Search This Blog

Showing posts with label Ukraine. Show all posts

The National Security and Defense Council of Ukraine reported a leak of IP addresses of government websites


The leaked list of hidden government IP addresses of government websites occurred in Ukraine. This is stated in the statement of the National Security and Defense Council (NSDC).

It is noted that specialists of the National Cyber Security Coordination Center under the National Security and Defense Council of Ukraine have found in the DarkNet a list of almost 3 million sites using the Cloudflare service to protect against DDoS and a number of other cyberattacks. The list contains real IP-addresses of sites that are under threat of attacks on them.

"The list contains real IP addresses of sites, which creates threats to direct attacks on them. Among these addresses are 45 with the domain" gov.ua" and more than 6,500 with the domain "ua", in particular, resources belonging to critical infrastructure objects",  specified in the message on the official website of the NSDC.

According to Ukrainian experts, some data on Ukrainian sites are outdated, and some are still relevant. In this regard, according to the NSDC, there is a threat to the main subjects of cybersecurity.

It was found that Cloudflare provides network services to hide real IP addresses to mitigate DDoS attacks.

In January of this year, the national police of Ukraine opened criminal proceedings due to a hacker attack on the website of Burisma Holdings. According to Assistant to the Interior Minister Artem Minyailo, the attack "was most likely carried out in cooperation with the Russian special services." To conduct an investigation, Ukraine turned to the US Federal Bureau of Investigation.

In May 2020, representatives of the state service for special communications and information protection of Ukraine announced hacker attacks on the websites of state bodies of Ukraine, including the portal of the office of President Vladimir Zelensky. In the period from 6 to 12 may, more than 10.9 thousand suspicious actions were recorded on state information resources.

Provider Volia reported to the cyber police about the intense cyberattacks on the server


Cable provider Volia appealed to the Cyber Police on the fact of fixing a DDoS attack on the Kharkov servers of the company, which has been ongoing since May 31.

"For three days, from May 31 to today, the Volia infrastructure in Kharkov is subjected to cyberattacks. At first, they were carried out only on subscriber subsystems, later they switched to telecommunications infrastructure. As a result, more than 100,000 subscribers experienced problems using the Internet, IPTV, multi-screen platform, and digital TV," said the company.

In total, the complete lack of access to Volia's services, according to the provider, lasted 12 minutes on May 31, 45 minutes on June 1. There was also an attack on the website volia.com, but it was managed to neutralize.

"DDoS attacks were massive and well-organized. The type of attack is UDP flood and channel capacity overflow with the traffic of more than 200 GB. UDP is a protocol used for online streaming services - streaming, telephony, video conferencing, etc. The attack occurred from tens of thousands of different IP addresses around the world: the United States, Malaysia, Taiwan, Vietnam, etc.", emphasized the press service of the provider.

According to representatives of the company, attacks of this volume are followed by extortion and other attempts to influence the company. Therefore, Volia appealed to the cyber police with a statement about a massive DDoS attack on the infrastructure.

At the same time, Volia stated that they cannot be sure that the attacks will not happen again, but they are doing everything possible to avoid it.
It should be noted that Volia company serves about 2 million cable TV and Internet subscribers in 35 cities of Ukraine.

In Ukraine, a world-famous hacker has been detained


The press center of the Security Service of Ukraine announced the arrest of a world-famous hacker who operated under the nickname Sanix. Last January, Forbes, The Guardian, and Newsweek wrote about the cybercriminal. TV channel Italia 1 dedicated a separate story to it since the database put up for sale by an unknown person was the largest in the history of the stolen database.

The hacker Sanix turned out to be a 20-year-old resident of the small town of Burshtyn. The guy graduated from high school and college, has no higher education.

At the beginning of last year, Sanix attracted the attention of the world's leading cybersecurity experts. On one of the forums, a hacker posted an ad for the sale of a database with 773 million email addresses and 21 million unique passwords. According to the portal Wired, this event should be considered the largest theft of personal data in history.

SBU experts claim that the hacker also sold pin codes for bank cards, electronic wallets with cryptocurrency and PayPal accounts.

During the searches, computer equipment with two terabytes of stolen information, phones with evidence of illegal activity and cash from illegal operations in the amount of $7,000, and more than $3,000 were seized from a hacker.

