The Russian – Ukraine war continues in the cyber world at the same speed as on the ground.
Attackers hacked into the broadcasting network of satellite TV channels in Russia.
The incident happened this morning and according to officers, attackers added anti-war announcements against operations in Ukraine at the bottom of the screen.
According to post of 66.ru, “Our specialists are doing everything possible to resolve the problem as soon as possible. In the near future, everything will be restored, ”the company said.
It is specified that several providers were subjected to the attack.
According to a Russian website – habr, at least dozens of accounts have been blocked by GitHub.
Sanctions against Sberbank and Alfa-Bank, the country’s largest private banks, include the freezing of bank assets and the imposition of a ban on US citizens and companies from doing business with them. Under the sanctions, as an example, these GitHub accounts of these two banks have been blocked;
Today, some researches reported that some personal accounts have been blocked too.
One of the largest Ukrainian telecom-providers, Ukrtelecom, suffered in the powerful attack on March 28, 2022. It was just an incident during the hybrid warfare between Russia and Ukraine, that we are always trying to inform you about the latest situations.
Ukrtelecom’s CIO Kyrylo Honcharuk spoke about the details of the Ukrtelecom attack:
“Ukrtelecom as part of Ukraine’s vital information infrastructure is in the focus of hackers’ attention all the time. We’ve been observing the increase in the number of cyberattacks against our infrastructure since the very beginning of the invasion. The attack on March 28 was powerful and sophisticated,”
Officials mentioned that the discovery phase of the attack launched from the Ukrainian territory recently temporarily occupied by the Russians. The hackers used for discovery a compromised account of the company’s employee.
Once they gained access, the hackers then tried to disable Ukrtelecom’s equipment and servers to gain control over its network and equipment. There was also an attempt to change the passwords of employees’ accounts and of logins to access equipment and firewalls. With the attack, Ukrtelecom temporarily limited the access to its services for private and business clients. The traffic in the network fell to 13% from the regular regime of the network’s functioning. The Internet access for the clients started to be restored late on March 28. The following day, Ukrtelecom services became available to almost all its users.
The investigation continues. We saw several attacks on Ukraine’s organizations related to Russian invasion, however, this attack cannot be attributed to any hacker group. We expect to see more attacks on Ukrainian targets including government, energy and financial organizations.
Another sanction decision against Russia came from Canonical. Canonical announced that they are cancelling support, professional services, and channel partnerships with Russian enterprises.
“In response to the Russian invasion and acts of war in Ukraine, Canonical has sent notice of termination of support, professional services, and channel partnerships with Russian enterprises. We will not resume such engagements while broad and democratically instituted sanctions on Russia remain in place.
We will not restrict access to security patches for Ubuntu users in Russia – free software platforms like Ubuntu, VPN technologies, and Tor, are important for those who seek news and dialogue outside state control. We will direct any Russian subscription income for such maintenance to Ukrainian humanitarian causes.
We are actively supporting all of our colleagues affected by this war to ensure to the greatest degree possible their financial, emotional and physical safety. We are also supportive of colleagues around the world who have joined the effort to help and house victims and refugees.
As a company and a community, we are appalled by the senseless loss of life, and destruction of property and heritage, underway in Ukraine.“
Anonymous continues to target Russian government entities and private businesses. Lastly, it is announced that Russian Orthodox Church’s charitable wing hacked by Anonymous group.
The group leaked 15GB of data however, they offer to share this data only to journalists or researches.
This week, Thozis Corp. was another victim of Anonymous in Russia. Thois Corp. is a Russian investment company and owned by Zakhar Smushkin. The Group have stolen thousands of internal email (about 5500) and shared.
Anonymous announced that dozens of CCTV cameras in Russia had been hacked and they published all these streams in a website.
Some of the them are not reachable now however there are still many broadcast including restaurants, indoor, outdoor, offices and schools. At the beginning, site was including home camera broadcasts too but the hackers then removed these broadcasts from the websites with an explanation:
“After some consideration, we’ve decided to take down the house cams out of respect for the privacy of the Russian civilians. We hope you understand.“
It is currently unclear how the cameras were accessed by attackers.
