) American personnel must have admission to the penultimate level of NATO classification secrecy, a valid foreign passport and official permission to visit the country, "the tender notes.

As military expert Alexei Leonkov told RT in an interview, the United States is trying to rebuild the information system in Ukraine according to NATO standards, in order to then test the tools of the "network-centric war" there. This concept appeared back in 1998 and provides for four phases of warfare. The first of them is to achieve information superiority by destroying the intelligence system, data processing center and enemy command post.

According to Leonkov, for a "network-centric war" it is necessary for a clear interaction of all participants in the information space, but at the moment the Ministry of Defense of Ukraine does not have such technologies.

"In Ukraine, there is no unified control system in cyberspace, all players act differently. Even on the front line, everything does not happen synchronously. Now, apparently, the United States wants to increase the level of the Armed Forces of Ukraine in the information and military space on those units that have been trained according to NATO standards, received weapons and communications, "the expert added.

Leonkov also pointed out that combining network systems at military facilities could allow Washington to control what is happening in Ukraine even at a distance, for example, from a European control center.

Meanwhile, Konstantin Blokhin, a researcher at the Center for Security Research of the Russian Academy of Sciences, noted that the United States considers the information space a key area of ​ ​ warfare in the future, which is why Washington is strengthening cyber capabilities not only at home, but also at its satellites.

"Americans see cyberspace as an area for waging future wars. It is promising and priority for the United States, along with space. Now the main investments and developments will be directed to these two areas, "the interlocutor of RT explained.

2019

Ukraine survived the largest DDoS attack in history. 1/10 of all networks were under attack

At the end of July 2020, it became known about the largest DDoS attack in the history of Ukraine. A tenth of all telecommunications networks in the country were under attack. Read more here.

In Ukraine, detained the seller of 50 databases of central authorities

On July 8, 2020, the Ukrainian Cyber ​ ​ Police announced the detention of the seller of 50 databases of central authorities. He posted advertisements for the sale of information on specialized forums, and carried out life in the messenger using a chat bot.

As reported on the Cyber ​ ​ Police website, the attacker obtained confidential information by picking up and hacking passwords for electronic mailboxes and accounts in social networks and instant messengers. The hacker received money from the sale of databases on cryptocurrency wallets issued on dummies.

Law enforcement agencies conducted searches at the place of residence of the defendant. According to the results, computer equipment and telecommunications equipment were seized. He faces imprisonment for a term of two to five years under the article on unauthorized sale and dissemination of information with limited access (part 2 of article 361-2 of the Criminal Code of Ukraine). By July 8, 2020, investigative actions continue.

The detention of the seller of 50 databases of the central authorities became known a few weeks after the arrest in Ukraine of a fraudster allegedly behind the sale of a huge amount of data, ranging from email passwords, PIN-codes of bank cards and PayPal accounts and ending with information about cryptocurrency wallets.

According to law enforcement officers, the hacker is a resident of the Ivano-Frankivsk region. He stole not only databases with e-mail data, but also information about crypto wallets and information about hacked computers for further use in botnets.

During the searches, police officers seized equipment with two terabytes of stolen information, phones with evidence of illegal activities and cash from illegal operations in the amount of almost 190 thousand hryvnia and more than $3 thousand.

Cybersecurity specialist Troy Hunt says the hacker was selling a database that contained 773 million unique email addresses and more than 21 million passwords.^[12] 

Employees of the Ukrainian cyber police detained members of a hacker group that was involved in hacking servers to order

On December 29, 2019, it became known that employees the Ukrainian cyberpolice detained members of hacker a group that was engaged in servers custom hacks. Criminals compromised remote ones servers owned by companies and individuals and sold access to them. They managed to compromise more than 20 thousand servers around the world.

As reported, the group included three citizens of Ukraine and one foreigner. All of them were participants in well-known hacker forums and were engaged in custom hacks of servers located in Ukraine, Europe and the United States.

The group has been active since 2014. Attackers gained access to servers using brute-force attacks and used special programs to exploit vulnerabilities in Windows-based servers. They used some of the hacked servers for their own purposes, in particular, to carry out DDoS attacks, organize command centers to control Trojans-infostilers, and also to carry out brute force attacks on other network nodes.

In addition, the group sold access to some hacked servers to other hackers who used them for ransomware attacks, theft of money from bank cards, mining, etc.

computer Networks in various countries, including in,, To Ukraine,, Russia,, France,, and China Bulgaria India Brazil Malaysia Nordic countries, have suffered from the actions of cybercriminals.

