Fearsome Russian Cyber ​​Target in Ukraine: Digital Files 2022-04-27 23:36:04


Boston (AFP) – Russia Relentless digital assaults In Ukraine has caused less ruin than many expected. But most the pirate It focuses on a different goal that gets less attention but has disastrous consequences: data collection.

Ukrainian agencies broke the eve Invasion of February 24 It includes the Ministry of the Interior, which oversees the police, the National Guard, and the border patrol. A month earlier, a national database of auto insurance policies was raided during a marketing cyberattack that defaced Ukrainian websites.

Cybersecurity and military intelligence analysts say the hacks, combined with prewar data theft, likely armed Russia with extensive detail about much of Ukraine’s population, cybersecurity and military intelligence. It’s information that Russia can use to identify and identify the Ukrainians most likely to resist the occupation, potentially targeting them with arrest or worse.

“Fantastically useful information if you’re planning a career” Jack Watling“Knowing exactly which car everyone is driving, where they live and all that,” a military analyst at the UK’s Royal United Institute of Research Services said of the car insurance data.

With the development of the digital age, the dominance of information is increasingly used for social control, as China has shown in its time Repression of the Uyghur minority. It came as no surprise to Ukrainian officials that Russia’s pre-war priority was gathering information on citizens.

Victor Zora, a senior Ukrainian cyber defense official, claimed that “the idea was to kill or imprison these people in the early stages of the occupation.”

The data collection process was rigorously accelerated just before that the invasionWith hackers serving the Russian military increasingly targeting Ukrainian personnel, according to Zura Agency, the State Service for Special Communications and Information Protection.

Serhiy Demidyuk, deputy secretary of Ukraine’s National Security and Defense Council, said via email that personal data remains a priority for Russian hackers as they attempt more breaches of government networks: “Cyber ​​warfare is really at the hot stage these days.”

There is no doubt that political targeting is a target. Ukraine says Russian forces did it Killing and kidnapping local leaders Where they grab land.

Demidyuk was stingy on details but said that the Russian cyberattacks in mid-January, as the invasion began, sought primarily to “destroy government agencies’ information systems and critical infrastructure” and included data theft.

The Ukrainian government says the car insurance hack on January 14 resulted in the theft of up to 80% of Ukrainian insurance policies registered with the Automobile Transport Office.

Demidyuk acknowledged that the Ministry of Internal Affairs was among the government agencies that were hacked on February 23. He said the data was stolen but not mentioned by any agencies, only that it “did not lead to serious consequences, especially when it comes to data for soldiers or volunteers.” Security researchers from ESET and other cybersecurity companies working with Ukraine said that Networks hacked months earlier, allowing ample time to commit stealth acts.

Data collection by hacking is a long-running business.

unit of The FSB, the Russian intelligence agency, which researchers named Armageddon It has been doing so for years outside Crimea, which Russia seized in 2014. Ukraine says it sought to transmit the infection More than 1500 Ukrainian government computer systems.

Since October, it has attempted to hack into and maintain access to government, military, judiciary and law enforcement agencies as well as non-profit organizations, with the primary aim of “stealing sensitive information,” Microsoft said in a statement. Blog post on Feb 4. This included unnamed organizations “of critical importance in responding to emergencies and ensuring the security of the Ukrainian territory,” as well as the distribution of humanitarian aid.

After the invasion, hackers targeted European organizations helping Ukrainian refugees, according to Zura and Proofpoint cyber security company. Authorities have not identified which organizations or what might have been stolen.

But another attack on April 1 crippled Ukraine’s National Contact Centre, which operates a hotline for complaints and inquiries on a wide range of matters: corruption, domestic violence, people displaced by the invasion, and veterans’ benefits. Used by hundreds of thousands of Ukrainians, it issues certificates for the COVID-19 vaccine and collects personal data of callers including emails, addresses and phone numbers.

Adam MyersCrowdStrike, senior vice president of intelligence at cybersecurity firm CrowdStrike, believes the attack, like many others, may have a greater psychological impact than intelligence gathering — with the goal of undermining Ukrainians’ trust in their institutions.

“Make them afraid that when the Russians take over, if they don’t cooperate, the Russians will know who they are and where they are and will come after them,” Myers said.

The attack caused the center to stop working for at least three days. “We couldn’t work. Neither phones nor chatbots worked. They broke all the system,” said the center’s director, Mariana Velchinska.

Hackers calling themselves the Cyber ​​Army of Russia claimed that they stole personal data on 7 million people in the attack. However, Vilshinska denied that they had breached the database with users’ personal information, while confirming that the contact list posted by the hackers online for more than 300 employees of the center was authentic.

Spear phishing attacks in recent weeks have focused on military, national and local officials, with the goal of stealing credentials to open government data sets. Such an activity is highly dependent on Cellular networks in Ukrainewhich CrowdStrike’s Myers said is too rich in intelligence for Russia to want to shut it down.

On March 31, Ukraine’s intelligence agency SBU said it had done so He took over a “mechanized farm” In the eastern district of Dnipropetrovsk remotely controlled from Russia sent text messages to 5,000 Ukrainian soldiers, members of the police and the SBU urging them to surrender or sabotage their units. Agency spokesman Artem Dykhtyarenko said authorities were investigating how the phone numbers were obtained.

It probably wasn’t difficult, said Jin Yu, CEO of cybersecurity firm ReSecurity: Subscriber databases at major Ukrainian wireless companies have been available for sale by cybercriminals on the dark web for some time — as in many countries.

If Russia succeeds in gaining control of more of eastern Ukraine, the stolen personal data will be an asset. The Russian occupiers have already collected passport information, a senior Ukrainian presidential adviser Tweet recentlycould help organize separatist referendums.

For its part, Ukraine appears to have collected critical data – with quiet help from the US, UK and other partners – targeting Russian soldiers, spies and police, including rich geolocation data.

Demidyuk, the chief security official, said the country knows “exactly where and when a certain soldier crossed the border with Ukraine, stopping an occupied settlement, where the building spent the night, robbed and committed crimes on our land.”

“We know their cell phone numbers, the names of their parents, wives and children and their home addresses,” he said, who are their neighbors, where they went to school and the names of their teachers.

Analysts warn that some claims about data collection from both sides of the conflict may be exaggerated.

But in recordings posted online by Ukraine’s Minister of Digital Transformation Mikhailo Fedorov, callers are heard phoning the wives of Russian soldiers in remote areas and pretending to be Russian state security officials to say that packages shipped to them from Belarus were looted from Ukrainian homes.

in one, nervous woman She acknowledges receiving what she calls souvenirs – a women’s bag, a keychain.

The caller told her that she shared criminal responsibility, and that her husband “killed people in Ukraine and stole their stuff.”

She hangs up.


This report was contributed by Larry Finn of the Associated Press in New York and Ina Ferenitsa in Kyiv, Ukraine.