Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Ukrainian Cyber Security. Show all posts

Ukrainian Police Arrests Suspects Accused of Stealing $4.3M From Victims Across Europe


The Ukrainian police have detained 10 suspects, arresting two for allegedly being involved in a cybercrime group that conducted phishing campaigns and was a part of fraudulent online marketplaces, stealing more than $4.3 million from over 1,000 users across Europe. 

According to Ukraine’s cyber police unit, which collaborated with Czech Republic law enforcement on the bust, the threat group created more than 100 phishing sites to acquire victims’ bank credentials and access to their accounts. 

These websites provided a range of products for sale at discounts from market value. But, instead of obtaining a good price when customers entered their bank card information to pay for the fraudulent products, they had their account information stolen and probably had all of their money stolen from them. 

Additionally, the scammers established two Ukrainian call centers, in Vinnytsia and Lviv, and employed operators to persuade clients to make purchases as part of the scam. Too bad they were not assisting to defend their country instead of taking advantage of people. As per the police report, the victims include individuals from several European countries like the Czech Republic, France, Spain, and Portugal. The threat group scammed the victims of 160 million hryvnias or more, i.e. nearly $4.36 million. 

Following the event of the arrest, the Ukrainian police also shared a video where the police officers were seen busting down doors of a suspect’s residence and an empty call center. 

The law enforcement teams searched the houses, cars, and two call centers of the accused in a total of around 30 searches, seizing mobile phones, SIM cards, and computer hardware involved in illicit activity. 

The two suspected heads of the crime gang are facing up to 12 years in prison on charges of fraud and establishing a criminal organization. The European Union has captured ten more accused gang members, and according to international law enforcement organizations, the investigation is still underway. 

The aforementioned arrest is followed by another call center scan in Europe, that was announced by Europol in January this year. In the case, the European police detained 15 suspects and closed down a multi-country channel of call centers selling fabricated cryptocurrency that the law enforcement claimed to have stolen more than hundreds of million euros from victims.  

Viasat: Acid Rain Virus Disable Satellite Modems

 

The cyberattack which targeted the KA-SAT satellite broadband service to erase SATCOM modems on February 24 used a newly discovered data wiper virus. It impacted thousands in Ukraine and thousands more across Europe. 

A cybersecurity firm, SentinelOne, claims to have discovered a malware sample, which disrupted internet connectivity on February 24. The malware, called AcidRain, which was also likely utilized in the Viasat breach, is a Unix executable application which is meant to attack MIPS-based devices. This could indicate the attackers' lack of experience with the filesystem and firmware of the targeted devices, or their desire to create a reusable tool.

The same sample came from SkyLogic, the Viasat operator in charge of the damaged network, which is also situated in Italy. The software sample was also tagged with the moniker "ukrop," which could be a reference to the Ukraine Operation. 

The researchers underscored that Viasat did not offer technical indicators of compromise or a detailed incident response report. Instead, rogue commands damaged modems in Ukraine and other European countries, according to the satellite industry. The SentinelOne duo were perplexed as to how valid orders could produce such mayhem in the modem, "scalable disruption is more feasibly performed by delivering an update, script, or executable," they added. 

The program wipes the system and various storage device files completely. AcidRain executes an initial repetitive replacement and removal of non-standard files in the filesystem if the malware is launched as root "Juan Andres Guerrero-Saade and Max van Amerongen," SentinelOne threat experts, revealed. 

The wipers overwrite file structures with up to 0x40000 bytes of data or utilize MEMGETINFO, MEMUNLOCK, MEMERASE, and MEMWRITEOOB input/output control (IOCTL) service calls to erase data on compromised devices. 

The fact Viasat has supplied nearly 30,000 modems to get clients back online since the February 2022 attack and is still shipping more to speed up service restoration, suggests that SentinelOne's supply-chain threat scenario is correct. The IOCTLs used by this virus also resemble those used by the VPNFilter malware 'dstr' wiper plugin, a destructive program linked to Russian GRU hackers. 

The Ukrainian Computer Emergency Response Team recently stated a data wiper known as DoubleZero had been used in assaults on Ukrainian businesses. On the same day that Russia invaded Ukraine, they discovered IsaacWiper, a data wiper, and HermeticWizard, a new worm which dropped HermeticWiper payloads. ESET has discovered a fourth data-destroying malware strain called CaddyWiper, which wipes data across Windows domains and eliminates user data and partition information from associated drivers. 