The National Police of Ukraine added that the 87 GB database proposed by the hacker makes up only a small part of the total amount of data that he possessed. More than 3 TB of such databases, uploaded and broken passwords were found at the hacker. This includes the personal and financial data of EU citizens and the United States.

Sanix himself in private correspondence with a BBC journalist noted that he was only a salesman. Sanix said that poverty in the country and an urgent need for money motivated him to become a cybercriminal.

The Security Service of Ukraine (SBU) counted more than 100 cyberattacks on government websites


The SBU has neutralized 103 cyberattacks on information resources of state authorities since the beginning of the year.

According to the Agency, since March, a significant number of attacks take place against agencies that ensure the fight against coronavirus. The SBU reported that hackers send emails with malicious software code to the mailboxes of state institutions.

“Hacker attacks come from Russian intelligence agencies, which are trying to gain remote access to the computers of Ukrainian government agencies. Then they plan to distort or destroy data, distribute fakes allegedly on behalf of government agencies, as well as discredit the actions of the Ukrainian authorities,” the SBU said, accusing Russia of carrying out coronavirus cyberattacks.

The Department stressed that in January-March, the work of almost two thousand sites that the hackers used to carry out the attacks was stopped. 117 criminal cases were opened. The SBU also sent recommendations to state agencies on compliance with information security.

Earlier, the head of the SBU, Ivan Bakanov, made a proposal to the Council of National Security and Defense of Ukraine to extend sanctions against Odnoklassniki and Vkontakte social networks, as well as other Russian services and programs for another three years.

It is noted that cyber specialists of the SBU analyzed that during the period of sanctions, the number of Ukrainian users in these social networks has decreased by 3 times. And this significantly narrowed down the target audience, to which the information operations of the Russian special services are directed.

“Fakes in countries of established democracy are equated to weapons of mass destruction. A hybrid war continues against Ukraine, and we continue to resist information attacks from the Russian Federation. Therefore, it makes sense to continue the sanctions: this will protect our citizens from fakes and manipulations, and, accordingly, we will preserve the security of the state," said Mr. Bakanov.

It is worth noting that the sites of the Russian antivirus companies Kaspersky Lab and Doctor Web were among the sanctions list.

Police found Ukrainian hackers who insulted Greta Thunberg in Odessa


Attackers broke into the terminal of the Odessa airport and scolded the eco-activist.
Law enforcement authorities in Odessa (Ukraine) said that they found the hackers of the Odessa airport information system, who posted pictures with insulting or obscene language on the organization’s scoreboard against eco-activist Greta Thunberg.

According to police, on February 25, officers with the support of the special forces unit of the National Police of Ukraine searched the houses of the participants and founders of the Ukrainian Cyber Alliance public organization. The search was authorized by a decision of the Odessa court. The seized equipment was sent for examination. Law enforcement officers opened a criminal case on the fact of unauthorized interference in the work of the Odessa terminal. The attackers face imprisonment for a term of three to six years.

Ukrainian Cyber Alliance associates such actions of the National Police of Ukraine with political pressure on its activists.

It is worth noting that the Ukrainian Cyber Alliance is a community of Ukrainian cyber-activists that emerged in the spring of 2016 from the Association of two groups of cyber-activists FalconsFlame and Trinity. Later, a group of cyber activists RUH8 and individual cyber-activists of the CyberHunta group joined the Alliance.

The fact of hacking the Odessa airport information system occurred in October last year. At that time, a new terminal was installed in the renovated hall of the Odessa airport. Hackers posted a photo of the Swedish eco-activist with the inscription "F*** you, Greta" on the new terminal.

Recall that Time magazine awarded 16-year-old Swedish eco-activist Greta Thunberg the title of "Person of the Year". She began her fight for ecology in the late summer of 2018. Every Friday, the girl went on a single picket near the walls of the Swedish Parliament with a poster "School strike for climate", and a year later, similar pickets were staged around the world.

Ukrainian authorities proposed online media to track readers and transfer data to the cyber police


A real scandal began with the rights of journalists, the media and freedom of speech in Ukraine. The Ukrainian cyber police sent a circular to various Internet publications in Ukraine with a proposal to install special software codes on the websites of publications in order to track and identify readers of publications. At the same time, all data must be transmitted to the cyber police of Ukraine.