To coordinate actions, the criminals used secure instant messengers, and the money earned went to cryptocurrency and electronic wallets. On several of them, police officers found a total of almost $80 thousand.

During searches at the place of residence of the group members , computer equipment, additional storage media, draft records, mobile phones and bank cards were seized.

On this fact, the police began a criminal case under Part 2 of Art. 361 of the Criminal Code of Ukraine (Unauthorized sale or distribution of information with limited access, which is stored in electronic computers (computers), automated systems, computer networks or on carriers of such information)^[13]

In Ukraine, a network of fraudulent call centers was covered, earning hundreds of millions a year

At the end of December 2019, it became known about the termination of the activities of a criminal group in Ukraine, which created a network of fraudulent call centers and lured money from people under the guise of bank workers.

According to the press service of the Ukrainian Cyber ​ ​ Police, the criminal group was organized by three residents of Zaporozhye aged 20 to 24 years. They bought up client databases on the darknet, according to which they then called citizens in an attempt to steal money from bank cards.

The criminals acted on the territory of Zaporozhye and Dnepropetrovsk regions. Introducing themselves as employees of the bank's security service and using psychological measures, they lured out information such as a CVV code, card numbers, pin codes and the like from citizens. In addition, every month all employees of the call center received appropriate trainings, in which they were instructed to communicate with clients in four different languages.

The criminal group had three offices, which were located in Zaporozhye. They all disguised themselves as offices selling windows and balconies. The staff consisted of about 100 people, including minors.

They received about 15,000 UAH monthly for their work (39 thousand rubles at the exchange rate as of December 31, 2019). The weekly turnover of call centers is about UAH 3 million (7.8 million rubles) per month. Thus, fraudsters could earn about UAH 150 million (394 million rubles) a year.

Law enforcement agencies searched the location of the fraudsters' office premises, as a result of which they seized computer equipment, mobile phones, client bases and draft records. All seized equipment was sent for examination. The attackers face up to eight years in prison, the Cyber ​ ​ Police said.^[14]

Cyber Poligon Discovery

In December 2019, the State Service for Special Communications and Information Protection announced the creation of a cyber police - a research complex on the basis of the National Technical University "Igor Sikorsky Kyiv Polytechnic Institute." Read more here.

The SBU neutralized a hacker group that stole funds from users of payment systems in the USA and Europe

On November 30, 2019, it became known that employees of the Security Service of Ukraine stopped the activities of an international cybercriminal group that was engaged in theft of funds from the accounts of users of electronic payment systems in the United States and Europe.

According to the official report of the department, the organizer of the group was a Russian citizen living in Kyiv, the remaining three members are natives of the Cherkasy region.

Cybercriminals acquired data on payment accounts of foreigners on underground forums and stole money for which they purchased goods in online stores, then these products were sold in Ukrainian online services.

The group has been operating since 2010, its annual turnover was $500 thousand - $700 thousand.

At the place of residence of the detainees, the police seized, among other things, computer equipment and tablets with evidence of crimes. Also found illegally purchased goods, including smart watches, smartphones, video cameras, navigators, DVRs, etc.

At the end of November 2019, the issue of notification of suspicion of committing a crime under Part 2 of Art. 361 of the Criminal Code of Ukraine (unauthorized interference with the operation of electronic computers (computers), automated systems, computer networks or telecommunication networks), as well as part 2 of Art. 209 (legalization of income obtained illegally). Pre-trial investigation continues^[15]

2018

Attack on the "Aulskaya chloroperelivnaya station"

In July, it became known that employees of the Security Service of Ukraine repelled a hacker attack on the network equipment of Aulskaya Chloroperelivnaya Station LLC, which is an object of the country's critical infrastructure.

As the special services found out, within a few minutes, the process control systems and the system for detecting signs of emergency situations of the enterprise were hit by the malware ^[16] This cyber attack could potentially lead to a breakdown in technological processes and a possible accident.

The hackers' plan was to block the stable functioning of the overflow station, which provides plumbing and sewage enterprises throughout Ukraine with liquid chlorine.

According to representatives of the SBU, hackers who attacked the station could allegedly be associated with the Russian government.

Poroshenko: Ukraine intercepts data from Russian satellites

Ukrainian IT specialists working for the government have the ability to intercept data from Russian satellites. This statement was made in September 2018 by the President of Ukraine Petro Poroshenko during a live broadcast in Vinnitsa, which was broadcast by the Direct TV channel^[17].