Microsoft discovered a sixth wiper, now known as WhisperGate, in mid-January, which was being used in data-wiping attacks targeting Ukraine while masquerading as ransomware.

Moscow Exchange Downed by Cyber-Attack

 

On Monday morning, the website for the Moscow Stock Exchange went down, becoming inaccessible. 
The Ukraine crowdsourced community of hackers operated by the Kyiv officials took responsibility for the outage in a message posted to Telegram while claiming the responsibility behind the attack.  

According to the officials early on Monday, the Kyiv officials called on its IT army members to launch attacks on the website. Following the attack, on Telegram, the IT Army claimed that it took only five minutes to knock the site down. However, as of now, its claims could not be verified. 

NetBlocks, a global internet connectivity tracking company reported that the site went offline on early Monday. However, the root cause behind the incident is still unknown. Mykhailo Fedorov, Ukraine’s deputy prime minister made a formal public statement on the incident and celebrated the formation of the IT army on Facebook. “The mission has been accomplished! Thank you!” the statement read. 

Also, last week Mykhailo Fedorov announced the formation of the IT Army and listed names of prominent Russian websites that the state-sponsored hackers could look to attack. 

In the middle of Monday afternoon, Sberbank, Russia’s largest lender website also went offline. The outage was reported by NetBlocks and celebrated by Fedorov, who declared: “Sberbank fell!” on social media. 

Further, Bloomberg reports that depositary receipts for Sberbank of Russia PJSC sank as much as 77%, while Gazprom PJSC dropped by 62%. 

Following the ongoing Russian war in Ukraine, the cyber threat Intelligence in their latest reports explained threats on cyberspace while saying that the outcome of this will affect every nation in the coming days, not just Ukraine. For now, the current situation changes the cybersecurity picture and worries the nations with the latest developments in cyberspace. 

Ultimately, critical infrastructures like power, banking, military infrastructures, and telecom are being targeted by the state actors, and the assets of several countries are increasingly coming under its grip. The US and UK have already issued warnings of potential cyber-attacks coming in the backdrop of the Russian military invasion in Ukraine.

Ukraine: DDoS Attacks on State Websites Continue

 

Since February 23, some Ukrainian government websites have been subjected to DDoS attacks: web resources of the Ministry of Defense, the Verkhovna Rada of Ukraine, the Ministry of Foreign Affairs and others have suffered interruptions. 

The Insider publication (the organization is included in the list of foreign agents by the Ministry of Justice of Russia), referring to the data of the independent cyber analyst Snorre Fagerland, stated that the hacker group ART23 (Fancy Bear), which is attributed to links with the Main Intelligence Directorate of the Russian Federation, was behind the attacks. 

However, Igor Bederov, head of the Information and Analytical Research Department at T.Hunter, called this statement a provocation. "The investigation of a cyberattack (attribution) is a long and complex process that cannot be carried out from beginning to end in hours. Analysis of hacker software and malicious code is always a long and painstaking process," Mr. Bederov said. 

According to him, even if traces leading to Fancy Bear were indeed found, it's still impossible to say that this particular group was behind the attack. Mr. Bederov thinks that other hackers could have also taken advantage of the malware previously used by Fancy Bear. It's possible because hacker tools are openly resold on the Darknet. 

"Primary attribution is based on matching the hacker code used in today's attack with the code used in yesterday's attack, as well as special characters specific to a language group. This approach is fundamentally wrong, because the code can be stolen or bought, and the linguistic features can be imitated," said the expert. 

Mr. Bederov also noted that within the framework of pro-state activity, mainly Chinese groups like to engage in substitution of attribution. In addition, according to him, the NATO cyber intelligence center located in Tallinn was previously noticed for the substitution of attribution. 

Earlier it was reported that DDoS attacks on the website of the Ministry of Defense of Ukraine could have been deliberately set up by the United States. Earlier, Viktor Zhora, Deputy Chairman of the State Service for Special Communications and Information Protection of Ukraine, said that the government of Ukraine is ready for the scenario of forced destruction of secret data on servers. According to him, the authorities do not want to take risks and are not going to leave documentation and detailed information about the population of Ukraine to the enemy. 

He also said that if Russia gets access to government passwords, Ukrainian specialists "will quickly block access to hacked accounts."