In the document received by the media, the cyber police proposes to install a special script developed by the Agency on the site of publications, which would allow identifying network users who use a VPN or anonymizer. All data of users of Internet publications who have installed such a code is sent to a special server of this body.

Note that 99.9% of all users of the Ukrainian network use VPN in Ukraine. This is caused by the blocking of all Russian resources by the Ukrainian authorities. In the absence of high-quality Ukrainian services and social networks, Ukrainian citizens continue to use Russian Yandex, Vkontakte, Mail.ru and read Russian media. Obviously, the Ukrainian authorities, on the orders of Vladimir Zelensky, have now decided to identify such citizens.

The cyber police of Ukraine noted that they did not insist on installing such codes but only suggested. At the same time, the Ukrainian cyber police does not see anything shameful in such a proposal but considers it the interaction of the state and the private sector in the field of combating cybercrime.

However, it is important to note that the existence of such a script from the cyber police on Ukrainian media sites is a criminal offense. Such actions of the Ukrainian cyber police violate a number of laws and the Constitution of Ukraine. They violate freedom of speech, freedom of the media, freedom of access and dissemination of information, human rights, processing of personal data, and the presumption of innocence. As well as a number of European and international norms and laws in this area.

Moreover, for a long time, citizens of Ukraine have been asking the President of Ukraine to unblock Russian sites.

Ukrainian government job site posted passport scans of thousands of civil service candidates


Government job site https://career.gov.ua/ published scans of passports and other documents of citizens who registered on the portal to search for work in the government sector. This was announced on January 16 by the Office of the Ombudsman of Ukraine on Facebook.

“A possible leak of personal data of citizens who registered on the site https://career.gov.ua/ with the aim of passing a competition for government service was identified. A copy of the passport and other scanned documents that users uploaded to the Unified Vacancy Portal for public service are in free access," the message said.

It is noted that data leakage became known from posts on Facebook by job seekers in the public sector. So, on January 15 at night in the social network, there were messages from candidates for government posts about publishing scans of their passports, diplomas and other documents. A spokeswoman for the Ukrainian cyber activist community, Ukrainian Cyber Alliance, known as Sean Townsend, filed a complaint with the Ombudsman’s Office.

The press service of the Ombudsman's Office noted that the circumstances of this incident are being established and monitoring is being carried out. However, Ukrainians are afraid that their documents will be used by fraudsters.

"Don't be surprised if a loan is accidentally taken in your name," users write in the comments.
The cybersecurity expert Andrei Pereveziy wrote the following: "Minister Dmitry Dubilet, what about digitalization? Probably, this vulnerability in the framework of #FRD should be demonstrated to the European Ombudsman, so that Europe understands what it supports."

The National Security and Defense Council (NSDC) of Ukraine held an extraordinary meeting of the working group on responding to cyber incidents and countering cyber attacks on state information resources in connection with the leak of data from the Unified Vacancy Portal.
During the meeting, experts noted the need for state authorities to ensure proper cyber protection of their own information systems.

Ukrainian cyber police exposed a fraudulent scheme of financial auctions


Earlier EhackingNews reported that cyber police in the Kharkiv region exposed members of a criminal hacker group who purposefully carried out attacks on private organizations and individuals to illegally gain access to their remote servers. It is established that in this way they managed to hack more than 20 thousand servers around the world.

It turned out that in fact, the cyber police exposed a fraudulent scheme of financial auctions with a monthly turnover of $100 thousand.

According to cyber police, the attackers opened in Kiev several call centers to conduct trading on the world financial markets. They offered their victims to invest money, which in the future, according to them, can bring high profits. Otherwise, they promised to return the invested money.

Scammers created an imitation of trading, appropriating money for themselves. When the client tried to withdraw money, the attackers carried out a number of operations that led to the complete loss of money by the client.

All invested money was credited to the offshore accounts of the attackers. In the end, the income amounted to more than 100 thousand US dollars monthly. The attackers worked on the territory of Ukraine and the European Union. Cyber police identify all victims.

Law enforcement officers raided the offices of fraudsters and seized system units, servers, and mobile phones. During an inspection of this technique, it was found that the attackers also sold illegal drugs. Their sale was carried out in Ukraine and abroad via the Internet. Attackers face up to 12 years in prison and confiscation of property.