According to him, IT in Ukraine has a "wide range of practical applications," including helping to save the lives of the Ukrainian military during hostilities. Poroshenko cited one of the last conflicts that took place during the armed confrontation in Donbass as an example. He said that on the eve of Independence Day of Ukraine, which is celebrated on August 24, Ukrainian troops recorded an attempt to break through the front line from the DPR.

The offensive was carried out by a reinforced company on a strip 1.5 km long. According to Poroshenko, enemy artillery, multiple launch rocket systems and mortars were concentrated in this area. The President of Ukraine clarified that the Ukrainian troops were able to timely tighten reserves and artillery in order to repulse the enemy. He noted that this was done thanks to the work of intelligence and satellite images.

"How did that become possible? Thanks to specialists of communicative specialties, specialists in satellite technologies, specialists in computer decryption, because we made an interception from Russian satellites (I ask you not to show it). And this means that a very strong school has already been created in Ukraine, "Poroshenko concluded.

US will double aid to Ukraine to support cybersecurity

The United States will double assistance to Ukraine to strengthen the country's cybersecurity, 112 Ukraine reported in May 2018. This was told by Assistant Secretary of State Wess Mitchell following a meeting with President of Ukraine Petro Poroshenko.

"We discussed cybersecurity issues, and I am proud to announce that we are doubling the amount of assistance in this direction - in strengthening cybersecurity - from $5 million to $10 million," Mitchell said.

He also announced US support for the progress that Ukraine is showing in its desire for NATO and Euro-Atlantic integration.

"I

have just returned from a meeting of foreign ministers of NATO member countries that took place recently in Brussels, and at this meeting, the newly appointed US Secretary of State Pompeo once again stressed support for the progress that Ukraine is showing in its desire for NATO and Euro-Atlantic integration," he said.

SBU announced the exposure of the "pro-Kremlin" hacker group

The Security Service of Ukraine stated ^[18] about suppression in Kiev of activity of the "pro-Kremlin" hacker group organizing cyber attacks to objects of critical infrastructure, the state and bank organizations of the country. To hide their activities, the attackers used message anonymization services, the special services said in a press release^[19].

According to the report, the criminals, by "decree of the Russian special services," used the so-called "bot farms" to conduct special information operations against Ukraine.

During searches in the office and at the place of residence of the detainees, law enforcement officers identified software and hardware complexes, server equipment, computer equipment and over 50 thousand cards of various mobile operators that were used in cyber attacks.

A pre-trial investigation is underway within the framework of criminal proceedings opened under Article 361 of the Criminal Code of Ukraine (illegal interference in the operation of electronic computers, automated systems, computer networks or telecommunication networks).

More:

CIA: "Russia is to blame"

The US Central Intelligence Agency issued a statement in early 2018 that cyber attacks on Ukraine in 2017 were organized by the Russian military. The purpose of the attacks is to undermine the country's financial system against the backdrop of a civil war. About this writes The Washigton Post with reference to the CIA.

In particular, experts consider Russia responsible for the development of the NotPetya virus, which attacked Ukrainian banks, airports and computers of officials. In addition, the virus also affected other countries, although most of all, experts say, Ukraine suffered.

Servers of the Ministry of Justice of Ukraine were subjected to a hacker attack, hundreds of gigabytes of data were stolen

The website of the Main Territorial Administration of Justice in the Odessa region was hacked. This is stated in the statement of the department.

"Currently, with the support of employees of the Security Council of Ukraine and the Black Sea Cyber ​ ​ Police Department, work is underway to establish the causes of this incident,"^[20] in a statement^[21].

It is reported that hackers managed to steal hundreds of gigabytes of documents from the Ukrainian Ministry of Justice.

"Hundreds of gigabytes of Justice Department documents in the public domain. Who flooded the shell is unknown. Shell is available without a password. The URL is understandably overwrought. Admin passwords stolen by hackers. All discs from C to F were available for reading and writing, "says the activist under the nickname Sean Brian Townsend, who is a member of Ukrainian Cyberalyans.

The Russian special services are suspected of a hacker attack. It is said that all the servers of the Ministry of Justice of Ukraine are compromised.