United States and Britain have sent specialists to Ukraine to prevent Russian cyber attacks

US intelligence believes that Russia, instead of invading Ukrainian territory, can carry out a cyberattack that will disable the power grid, banking system and "other important components of the economy and government of Ukraine." To prevent this, the United States and the United Kingdom sent cybersecurity experts to Ukraine.

According to the New York Times newspaper, citing US intelligence assessments, Russia would thus try to expose Ukrainian President Vladimir Zelensky as "inept and defenseless, and possibly provide a pretext for an invasion."

It is not specified how many people are included in this group. In addition, the US authorities are also considering the possibility of attracting the resources of the US Cyber ​​Command.

One of the representatives of American intelligence explained that conducting a cyberattack "will not require the occupation" of Ukraine, and can also help Russia avoid sanctions that "almost certainly will follow" in the event of an invasion. The sources of the publication believe that the Russian side may carry out a cyberattack after Orthodox Christmas, at the end of the first week of January.

Washington has not officially confirmed the information about sending a team of specialists. The US administration stated that it "has long supported Ukraine's efforts to strengthen cyber defense and increase its cyber resilience."

The media wrote that the United States expects 175 thousand Russian troops to attack Ukraine in early 2022. Russian President Vladimir Putin, commenting on this topic, said that Moscow pursues a peaceful foreign policy, but has the right to protect its security.

The press secretary of the President of the Russian Federation Dmitry Peskov stated that Russia moves troops within its territory and at its discretion. According to him, this does not threaten anyone and should not worry anyone.

Ukraine legalized cryptocurrency

The Verkhovna Rada of Ukraine adopted the bill "On virtual assets", which will legalize cryptocurrency and virtual hryvnia.

The bill on its legal use for settlement operations was supported by 276 deputies, six voted against, 71 deputies abstained. The document regulates the circulation of virtual assets in the country, which allows market participants to use banking services, pay taxes on income from "crypto", as well as receive legal protection in courts in case of violation of rights.

According to the Telegram channel of the Rada, the purpose of the law is a comprehensive regulation of relations arising during the circulation and conclusion of transactions with digital currency, as well as ensuring a unified approach to the organization of cryptocurrency trading.

Owners of cryptocurrencies will receive a number of benefits. Due to the fact that there will be a legislative regulation of this area, they will at least be able to protect their fortune in virtual assets if something happens.

They will also be able to legally exchange crypto assets, declare them. This process will be absolutely legal. In addition, it is expected that a whole market of intermediary services will appear for paying for goods with cryptoassets, their storage, exchange. This will expand the possibilities of their use.

The new law will make virtual assets an absolutely legal and familiar phenomenon for the authorities and society.

It should be noted that in September last year, the government of Ukraine stated that the country has the highest level of use of virtual assets by the population in the world.

Earlier, E Hacking News reported that, according to the First Deputy Chairman of the Bank of Russia, Blockchain is not a panacea, and cryptocurrency is not money. So, the Central Bank of Russia is not going to change its negative attitude to these assets.

El Salvador was the first country in the world to recognize bitcoin. The relevant law entered into force there on September 7. Now it will be possible to pay with cryptocurrency along with dollars.


The National Security and Defense Council of Ukraine announced the imminent creation of cyber forces in the country

Secretary of the National Security and Defense Council (NSDC) Alexey Danilov said that in the near future, President of Ukraine Vladimir Zelensky may sign a decree on the creation of cyber forces in the country.

According to Danilov, this issue was discussed earlier on Friday at a closed meeting of the NSDC.

"I can say that this decision was unanimously supported by all 21 members who attended the meeting. I think there will be a presidential decree about it in the near future. You will hear from the president," he said.

Alexey Podberezkin, Director of the Center for Military and Political Studies of Moscow State Institute of International Relations (MGIMO), and political scientist Ivan Mezyuho commented on the possibility of creating national cyber forces in Ukraine.

"Programmers who were at a high level have now turned into semi-hackers, and the remnants of this potential, including military-technical, are in fact looted. Therefore, I do not really understand how this can be done in Ukraine. Moreover, Ukraine does not produce its own software,” Podberezkin explained.

In turn, Ivan Mezyuho expressed the opinion that the creation of cyber forces in Ukraine is likely to be funded or supervised by the United States.

He also added that such forces will be financed with the help of Ukrainian taxpayers.

In addition, a similar opinion was expressed by the Russian political scientist Bogdan Bezpalko. According to him, the appearance of special units for actions in cyberspace as part of the Armed Forces of Ukraine (AFU) is due to the anti-Russian course of Kiev.