It is worth noting that fraud with Bank cards is gaining popularity in Ukraine. A fraudster who stole more than $42 thousand from his victims was detained last month. The man duplicated Bank cards of citizens. Imitating an ATM operation error, he used special manipulations to duplicate the card of the next user of the Bank.

Cyber police in Ukraine caught hackers who hacked tens of thousands of servers around the world


Cyber police in the Kharkiv region exposed members of a criminal hacker group who purposefully carried out attacks on private organizations and individuals to illegally gain access to their remote servers. It is established that in this way they managed to hack more than 20 thousand servers around the world.

According to employees of the Department for Combating Cybercrime, the attackers sold the hacked accesses to customers. In addition, law enforcement identified all members of this group. So, it included three Ukrainian and one foreigner. All of them were well-known participants of hacker forums and carried out orders hacking remote servers located in the territory of Ukraine, Europe and the USA.

Cyber police found that the criminal group had been operating since 2014. Its participants carried out bruteforce attacks on private enterprises and individuals. They used for attacks specialized software that exploited vulnerabilities of Windows-based servers.

It is known that attackers sold some hacked servers to other hackers who used the acquired information for their own purposes, for example, they demanded money from a victim or threatened to debit money from bank cards.

They also used part of the servers for their own purposes: creating botnets for mining, DDoS attacks, installing software command centers for viruses like Stealer, turning them into tools for conducting brute-force attacks on new network nodes.

Cybercriminals received income from their illegal activities on e-wallets. Almost $80,000 was found in some accounts.

To coordinate the actions of all members of the international hacker group, communication between them took place through hidden messengers.

Cyber police together with investigators of the Kharkiv region police conducted searches of the places of residence of the persons involved in the international hacker group. Computer equipment, additional media, draft records, mobile phones and bank cards that were used to commit crimes were seized.

Ukraine to introduce electronic elections following the example of Estonia


The team of the Ukranian president Vladimir Zelensky promised to hold the next presidential elections in Ukraine using Estonia's experience in electronic technologies.

Mikhail Fedorov, advisor to the President of Ukraine on the development of digital technologies, assured that Ukrainians will be able to vote online using the Vote system during the next presidential election as early as 2024.

"We already have The Vote project. It will be surveys at the first stage, through which the President, Prime Minister and others will find out the real opinion of the inhabitants of the country," Fedorov said.

Currently, only one country in the world uses the online voting system in parliamentary elections, it is Estonia. There, the voter is identified using a chip ID card or MobileID, and a PIN code is required to enter the system.

The authorities of Ukraine are going to supplement these opportunities with identification using an electronic signature, Mobile ID and maybe Smart ID for phones. In addition, it is possible to change your choice and vote, as well as check whether the vote is counted correctly when counting votes in the Central Election Commission.

It is known that the widespread introduction of electronic technologies has become a kind of visiting card of Estonia and its know-how in the eyes of the world community.

At the same time, many experts note that the use of the Internet in the elections of authorities is quite controversial because of security problems.

Recall that on July 30, the President of Ukraine Vladimir Zelensky signed a decree on measures to improve access to electronic services in the country. This document introduces a unified web portal of electronic services, where Ukrainians will be able to access information about themselves in the state registers using an electronic cabinet. The decree also approves the conduct of electronic elections and electronic census of the population in Ukraine.

The Dark Side of Kremlin- The Catalogue of Russian Data Leaks: All You Need To Know




Thousands of Russian emails and documents were leaked online in the late January in a catalogue named “The Dark Side of Kremlin”.


The catalogue was published by a “transparency collective” which goes by the name of “Distributed Denial of Secrets”.

DDoS encompasses an anonymous group of journalists, researchers, tech-experts and activists.

The documents contained private information regarding all the major hot-shots of Russia including the politicians, religious figures and the military.

The DDoS say, that their only job is to provide information to those who need it. If the information strengthens suspicions it hardly matters.

They also mentioned that their collection of data including emails, chat logs and attachments were hacked a few years ago by several hacking groups in Russia and Ukraine.

The Cyber Junta, Russian hackers Shaltai-Boltai, Ukrainian Cyber Alliance and other international parties were among the few accused.

The information leaked includes private documents and emails from the Ministry of Defense, the Russian Presidential Administration and other high-level political operatives.

Russia’s Prime Minister Dimitry Medvedev’s phone was hacked and his holiday pictures were uploaded online.