The war between Russia and Ukraine continues with all its violence in the cyber environment as well as on land.
The day started with the news about the hacking of the websites of arbitration courts of the Russian Federation.
The courts of Moscow, Primorsky, Krasnodar, Khabarovsk Territories and other regions were attacked. The attackers posted texts insulting Vladimir Putin and Russians on the main pages related to the operation in Ukraine.
Anonymous still have a very active role for Ukrainian side in this cyber war.
As the latest activities of Anonymous, they attacked to the German facilities of the Russian energy firm Rosneft, and have stolen about 20 TB of confidential data. Rostneft is a very important supplier for different industries of Germany and this attack looks like it will have a lot of effects on the company’s operations.
Meanwhile today, the largest Ukrainian TV channel Ukraine-24 was hacked and the news about Zelensky called for laying down arms was published.
“The news ticker of the TV channel Ukraine 24 was hacked by enemy hackers and they are broadcasting Zelensky’s message about the alleged “surrender”. It’s fake. Friends, we have repeatedly warned about this. No one is going to give up <…>,” the message published after the incident.
On 27th of February, a member of Conti threat group started leaking data from the group, after Conti group announced that they are fully supporting Russia against Ukraine. Leakage process is still going on via “ContiLeaks” Twitter account.
Leakage started with unencrypted chat messages between Conti members. On 1st of March, the threat actor shared access information to several Conti storage servers and some screenshots of the folders in server.
On 4th of March, another Twitter account @c3rb3ru5d3d53c shared the vulnerabilities that Conti is using to compromise the systems with the screenshot below.
Conti has harmed many organizations and continues to do so. We know that even in February alone, they hacked many organizations and managed to get their data out.
As can be seen in the screenshot, the threat group is using vulnerabilities that already has patch, instead of using very sophisticated techniques. This situation shows us, even very simple vulnerability management can prevent most of these attacks. Even scanning with free tools and patching the vulnerabilities really can prevent your system actively. So, this sharing from @c3rb3ru5d3d53c Twitter account was very important for us because it shows us that even very simple measures can prevent big problems.
After increasing attacks to Ukraine day by day, last week, Ukraine asked IT pros to help defending its IT infrastructure and attack specific targets. In recent days, we have seen anonymous declared that they are supporting now Ukraine and also several attacks to Russia from volunteers supporting Ukraine.
Cyberpolice of Ukraine announced that “cyber police and volunteers are now working and attacking the aggressor’s web resources.” These sources including both Russian and Belarusian web resources.
List of blocked resources: sberbank.ru, vsrf.ru, scrf.gov.ru, kremlin.ru, radiobelarus.by, rec.gov.by, sb.by, belarus.by, belta.by, tvr.by.
Ukraine is sharing the latest news on https://cyberpolice.gov.ua/ website and @ServiceSsu Twitter account.
End of the weekdays, Ukraine asked hackers to defend Ukraine’s cyber structure, and started creating two teams, one is for defensive and the other one is offensive. Meanwhile, we faced some threat actors declared they are supporting Russia. While all this was going on, an open letter from the IT industry against the operation in Ukraine was signed by more than 10 thousand people, according to post of securitylab.ru website.
More than 10 thousand representatives of Russian IT companies signed the letter as “inevitably entail human casualties on each side.“
“We consider any display of force that leads to the outbreak of war unjustified and call for the reversal of decisions that could inevitably entail human casualties on each side. Our countries have always been close to each other. And today we are worried about our Ukrainian colleagues, friends and relatives. We are concerned and morally oppressed by what is happening now in the cities of Ukraine.
In our work, we make the best products, the best service, we sincerely do everything to make Russian IT solutions to be proud of. We want our country to be associated not with war, but with peace and progress.
Progress and development of technologies for the benefit of man is impossible in conditions of war and threats to the lives and health of people, they are possible only in conditions of cooperation, diversity of points of view, exchange of information and open dialogue.
We ask the leadership of our country to pay attention to our call, to find ways to resolve this situation peacefully and prevent human casualties.“