"This kind of troops will be directed primarily against Russia, the Donbas and the Crimea, based on the political course pursued by the President of Ukraine, Vladimir Zelensky," Mr. Bezpalko said.

In his opinion, the organization of cyber troops will require significant financial resources, which can be partially allocated by Western "curators of Ukraine and Zelensky personally".

Recall that in February 2019, the Verkhovna Rada announced the actual creation of cyber forces. The NSDC of Ukraine noted that the cyber forces will become part of the Armed Forces of Ukraine (AFU).

Ukrainian police arrested members of a well-known cyber ransomware group

Members of the Egregor group, which provides the service using the Ransomware-as-a-Service (RaaS) model, have been arrested by the Ukrainian police.

The arrest is the result of a joint operation of the French and Ukrainian law enforcement systems. The names of the arrested citizens were not disclosed, but it is known that they provided logistical and financial support for the service.

It is worth noting that this ransomware has been active since the fall of 2020 and works according to the Ransomware-as-a-Service (RaaS) model. That is, the authors of the malware rent it out to other criminals, who are already hacking companies, stealing data, encrypting files, and then demanding a “double ransom” from victims (for decrypting files, as well as for not disclosing the data stolen in the process of hacking).

If the victims pay a ransom, the group that organized the hack keeps most of the funds, and the developers of Egregor receive only a small share. The attackers laundered funds through the Bitcoin cryptocurrency.

Those arrested are suspected, among other things, of providing such financial schemes.

According to Allan Liska, a cybersecurity researcher at Recorded Future, Recorded Future has discovered that the Egregor infrastructure, including the site and the management and control infrastructure, has been offline since at least Friday (February 12).

The French side joined the investigation after the Egregor software was used in attacks on the computer game developer Ubisoft and the logistics organization Gefco in 2020.

Although the Egregor system based on the RaaS model was launched in September 2020, a number of cybersecurity experts believe that the service operators are the well-known cyber ransomware group Maze.

The largest international phishing center has been blocked in Ukraine

As a result of an international special operation, the Office of the Prosecutor General of Ukraine has stopped the activity of one of the world's largest phishing services for attacks on financial institutions in different countries.

The Prosecutor's Office said that as a result of the work of the phishing center, banks in 11 countries - Australia, Spain, the United States, Italy, Chile, the Netherlands, Mexico, France, Switzerland, Germany and the United Kingdom - were affected. According to preliminary data, the losses reach tens of millions of dollars.

It is reported that a hacker from Ternopil developed a phishing package and a special administrative panel aimed at the web resources of banks and their clients.

"The admin panel allowed to control the accounts of users who registered on compromised resources and entered their payment data, which were later received by the fraudsters. He created his own online store on the DarkNet network to demonstrate the functionality and sell his developments," the Prosecutor's Office explained the algorithm of the center's functioning.

More than 200 active buyers of malicious software were found.

According to the investigation, the hacker did not only sell their products but also provide technical support in the implementation of phishing attacks.

"According to the results of the analysis of foreign law enforcement agencies, more than 50% of all phishing attacks in 2019 in Australia were carried out with the help of the development of the Ternopil hacker," said the Department.

A criminal case has been opened on this fact under the article on unauthorized interference in the operation of computers, automated systems, computer networks, or telecommunications networks, as well as the creation of harmful software products for the purpose of using, distributing, or selling them.

Earlier, the deputy director of the National Coordination Center for Computer Incidents (NCCI), Nikolai Murashov, said that the United States had placed hackers in Montenegro and Ukraine. This was done allegedly under the pretext of protecting the elections.


Pavel Durov's team advised the Ministry of Finance of Ukraine on cryptocurrencies.

 The Minister of Digital Transformation Mikhail Fedorov said that his department is in contact with the team of the developer of the Telegram messenger Pavel Durov.

According to Fedorov, he is familiar with Durov's team. Employees of the Ministry of Digital Transformation received advice on bills related to virtual assets and cryptocurrency

"I know Durov's team. I know all its management, we communicate, consult even on bills related to cryptocurrency, virtual assets, and so on."

The Minister said that he actively uses the Telegram messenger for fast communications. However, the information exchanged by officials is protected as much as possible, and all documents pass through electronic document management.

"Of course, questions of national importance do not need to be sent in messengers, this is understandable," added Mikhail Fedorov.