2017

US aid again

On December 14, the US House of Representatives Foreign Affairs Committee supported a bill aimed at helping Ukraine ensure cybersecurity and confront "Russian disinformation and propaganda." The initiator of the project is the Democratic Congressman from Pennsylvania Brendan Bowley, the text of the law was also finalized with the participation of the chairman of the committee, Republican Ed Royce (California^[22].

According to information from the committee's website, the document was supported by all its members. The main goal of the bill is "to contribute to Ukraine's efforts to strengthen cybersecurity." And the United States, for its part, intends to help Ukraine resist "supported Russia attempts to use disinformation and propaganda in cyberspace, including through social networks and other platforms."

Assistance from the US Secretary of State, according to the document, should be aimed at protecting the government computer networks of Ukraine, as well as reducing the dependence of Kyiv "on Russian information and telecommunication technologies." 180 days after the entry into force of the proposed law, the chief of American diplomacy is obliged to submit to the relevant committees of Congress a report on the work done.

The bill will be considered by the full House of Representatives, then the document will go to the Senate. In case of a positive decision, the text will be sent for signature to the president.

Help from the European Investment Bank

According to the information announced by the press service of the Deputy Prime Minister for European and Euro-Atlantic Integration of Ukraine Ivanna Klimpush-Tsintsadze, the European Investment Bank (EIB) offered Ukraine assistance in the field of cybersecurity. Relevant agreements were reached with the head of the EIB in Ukraine Lilia Chernyavskaya during the discussion of the project "Emergency Credit Program for the Restoration of Ukraine," the bank's investment in which will amount to more than 5 billion euros. The^[23] will^[24].

Aid USA, Canada, Turkey and Chile

The United States, Canada, Turkey and Chile will support Ukraine in the fight against hackers. The US Congress submitted at the beginning of 2017 a bill on ensuring the cybersecurity of Ukraine. It is planned that American specialists will be involved in installing security systems in Ukrainian government agencies to protect critical infrastructure. The United States also made a proposal to assist Kyiv in "creating its own cybersecurity potential^[25].

The state concern Ukroboronprom intends to cooperate with Chilean companies on projects related to the development of unmanned aerial vehicles, aircraft production and cybersecurity. The Ministry of Defense of Ukraine plans to adopt the experience of Canadian colleagues in countering cyber attacks. The Turkish state corporation Havelsan will provide Ukrainian specialists with its development of information and intelligence systems and IT control systems.

NATO assistance

In July 2017, Ukraine may receive equipment from NATO to combat cyber attacks at a total cost of 1 million euros. The reason for the help was the scale of losses from the Petya virus. According to Eset, which specializes in information security solutions, Ukraine accounted for 75% of all attacks using Petya.

Deputy Prime Minister of Ukraine for the tasks of European and Euro-Atlantic integration Ivanna Klimpush-Tsintsadze said that the recent attack of the Petya virus has led to the fact that the country will receive equipment from NATO to organize cyber defense of the country's critical systems. In addition, she expects an increase in financial assistance. "I think that, in fact, the week when it comes here to Ukraine," she said. The delivery will be carried out through the NATO trust fund, the volume^[26] which today is 1 million euros. Ukraine will^[27]

300 thousand euros in the framework of cooperation allocated NATO for the equipment and training of employees of the Security Service of Ukraine to combat cyber threats. This statement was made in early 2017 by Deputy Assistant Secretary General of the North Atlantic Alliance for New Security Challenges Jimmy Shea. Special equipment will be delivered to Ukraine and installed until the end of spring. "We are left to go through some of the usual administrative formalities of import/export procedures, but we hope we can do that very quickly. Our goal is that by the summer everything should be established, tested and launched, "the representative^[28] emphasized^[29].

Shea also spoke about the allocated funds for the purchase of equipment and training of specialists: "NATO has a corresponding trust fund headed by Romania, but many countries are donors to this fund. We spent over 300 thousand euros to help the Ministry of Foreign Affairs of Ukraine, as well as Ukrainian special services in training employees and improving equipment to better detect and repel cyber attacks. " In his opinion, in order to effectively organize opposition to cyber threats, not only technology is needed, but also special knowledge. NATO's mission in this case is to assist Ukrainian specialists from the SBU in both financing and training.

