Chronicles of Cyber War Russia-Ukraine April 3-9

Source: https://cobaltstrike.net/2022/04/11/chronicles-of-cyber-war-russia-ukraine-april-3-9/

April 9th — FSB detained a resident of Yalta for cyber attacks on Russian information resources

FSB officers detained a resident of Yalta, who is involved in hacker attacks on the websites of Russian information structures.

April 8 — The number of disinformation campaigns on Facebook has increased dramatically

The specialists of Meta (an organization banned in the Russian Federation) reported an increased number of attempts at cyber espionage and disinformation campaigns on the Facebook social network related to the conflict in Ukraine. The Meta security team actively eliminates threats and removes fake news and accounts.

April 8 — Anonymous hackers and the IT ARMY of Ukraine continue to attack Russian government agencies and private businesses. This week, Anonymous hacked several private businesses and leaked their data through the DDoSecrets platform.

The list of recently compromised businesses includes:

  • Forest hacktivists have leaked 37,500 emails stolen from a Russian logging and woodworking company.
  • Aerogas — an engineering company specializing in the oil and gas industry. Clients of Aerogaz are Rosneft, NOVATEK, Volgagaz, Purneft and others. Hacktivists leaked about 100,000 emails from Aerogas.
  • Petrofort —one of the largest office centers and business centers in St. Petersburg. About 300,000 emails from Petrofort have been leaked

April 8 — Microsoft seized domains used by APT28 for attacks on Ukraine

Microsoft has successfully thwarted malicious operations carried out against Ukraine by the APT28 group, linked by Western information security experts with Russian special services. The tech giant gained control over seven domains that are part of the malicious infrastructure.

April 8 — Chinese hackers attacked Ukrainian websites for cyber espionage purposes

On February 23 of this year, Ukrainian websites were attacked by hackers allegedly linked to China. As a representative of Western intelligence told the BBC channel, the cybercriminals’ target was espionage.

6 april – Peskov: Hackers of the Anonymous group could not hack the Kremlin’s video system

The comment by the press secretary of the Russian president came amid reports that the hackers of Thblckrbbtworld, who act on behalf of Anonymous, allegedly gained access to the Kremlin’s video surveillance system.

6 april – The United States has eliminated the Cyclops Blink botnet associated with Russia.

During the operation, specialists copied and removed malware from vulnerable Internet-connected firewalls used by Sandworm as C&C servers for the botnet, notifying their owners beforehand.

6 april – Ukraine warns of attacks aimed at seizing Telegram accounts.

The State Service for Special Communications and Information Protection (SSSI) of Ukraine has recorded a new wave of cyber attacks aimed at gaining access to Telegram user accounts.

April 5 — APT “Armageddon” is aimed at Ukrainian state organizations, warns CERT-UA.

CERT-UA has published a security bulletin warning of phishing attacks carried out by Armageddon APT (also known as Gamaredon, Primitive Bear, Armageddon, Winterflounder or Iron Tilden) aimed at local government organizations. Phishing messages were sent from the address “vadim_melnik88@i[.]ua”, the campaign is aimed at infecting target systems with malware.

April 5 — Roskomnadzor accused Wikipedia of “constant attacks on Russians”

“Recently, Wikipedia has been massively posting materials that spread false information on the subject of a special military operation in Ukraine and the actions of the Armed Forces of the Russian Federation. Wikipedia has become a new line of constant information attacks on Russians.” – the regulator reports.