Answering the question about which of the messengers is the safest for him, the head of the Ministry of Digital Transformation noted that he most often uses Telegram and WhatsApp.

Recall that on December 2, the Verkhovna Rada of Ukraine in the first reading adopted as a basis the draft law "On virtual assets" regulating operations with cryptocurrencies in the country. The bill classifies virtual assets (VA) as an intangible good.

The function of the market regulator is assigned to the Ministry of Digital Transformation, and in some cases to the National Bank and the National Commission on Securities and Stock Market.

According to experts, the daily volume of cryptocurrency transactions in Ukraine is about $150-200 million. One of the authors of the document, Deputy Oleksiy Zhmerenetsky, noted that the bill will allow cryptocurrency companies to pay taxes and allow specialized foreign firms to cooperate with Ukrainian banks and invest in the industry.

Ukraine did not follow the Russian path of banning virtual assets, because this market is a growth point for Ukraine's GDP and an opportunity to become one of the world's technology leaders. In addition, it makes no sense to prohibit something that is technically impossible to control, as we have already seen in the case of blocking Telegram in Russia.

Recall that Roskomnadzor has added the site of the Binance crypto exchange to the list of banned sites in Russia.

A major Ukrainian IT company has revealed details of the hacker attack

Ukrainian IT company SoftServe has issued an official statement about the recent hacker attack, in which it gave details of the incident and said that its investigation is still ongoing.

As a reminder, in early September SoftServe underwent a hacker attack during which client data, including the source code of a number of developments, were stolen. Later, another confidential data appeared on the network, including scanned copies of internal and foreign passports of company employees.

"As we reported earlier, SoftServe experienced a cybersecurity incident on Tuesday, September 1. It was a complex, multi-step and targeted attack against our company. As a result of the attack, the company's mail server was damaged, a number of corporate services were disabled, and the internal file server was compromised,” noted SoftServe.

The attackers managed to download fragments of various information, and in order to put pressure on the company, they made them publicly available.  SoftServe expects new incidents and declares its readiness for them.

"We expect that new data can be published again and are ready for it. Such actions of attackers, as well as various kinds of provocations and the spread of fakes to escalate the situation are a common tactic in hacker attacks. As noted earlier, SoftServe managed to localize the attack within a few hours after the attack and our team quickly restored the operation of corporate systems that function normally,” noted the company on its Facebook page.

The company also said that SoftServe is currently operating normally and has a "clear plan to deal with the consequences" of the incident. The company promises technical, legal, financial, and other assistance to anyone who suffered from the attack.

SoftServe has engaged one of the world's cybersecurity experts to independently investigate the incident.

The National Security and Defense Council of Ukraine reported a leak of IP addresses of government websites


The leaked list of hidden government IP addresses of government websites occurred in Ukraine. This is stated in the statement of the National Security and Defense Council (NSDC).

It is noted that specialists of the National Cyber Security Coordination Center under the National Security and Defense Council of Ukraine have found in the DarkNet a list of almost 3 million sites using the Cloudflare service to protect against DDoS and a number of other cyberattacks. The list contains real IP-addresses of sites that are under threat of attacks on them.

"The list contains real IP addresses of sites, which creates threats to direct attacks on them. Among these addresses are 45 with the domain" gov.ua" and more than 6,500 with the domain "ua", in particular, resources belonging to critical infrastructure objects",  specified in the message on the official website of the NSDC.

According to Ukrainian experts, some data on Ukrainian sites are outdated, and some are still relevant. In this regard, according to the NSDC, there is a threat to the main subjects of cybersecurity.

It was found that Cloudflare provides network services to hide real IP addresses to mitigate DDoS attacks.

In January of this year, the national police of Ukraine opened criminal proceedings due to a hacker attack on the website of Burisma Holdings. According to Assistant to the Interior Minister Artem Minyailo, the attack "was most likely carried out in cooperation with the Russian special services." To conduct an investigation, Ukraine turned to the US Federal Bureau of Investigation.

In May 2020, representatives of the state service for special communications and information protection of Ukraine announced hacker attacks on the websites of state bodies of Ukraine, including the portal of the office of President Vladimir Zelensky. In the period from 6 to 12 may, more than 10.9 thousand suspicious actions were recorded on state information resources.