Amnesty International condemns Ukraine's information doctrine

Tatiana Mazur, executive director of the human rights organization Amnesty International, criticized the information doctrine of Ukraine. She believes that regulating the monitoring of media and publicly available resources in Internet order to identify information prohibited on is a To Ukraine direct violation of generally accepted freedoms. "Freedom of speech? No, they haven't heard. There is only one way to counteract propaganda - by creating high-quality and objective content. But if it is difficult, it is much easier to follow the path of bans, although this is not the path that a developing country needs, "she emphasized^[30]

Doctrine "On threats to state cybersecurity and urgent measures to neutralize them"

President of Ukraine Petro Poroshenko approved at the beginning of the year by presidential decree a program of action aimed at strengthening cyber security the country. The program is contained in the decision states ^[31] National Security and Defense Council (NSDC) "On cybersecurity threats and urgent measures to neutralize them," adopted in December 2016^[32]

The purpose of the doctrine is to clarify the principles of the formation and implementation of state information policy, primarily to counter the "destructive information influence of the Russian Federation in the context of the hybrid war it unleashed^[33].

According to the provisions of the doctrine, the duties of tracking publications in the media and the Internet in order to identify information, the dissemination of which is prohibited in Ukraine, are assigned to the Ministry of Information Policy. Also, the ministry should shape the priorities of the state information policy and monitor their implementation. In addition, the department is obliged to develop a strategy for "information support of the process of liberation and reintegration of temporarily occupied territories."

A number of tasks are also assigned to the Ministry of Foreign Affairs of Ukraine, the Ministry of Defense, the SBU, the State Service for Special Communications and Information Protection, intelligence agencies and the National Institute for Strategic issledovany.​

Data Storage Regulation

In its decision, the NSDC, among other things, proposes to provide Ukrainian law enforcement agencies with wider access to user data. The Verkhovna Rada will consider a draft law according to which operators and providers will have to store the necessary data for 90 days, up to three years in the future. The so-called electronic evidence found by the investigation will begin to appear in Ukrainian criminal cases.

In addition, operators will have to provide identification information about service providers, and report on which routes these providers transmit information. In addition, the NSDC proposes to give Ukrainian courts the right to make decisions on blocking resources. The corresponding bill will be submitted to the Verkhovna Rada for consideration within three months.

Replacement of Russian products

An important place in the Ukrainian cyber defense program is given to Russia. In particular, the decision of the National Security and Defense Council prescribes Russian equipment and software to be replaced with Ukrainian counterparts. The Security Service of Ukraine (SBU) and the State Service for Special Communications and Information Protection of Ukraine during 2017 should come up with how this can be done in the public sector. In six months, it is planned to develop a plan to stimulate Ukrainian production in this area. The government and the SBU should propose measures that will solve the problem of using Russian equipment and software at critical infrastructure facilities.

In addition, it is planned to develop a way to block Russian payment systems in Ukraine. The National Bank of Ukraine has a month to think about the legal side of this issue.

State cybersecurity

Also, the decision of the National Security and Defense Council proposes to ensure the information security of state facilities and critical infrastructure, and this is not only a ban on Russian products in this sector. The Cabinet of Ministers of Ukraine must approve the protocol of joint actions of all authorized authorities to detect and prevent cyber attacks on such objects and eliminate their consequences.

It is planned to create a national telecommunications network for government agencies. The main and spare data centers for storing data of state information resources will also be created, for which six months are allotted.

In addition to all of the above, there are two classified provisions in the NSDC decision.

2016

Ukraine accused Russia of cyber attacks on critical infrastructure

The Security Service of Ukraine accused hackers associated with Russia in a series of cyber attacks aimed at the energy and financial systems, as well as objects of other infrastructure of the country. Cyber ​ ​ attacks used a new type of malware designed to interfere with industrial processes. This was reported by the Reuters news agency with reference to the head of the SBU apparatus, Alexander Tkachuk^[34].

According to him, not only personnel officers of the Russian special services are involved in the attacks, but also private IT companies and hackers who operate in Ukraine, and, most likely, are the creators of the malicious POBlackEnergy.

According to the SBU, in November and December 2016 alone, the country's critical infrastructure was subjected to 6.5 thousand cyber attacks, allegedly carried out by hackers sponsored by the Russian Federation. Tkachuk cited examples of attacks in December last year against key objects of the state system of Ukraine - the State Treasury, the National Bank and the Ministry of Finance.

According to Tkachuk, in the latest attacks to infect computers from which control over the infrastructure is being carried out, a mechanism was used, which was conditionally called Telebots. According to ESET, this mechanism is derived from BlackEnergy malware.

Another cyber-security company, CyberX, reported a cyber espionage campaign that compromised more than 60 sites, including the Department of Energy and a research institute.

