Search This Blog

Powered by Blogger.

Blog Archive

Labels

A US Cyber Team's Perspective on US Military Cyber Defense of Ukraine

The official stated that Russian intelligence agencies or state-sponsored groups commit the majority of cyberattacks on Ukraine.

 


Despite analysts' numerous predictions, Russia could not destroy Ukraine's computer systems in this year's invasion with a massive cyber-attack. This may be because an unknown US military branch hunts down rivals online to enforce their interests. To cover these global missions, the BBC was granted exclusive access to the cyber-operators who carried them out. 

The US military landed in Ukraine in December last year on a recon mission led by a young major who led a small team. There were plans to deploy more troops ahead of this deployment. 

On Thursday, the Ukrainian government's premier counterintelligence and law enforcement agency revealed the real identities of five individuals allegedly involved in cyber-espionage activities attributed to the Gamaredon cyber-espionage group. According to the agency, these members are connected to the Russian Federal Security Service (FSB). 

It has been apparent in recent months that Gamaredon is very active in the threat actor community. When you open Twitter and type in #Gamaredon, you'll find several tweets a week with updated information on the IOC and samples it has created. 

Gamaredon Group is another advanced persistent threat (APT) group targeting the Ukrainian government today. It is also known as Shuckworm, Iron Tilden, Primitive Bear, Winter Flounder, and Accinium. 

A common attack tool is phishing emails with attachments of Microsoft Office documents. These emails can be used to gain access to the victim's system through initial attacks using phishing emails. 

In recent months, there have been reports of Russian troops amassing along the Ukrainian border, raising fears of war breaking out. As much as Russia denies any plans to invade, it demands sweeping security guarantees, including a guarantee that NATO will never admit the Ukrainians to NATO. 

The Ukrainian security services, who believed that the act of terrorism had been committed by officers of the Russian Federal Security Service from Crimea, publicly attributed the act of terrorism to Gamaredon in November. An online comment request was sent to the Russian Embassy in Washington regarding Gameredon; however, there was no immediate response from the Russian Embassy. 

A spokesperson for Ukraine's Security Service (SSU) said in a statement today that the hacker group had been depicted as "an FSB special project that specifically targeted Ukraine," at the same time confirming that many of the perpetrators of the hack were "Crimean FSB officers and traitors who defected to the enemy during the occupation of the peninsula in 2014." 

According to the country's authorities, over 1,500 government entities, public entities, and private enterprises have been targeted by actors in the past seven years in Ukraine. This group aims to gather intelligence, disrupt operations, and take control of critical infrastructure facilities to collect critical data. 

Between 2020 and the present, Malwarebytes has identified five operations that have taken place. They were victims of armed clashes between Russian-aligned individuals and Ukrainian citizens who had taken part in the discredited referendums called for by Moscow on September 2022. These referendums were called for in the Ukrainian territories of Luhansk, Donetsk, Zaporizhzhia, and Kherson. In the Dnepropetrovsk, Lugansk, and Crimea regions, there has been a massive outbreak of infections in state, agricultural, and transportation ministries. 

Ukrainian intelligence agencies track Armageddon, a threat group that launched the attacks, as responsible for the attacks. While it is known by the names Gamaredon, Primitive Bear, Winterflounder, BlueAlpha, Blue Otso, Iron Tilden, and Sector C08 in the cybersecurity community, it operates by many other names as well. 

Several campaigns in eastern Ukraine involved Malwarebyte attackers exfiltrating snapshots, USB flash drives, keyboard strokes, and microphone recordings, depending on the campaign. 

On Wednesday, Anne Neuberger, a White House cyber official, said Russia could destabilize and invade Ukraine using cyberattacks. 

In early 2013, it appeared that Russia had sponsored the Gamaredon Group, which is a misspelled anagram of the word "armageddon" and has been sporadically perpetrating cyberattacks on Ukrainian military, government, and non-profit organizations since then. 

Threat actors leverage legitimate Microsoft® Office documents to inject remote templates into legitimate Microsoft® Office documents. The technique works even when Microsoft® Word security features have been turned on. There is a way to bypass Microsoft Word macro protections, which are designed to prevent attackers from compromising sensitive systems with malware, infecting them with the infection, accessing the data, and then spreading the infection to other systems.
Share it:

Cyber Attacks

Cyber-Espionage

Cybercrimes

Cybersecurity

FSB

Microsoft

Military Cyber Defense

Ukraine