Russian President’s chef who controls companies that cater fancy banquets in Kremlin also lost his private notes to the leak.

The leak also includes the elaborate personal notes made by the chef on conversations between Putin and European leaders from Italy and Britain.

The most revealing hacks were the ones that came from the Russian Presidential Administration, which fairly let the Russian government, be a little more “transparent”.

The leak had details on how the government controls the Russian media and the way it transmits messages etc.

The most concerning part is that no one knows for sure how much and what kinds of information have been laid out bare in the open.

The leaks also provide an insight about the relations between Ukraine and Russia.

The inner-doings of Russia’s proxies and other insidious groups have also been brought into the light.

The DDoS had experienced a wipe on their servers making it imperative for them to upload it soon, in order to prevent the data from being censored.

Reportedly, this leak can’t be considered as a revenge for anything that has happened before, it was just an attempt at transparency.

A lot of the information present in the leaks was already available on the web but a lot of new investigations have been given birth due to this massive leakage.

This Russian document leak has created a paradigm shift in the way countries take their cyber-security seriously.

Analyzing these leaks could possibly lead Russia to adopting a new way of securing the web and its Presidential administration.

The government has already started taking care of its cyber-security vigilantly and all the loop holes will soon be filled up.

NotPetya; a Significantly Greater Danger than Wannacry Malware




With the rising conflict amongst Ukraine and Russia that prompted the killings of more than 10,000 Ukrainians and affected millions more , the Russian hackers, in June 2017 came up with  the most pulverizing cyber security breaches to attack systems of the victims through an encrypted code that ranged from media outlets to railway firms.

Andy Greenberg, author of Sandworm and a senior writer with the WIRED chronicled the birth of this biggest cyber attack , in an excerpt from his book he says,

”For the past four and a half years, Ukraine has been locked in a grinding, undeclared war with Russia that has ultimately led to Ukraine becoming a scorched-earth testing ground for the Russian cyber war tactics. In 2015 and 2016, while the Kremlin-linked hackers known as Fancy Bear were busy breaking into the US Democratic National Committee’s servers, another group of agents known as Sandworm was hacking into dozens of Ukrainian governmental organisations and companies. They successfully managed to penetrate the networks of victims ranging from media outlets to railway firms, detonating logic bombs that destroyed terabytes of data.”

This thought of obliteration brought forth NotPetya, a significantly greater danger to the world than the scandalous Wannacry malware.

Petya is amongst the family of those encrypting ransomware that was first discovered in 2016. It goes for focusing only on Microsoft Windows-based frameworks, infecting the master boot record in the process to execute a payload that encodes a hard drive's file system table thus keeping Windows from booting. At the same time consequently demanding from the user to make a payment in Bitcoin with a specific end goal to recapture access to the system.

NotPetya is simply one more form originating from Petya as both plan to encode the hard drive of infected computers, there exists enough common features between the two.

Now in spite of the fact that NotPetya was focusing on war-ridden Ukraine, the result was felt by the world. The malware could destruct computers, data and wired machines over the world.

In an excerpt from Sandworm published by WIRED, the writer describes how the spread of the malware influenced not simply its expected casualty, i.e. Ukraine, but also machineries all around the world.

The after-effect of this attack was more than $10 billion in aggregation says the Former Homeland Security advisor Tom Bossert, who amid the investigation and analysis of the malware was US President Donald Trump's most senior cyber security-¬focused official. Indeed, even the scandalous WannaCry, that spread a month before NotPetya in May 2017, is assessed to have taken a toll between $4 billion and $8 billion.

Inevitably the attack, which had begun as an impetus to win the war against Ukraine, unequivocally focusing on a few hardware and computers in lodgings, hospitals, government workplaces and many places of importance in the nation, spread like wildfire, wreaking havoc  and causing tremendous destruction across the world.

In any case, even after over a year, the uncouth demonstrations of the NotPetya malware has not been wiped out totally as a few experts assert that the malware still has the potential to emerge as sessions in various parts of the world or even reoccur taking a much bigger frame.
Since the ransomware is digging in for the long haul the admonition pretty much continues as before for the users i.e. not to click on some obscure connections, use of solid and one of a kind passwords, at the same time staying up with the latest reinforcement which requires keeping an up-to-date backup.