In Ukraine, a world-famous hacker has been detained


The press center of the Security Service of Ukraine announced the arrest of a world-famous hacker who operated under the nickname Sanix. Last January, Forbes, The Guardian, and Newsweek wrote about the cybercriminal. TV channel Italia 1 dedicated a separate story to it since the database put up for sale by an unknown person was the largest in the history of the stolen database.

The hacker Sanix turned out to be a 20-year-old resident of the small town of Burshtyn. The guy graduated from high school and college, has no higher education.

At the beginning of last year, Sanix attracted the attention of the world's leading cybersecurity experts. On one of the forums, a hacker posted an ad for the sale of a database with 773 million email addresses and 21 million unique passwords. According to the portal Wired, this event should be considered the largest theft of personal data in history.

SBU experts claim that the hacker also sold pin codes for bank cards, electronic wallets with cryptocurrency and PayPal accounts.

During the searches, computer equipment with two terabytes of stolen information, phones with evidence of illegal activity and cash from illegal operations in the amount of $7,000, and more than $3,000 were seized from a hacker.

The National Police of Ukraine added that the 87 GB database proposed by the hacker makes up only a small part of the total amount of data that he possessed. More than 3 TB of such databases, uploaded and broken passwords were found at the hacker. This includes the personal and financial data of EU citizens and the United States.

Sanix himself in private correspondence with a BBC journalist noted that he was only a salesman. Sanix said that poverty in the country and an urgent need for money motivated him to become a cybercriminal.

The Security Service of Ukraine (SBU) counted more than 100 cyberattacks on government websites


The SBU has neutralized 103 cyberattacks on information resources of state authorities since the beginning of the year.

According to the Agency, since March, a significant number of attacks take place against agencies that ensure the fight against coronavirus. The SBU reported that hackers send emails with malicious software code to the mailboxes of state institutions.

“Hacker attacks come from Russian intelligence agencies, which are trying to gain remote access to the computers of Ukrainian government agencies. Then they plan to distort or destroy data, distribute fakes allegedly on behalf of government agencies, as well as discredit the actions of the Ukrainian authorities,” the SBU said, accusing Russia of carrying out coronavirus cyberattacks.

The Department stressed that in January-March, the work of almost two thousand sites that the hackers used to carry out the attacks was stopped. 117 criminal cases were opened. The SBU also sent recommendations to state agencies on compliance with information security.

Earlier, the head of the SBU, Ivan Bakanov, made a proposal to the Council of National Security and Defense of Ukraine to extend sanctions against Odnoklassniki and Vkontakte social networks, as well as other Russian services and programs for another three years.

It is noted that cyber specialists of the SBU analyzed that during the period of sanctions, the number of Ukrainian users in these social networks has decreased by 3 times. And this significantly narrowed down the target audience, to which the information operations of the Russian special services are directed.

“Fakes in countries of established democracy are equated to weapons of mass destruction. A hybrid war continues against Ukraine, and we continue to resist information attacks from the Russian Federation. Therefore, it makes sense to continue the sanctions: this will protect our citizens from fakes and manipulations, and, accordingly, we will preserve the security of the state," said Mr. Bakanov.

It is worth noting that the sites of the Russian antivirus companies Kaspersky Lab and Doctor Web were among the sanctions list.

Ukrainian authorities proposed online media to track readers and transfer data to the cyber police


A real scandal began with the rights of journalists, the media and freedom of speech in Ukraine. The Ukrainian cyber police sent a circular to various Internet publications in Ukraine with a proposal to install special software codes on the websites of publications in order to track and identify readers of publications. At the same time, all data must be transmitted to the cyber police of Ukraine.

In the document received by the media, the cyber police proposes to install a special script developed by the Agency on the site of publications, which would allow identifying network users who use a VPN or anonymizer. All data of users of Internet publications who have installed such a code is sent to a special server of this body.

Note that 99.9% of all users of the Ukrainian network use VPN in Ukraine. This is caused by the blocking of all Russian resources by the Ukrainian authorities. In the absence of high-quality Ukrainian services and social networks, Ukrainian citizens continue to use Russian Yandex, Vkontakte, Mail.ru and read Russian media. Obviously, the Ukrainian authorities, on the orders of Vladimir Zelensky, have now decided to identify such citizens.

The cyber police of Ukraine noted that they did not insist on installing such codes but only suggested. At the same time, the Ukrainian cyber police does not see anything shameful in such a proposal but considers it the interaction of the state and the private sector in the field of combating cybercrime.

