The army of hackers targeting Russia

The army of hackers targeting Russia

Orders are given with the precision of a clock. Every day, often around five in the morning local time, the Telegram channel hosting the Ukrainian "hacker army" receives a new list of targets. Since the start of the war, the group of volunteers has been knocking out Russian sites using waves of distributed denial-of-service (ddos) attacks, which overwhelm sites with traffic requests and make them inaccessible.

Hackers have targeted online payment services, government departments, airlines and food delivery companies in Russia, with the aim of creating inconvenience in the country's daily life. "Today, Russians regularly encounter problems in the functioning of streaming TV services," wrote the managers of the group's Telegram channel - which are backed by the Ukrainian government - after an operation claimed in mid-April.

A hacker Ukrainian tells us about his cyber war against Russia Roman, invented name, is the head of a congregation of about 50 cyber experts who every day respond to the invasion of Ukraine with missions against Russian platforms and companies Since Russia invaded Ukraine in late February, the country became the target of an unprecedented barrage of cyber attacks. Hacktivists, Ukrainian forces and people from all over the world are participating in the actions of Ukrainian hackers, targeting Russia and its companies. DDOS attacks make up the bulk of the action, but researchers have also spotted ransomware designed to target Russia and search for bugs in Russian systems that could be exploited to carry out more sophisticated attacks.

Turnaround Attacks on Russia go against the trend of recent history. Many cybercriminals and ransomware groups have ties to Russia and do not target the country. Now, however, the situation is changing. "Russia is generally considered to be one of the countries from which cyberattacks start and not a target," explains Stefano De Blasi, a cyber-threat intelligence analyst who works for the cyber security firm Digital Shadows.

All at the beginning of the war the DDOS attacks were incessant. During the first three months of 2022, a record level of ddos ​​was recorded, as reported by an analysis by the Russian cybersecurity company Kaspersky. Despite both Russia and Ukraine having resorted to these kinds of actions, the attacks on Russia proved to be more innovative and protracted.

Some Ukrainian tech companies have modified the 2048 game - a puzzle created by an Italian developer in 2014 - to easily launch ddos ​​attacks, also creating tools that allow anyone to participate in the actions, regardless of technical knowledge. "The more we use automation tools, the more effective our attacks are," read a message sent to the Ukrainian hackers' Telegram channel on March 24. Channel managers urge members to use vpn to shield their location and bypass the protections of their targets from ddos ​​attacks. Towards the end of April, the group unveiled its website, indicating whether its targets are still online or have been dismantled, and providing technical guides. (Ukrainian hacker army did not respond to a request for comment. by UK).

Not only Kaspersky: Italy cuts ties with Russian cybersecurity companies Stop to public bodies contracts also with Group Ib and Positive Technologies. The process of migrating to other suppliers is underway. The National Cybersecurity Agency issues an official circular "We have dealt some serious hits, and many websites don't work," says Dmytro Budorin, CEO of Ukrainian cybersecurity startup Hacken. After the war began, Budorin and some of his colleagues modified one of the company's ddos-fighting tools, called disBalancer, so that it could be used to launch attacks.

If on the one hand the Kaspersky analysis reports that the number of ddos ​​in the world has returned to normal levels as the war progresses, the duration of the attacks has increased, hours instead of minutes. The longest attack lasted for more than 177 hours, more than a week, according to company researchers data. "The attacks are continuing regardless of their effectiveness," reads Kaspersky's analysis (on March 25, the US government added Kaspersky to the list of national security threats; in Italy, following an internal recommendation by the National Cybersecurity Agency, in recent weeks several public bodies have begun to uninstall the company's antivirus and, more generally, to remove the technology of several Russian IT companies).

Limited effectiveness Budorin explains that the ddos ​​attacks allowed the Ukrainians to contribute to the war activities without taking part in the fighting, and adds that both sides have improved attack and defense strategies. Budorin, however, acknowledges that the ddos ​​may not have a noticeable impact on the war: "They are not very effective with respect to the ultimate goal, which is to stop the war," he says.

Since Russia has the invasion began, the country's cybercriminals attempted to cause a blackout in Ukraine, distributed wiper - a malware capable of wiping all data on a system rendering it useless - and launched, as widely expected, nuisance attacks against the Ukrainian government. At the moment, however, the Ukrainian authorities claim to have found a decline in activities: "Recently the quality has decreased, since the enemy is no longer able to prepare as before," said Yurii Shchyhol, the head of the agency. of Ukraine's cybersecurity officer, the SSSCIP, in an April 20 statement - the enemy now spends more time protecting himself, because he has discovered that his systems are also vulnerable. "

See more Choose the newsletters you want to receive and subscribe! Weekly news and comments on conflicts in the digital world, sustainability or gender equality. The best of innovation every day. It's our new newsletters: innovation just a click away.

Arrow In addition to modifying his company's technology to launch ddos ​​attacks, Budorin says he has created a bug bounty program, which awards rewards in money to people who manage to track down and report security holes in Russian systems. He adds that more than three thousand reports have come in, including details on leaked databases, login credentials, and in some cases even code that can be run remotely on Russian systems. The company checks for vulnerabilities and shares them with Ukrainian authorities, explains Budorin. "You do not enter the main entrance - he says -, you pass by the regional offices. There are a lot of bugs, a lot of open windows".

Despite the cyber warfare during the conflict, it may not have had much visibility or the impact expected by some, many incidents can happen without becoming public knowledge. "I think that the most sophisticated operations in progress at the moment are those of espionage, to find out what the opponent is trying to do, wants to do, and will do later - explains De Blasi -. We may have to wait years before discovering something. about ".

Russia's ransomware and plans to isolate the internet Ukrainian intelligence and hacktivists have obtained and published hundreds of gigabytes of data and millions of Russian e-mails, which may help shed light on parts of the Russian state. According to Lotem Finkelstein, director of threat intelligence and research at the Israeli cybersecurity firm Check Point, however, more attacks are underway.

WiredLeaks, how to send us an anonymous report In early March, a new type of ransomware. While most ransomware gangs have ties to Russia - an aspect that created several problems after the statement of support for Russian President Vladimir Putin - the new ransomware was designed to target Russian organizations. "I, the creator of RU_Ransom, created this malware to harm Russia," reads the code's ransom note, as reported by an analysis by security firm Trend Micro. Malware can spread in the form of worms and delete data, although researchers had not yet identified its use in the real world in early March. "It is very rare to see ransomware targeting Russia specifically," says Finkelstein, adding that Check Point is working on new research showing how Russia was affected during the war. Russia is now undergoing attacks it is not used to seeing. " .

Some signs suggest that the increase in cyberattacks against Russia may bring the country closer to an isolation of its internet. In recent years, Russian officials have been discussing the possibility of creating a sovereign internet to break away from the global network. When the DDOS attacks began, it appears that Russia applied geofencing to government websites, and in early March, according to local media reconstructions, the country's Ministry of Digital Development asked the sites to improve their security measures. cybersecurity and maintaining control of your domain names.

"I believe that complete disconnection from the internet would be an extreme approach, even now - explains Lukasz Olejnik, an independent cybersecurity researcher and consultant -. [Russian, ed] government still seems to be in a phase of denial, and behaves as if cyber attacks, or Western sanctions, have not had significant effects ". Nonetheless, according to Olejnik Russia is "stepping up efforts", pushing towards the long-term goal of a sovereign internet.

This article originally appeared on UK.

Powered by Blogger.