Information Security Doctrine

The concept of national security of Ukraine was adopted by the National Security and Defense Council (NSDC) of the country at the end of 2016.

The development and protection of the ICT infrastructure for information security (information security) of Ukraine, as well as the provision of full coverage of the country's territory by digital broadcasting are named among the main priorities of state policy in the information sphere.

The doctrine was developed by the expert council of the Ministry of Information and considered in the NSDC apparatus. Comments from the Ministry of Education, the BP Committee on Freedom of Speech and Information Policy, the SBU, the National Institute for Strategic Studies were also taken into account in the document.

Russian hackers accused of hacking the application of Ukrainian gunners

At the end of 2016, the Ministry of Defense of Ukraine commented on the report of the CrowdStrike analytical group. ^[35], which stated that Russian hackers from the Fancy Bear group could be involved in hacking the application used by Ukrainian gunners, the UNIAN^[36][37].

The report said that in the applications Popr-D30.apk and Dill, used by the Armed Forces of Ukraine to simplify calculations during the operation of artillery, a bookmark of a package for remote access by X-Agent was found. This package allows you to access GPS and cellular data and thus indicate the exact positions of the artillery. According to the independent military analytical agency International Institute for Strategic Studies, APU ​ lost about 80% of D-30 howitzers during the conflict in southeastern Ukraine.

The press service of the Ministry of Defense said that information about the destruction of 80% of howitzers as a result of hacking software by hackers is not true. According to the command of the missile forces and artillery of the ground forces of the Armed Forces of Ukraine, during this time the loss of artillery weapons was several times less than those mentioned in the report and is not related to this reason.

On the creation of a cyber police unit

On October 15, 2015, Prime Minister Arseniy Yatsenyuk and Minister of Internal Affairs of Ukraine Arsen Avakov announced the creation of a cyber police unit. The Cyber ​ ​ Police Department will ensure information security in the country. The unit will be part of the national police, its number will be 400 people. The salary of the cyber police inspector will be UAH 6 thousand (about 17 thousand rubles).

In addition, the main requirements for the inspector of the cyber police department were named. He must be a citizen of Ukraine over 21 years old, have the skills of an experienced computer user, know the legislation of Ukraine, speak English and Ukrainian, and also have no criminal record. It is desirable to have a higher legal education.

The post of special cybersecurity agent will also require knowledge of programming languages, experience in computer technology and higher technical education. His salary will already be from 25 thousand to 30 thousand UAH (about 80 thousand rubles).

Hackers hacked the accounts of the Ministry of Defense and the National Guard of Ukraine in social networks

The accounts of the Ministry of Defense and the National Guard of Ukraine in social networks were subjected to a hacker attack on August 24. In a tweet from the Ministry of Defense, a message was published that the account was hacked by a group of Sprut hackers, accompanied by a collage with the inscription "There is no more Ukraine" and "The country has not been found." The same message appeared on the official instagram of the defense department of Ukraine. As of 14:30 Moscow time, the Ministry of Defense did not restore access to its accounts in social networks.

US will help Ukraine investigate cyber attack on power facilities

The Ministry of Homeland Security USA announced in January 2016 that it was assisting To Ukraine in the investigation at cyber attacks Prykarpattyeoblenergo, as a result of which more than 80 thousand people were left without electricity, he said. Reuters

The incident occurred on December 23, 2015. The Security Service of Ukraine said that the attack was carried out by the special services of Russia. As noted, SBU officers discovered malicious software in the networks of individual regional energy enterprises. In the United States, this attack was associated with the actions of the Russian hacker group Sandworm.

According to the department, the attack was accompanied by continuous calls to the technical support numbers of the oblenergo.

Kyiv linked a hacker attack on Borispol airport with Russia

A cyber attack on Kyiv's Boryspil airport, carried out in January 2016, was carried out from a Russian server. This was stated by the speaker of the presidential administration of Ukraine on ATO issues Andriy Lysenko^[38].

On January 16, Lysenko said at a briefing that specialists from the State special communications service and (information protection Ukraine Gosspetsvyaz) prevented a hacker attack on Boryspil airport, which may have been organized by the side. Russia

According to the colonel, experts found that one of the workstations at the Kyiv airport was infected with the Black Energy virus. Earlier, the same virus was found during a hacker attack on the power system in Ivano-Frankivsk in western Ukraine in December 2015.