However, it is important to note that the existence of such a script from the cyber police on Ukrainian media sites is a criminal offense. Such actions of the Ukrainian cyber police violate a number of laws and the Constitution of Ukraine. They violate freedom of speech, freedom of the media, freedom of access and dissemination of information, human rights, processing of personal data, and the presumption of innocence. As well as a number of European and international norms and laws in this area.

Moreover, for a long time, citizens of Ukraine have been asking the President of Ukraine to unblock Russian sites.

Ukrainian government job site posted passport scans of thousands of civil service candidates


Government job site https://career.gov.ua/ published scans of passports and other documents of citizens who registered on the portal to search for work in the government sector. This was announced on January 16 by the Office of the Ombudsman of Ukraine on Facebook.

“A possible leak of personal data of citizens who registered on the site https://career.gov.ua/ with the aim of passing a competition for government service was identified. A copy of the passport and other scanned documents that users uploaded to the Unified Vacancy Portal for public service are in free access," the message said.

It is noted that data leakage became known from posts on Facebook by job seekers in the public sector. So, on January 15 at night in the social network, there were messages from candidates for government posts about publishing scans of their passports, diplomas and other documents. A spokeswoman for the Ukrainian cyber activist community, Ukrainian Cyber Alliance, known as Sean Townsend, filed a complaint with the Ombudsman’s Office.

The press service of the Ombudsman's Office noted that the circumstances of this incident are being established and monitoring is being carried out. However, Ukrainians are afraid that their documents will be used by fraudsters.

"Don't be surprised if a loan is accidentally taken in your name," users write in the comments.
The cybersecurity expert Andrei Pereveziy wrote the following: "Minister Dmitry Dubilet, what about digitalization? Probably, this vulnerability in the framework of #FRD should be demonstrated to the European Ombudsman, so that Europe understands what it supports."

The National Security and Defense Council (NSDC) of Ukraine held an extraordinary meeting of the working group on responding to cyber incidents and countering cyber attacks on state information resources in connection with the leak of data from the Unified Vacancy Portal.
During the meeting, experts noted the need for state authorities to ensure proper cyber protection of their own information systems.

Hackers from Russia hacked the Ukrainian gas company Burisma


Russian hackers in November 2019 attacked the Ukrainian energy company Burisma in order to gain potentially compromising information about former US Vice President Joe Biden and his son Hunter.

Starting in November 2019, a series of phishing attacks were carried out to gain access to the usernames and passwords of employees of Burisma, as well as other companies belonging to Burisma Holdings. According to an American cybersecurity company Area 1, hackers allegedly linked to the GRU and members of the Fancy Bear group, also known as Sofacy and APT28, are behind these attacks.

It is known that hackers managed to hack the accounts of some employees and thus gain access to one of the company's servers. Experts said that the timing and scale of the attacks suggest that hackers may have been looking for potentially compromising material about the former US Vice President and his son, who was part of the leadership of Burisma.

According to experts from Area 1, the tactics of Russian hackers, are strikingly similar to the hacking of the servers of the National Committee of the Democratic Party of the United States during the 2016 presidential campaign, for which the American special services also blame Russia. Then, as now, Russian hackers used phishing emails.

The story involving the son of Joe Biden in the work of Burisma caused of a loud political scandal in the United States. In this regard, an investigation was launched to impeach President Donald Trump.
In particular, it was pointed out that Trump, during his July phone conversation with his Ukrainian president Vladimir Zelensky, asked him to resume the investigation into Burisma, with which Joe Biden and his son were associated. Moreover, Trump threatened to freeze military aid to Kiev.

Cyber police in Ukraine caught hackers who hacked tens of thousands of servers around the world


Cyber police in the Kharkiv region exposed members of a criminal hacker group who purposefully carried out attacks on private organizations and individuals to illegally gain access to their remote servers. It is established that in this way they managed to hack more than 20 thousand servers around the world.

According to employees of the Department for Combating Cybercrime, the attackers sold the hacked accesses to customers. In addition, law enforcement identified all members of this group. So, it included three Ukrainian and one foreigner. All of them were well-known participants of hacker forums and carried out orders hacking remote servers located in the territory of Ukraine, Europe and the USA.

Cyber police found that the criminal group had been operating since 2014. Its participants carried out bruteforce attacks on private enterprises and individuals. They used for attacks specialized software that exploited vulnerabilities of Windows-based servers.

It is known that attackers sold some hacked servers to other hackers who used the acquired information for their own purposes, for example, they demanded money from a victim or threatened to debit money from bank cards.

They also used part of the servers for their own purposes: creating botnets for mining, DDoS attacks, installing software command centers for viruses like Stealer, turning them into tools for conducting brute-force attacks on new network nodes.

Cybercriminals received income from their illegal activities on e-wallets. Almost $80,000 was found in some accounts.

To coordinate the actions of all members of the international hacker group, communication between them took place through hidden messengers.

Cyber police together with investigators of the Kharkiv region police conducted searches of the places of residence of the persons involved in the international hacker group. Computer equipment, additional media, draft records, mobile phones and bank cards that were used to commit crimes were seized.

The guards at the Ukrainian nuclear power plant mined cryptocurrency and divulged state secrets


The attackers used the resources of the South Ukrainian nuclear power plant for mining digital currency. The Security Service of Ukraine (SBU) stopped the activity of criminals.

Agents of the SBU, checking objects of the nuclear power plant, found computer equipment, illegally connected to the systems for mining. On July 10, the employees of the Department searched and seized the media converter, fiber optic and part of the network cable.

It’s important to note that information about the physical protection of the station, which is a state secret, leaked to the network due to the unauthorized placement of computer equipment in the territory of a nuclear power plant.

Specialists of the Security Service of Ukraine have information according to which members of the National Guard of Ukraine may be involved in illegal mining. The SBU has achieved the initiation of criminal proceedings against them.

It is an interesting fact that recently it became known that in Ukraine the authority that controls the quality of equipment for the South Ukrainian nuclear power plant since 1992 will be eliminated. Employees of the structure carried out examinations, as well as participated in tests of the equipment.

The decision was made after the evaluation of the enterprise. The work of the center was deemed ineffective.

However, it can be assumed that this is due to the fact that someone was mining cryptocurrency on the territory of the South Ukrainian nuclear power plant.

In addition, this week the police discovered an underground farm for the production of cryptocurrency in Ingushetia. Its owners were engaged in illegal and unaccounted electricity consumption. During the inspection of this room, law enforcement officers found that more than 1.5 thousand devices for receiving crypto currency, a laptop, two system units, a video recorder of a video surveillance system, as well as two transformer points with a capacity of 1.6 thousand kW each were connected to the power supply system without appropriate documentation.

Recall that in May 2018 it became known that the police in the Ukrainian city Rovno were mining cryptocurrency directly at the workplace. Since Ukraine does not have legislation regulating the circulation and mining of cryptocurrencies, an investigation was conducted into the theft of electricity.

This was not the first case of using the official position for cryptocurrency mining. In September 2017, Crimean government officials were fired for mining bitcoins in the workplace, and on February 2018 it became known that employees of the Ministry of Finance of Kazakhstan used office computers and department servers for cryptocurrency mining.

Ukraine to introduce electronic elections following the example of Estonia


The team of the Ukranian president Vladimir Zelensky promised to hold the next presidential elections in Ukraine using Estonia's experience in electronic technologies.

Mikhail Fedorov, advisor to the President of Ukraine on the development of digital technologies, assured that Ukrainians will be able to vote online using the Vote system during the next presidential election as early as 2024.

"We already have The Vote project. It will be surveys at the first stage, through which the President, Prime Minister and others will find out the real opinion of the inhabitants of the country," Fedorov said.

Currently, only one country in the world uses the online voting system in parliamentary elections, it is Estonia. There, the voter is identified using a chip ID card or MobileID, and a PIN code is required to enter the system.

The authorities of Ukraine are going to supplement these opportunities with identification using an electronic signature, Mobile ID and maybe Smart ID for phones. In addition, it is possible to change your choice and vote, as well as check whether the vote is counted correctly when counting votes in the Central Election Commission.

It is known that the widespread introduction of electronic technologies has become a kind of visiting card of Estonia and its know-how in the eyes of the world community.

At the same time, many experts note that the use of the Internet in the elections of authorities is quite controversial because of security problems.

Recall that on July 30, the President of Ukraine Vladimir Zelensky signed a decree on measures to improve access to electronic services in the country. This document introduces a unified web portal of electronic services, where Ukrainians will be able to access information about themselves in the state registers using an electronic cabinet. The decree also approves the conduct of electronic elections and electronic census of the population in Ukraine.