Ukraine has claimed duty for a cyber assault that focused Russia state media firm VGTRK and disrupted its operations, in line with stories from Bloomberg and Reuters.
The incident befell on the evening of October 7, VGTRK confirmed, describing it as an “unprecedented hacker attack.” Nonetheless, it mentioned “no significant damage” was induced and that all the pieces was working usually regardless of makes an attempt to interrupt radio and TV broadcasts.
That mentioned, Russian media outlet Gazeta.ru reported that the hackers wiped “everything” from the corporate’s servers, together with backups, citing an nameless supply.
A supply instructed Reuters that “Ukrainian hackers ‘congratulated’ Putin on his birthday by carrying out a large-scale attack on the all-Russian state television and radio broadcasting company.”
The assault is believed to be the work of a pro-Ukrainian hacker group known as Sudo rm-RF. The Russian authorities has since mentioned an investigation into the assault is ongoing and that it “aligns with the anti-Russian agenda of the West.”
The event comes amid continued cyber assaults focusing on each Russia and Ukraine towards the backdrop of the Russo-Ukrainian warfare that commenced in February 2022.
Ukraine’s State Service of Particular Communications and Data Safety (SSSCIP), in a report printed late final month, mentioned it has noticed a rise within the variety of cyber assaults focusing on safety, protection, and vitality sectors, with 1,739 incidents registered within the first half of 2024 reaching, up 19% from 1,463 within the earlier half.
Forty-eight of these assaults have been deemed both vital or excessive in severity stage. Over 1,600 incidents have been categorized as medium and 21 have been tagged as low in severity. The variety of vital severity incidents witnessed a drop from 31 in H2 2023 to three in H1 2024.
Over the previous two years, adversaries have pivoted from staging harmful assaults to securing covert footholds to extract delicate data, the company mentioned.
“In 2024, we observe a pivot in their focus towards anything directly connected to the theater of war and attacks on service provider — aimed at maintaining a low profile, sustaining a presence in systems related to war and politics,” Yevheniya Nakonechna, head of State Cyber Safety Centre of the SSSCIP, mentioned.
“Hackers are no longer just exploiting vulnerabilities wherever they can but are now targeting areas critical to the success and support of their military operations.”
The assaults have been primarily attributed to eight completely different exercise clusters, one among which features a China-linked cyber espionage actor tracked as UAC-0027 that was noticed deploying a malware pressure known as DirtyMoe to conduct cryptojacking and DDoS assaults.
SSSCIP has additionally highlighted intrusion campaigns staged by a Russian state-sponsored hacking group dubbed UAC-0184, stating its observe document of initiating communications with potential targets utilizing messaging apps like Sign with the aim of distributing malware.
One other risk actor that has remained laser-focused on Ukraine is Gamaredon, a Russian hacking crew that is also referred to as Aqua Blizzard (beforehand Actinium), Armageddon, Hive0051, Iron Tilden, Primitive Bear, Shuckworm, Trident Ursa, UAC-0010, UNC530, and Winterflounder.
“The intensity of the physical conflict has noticeably increased since 2022, but it’s worth noting that the level of activity from Gamaredon has remained consistent – the group has been methodically deploying its malicious tools against its targets since well before the invasion began,” Slovak cybersecurity agency ESET mentioned in an evaluation.
Notable among the many malware households is an data stealer known as PteroBleed, which additionally depends on an arsenal of downloaders, droppers, weaponizers, backdoors, and different advert hoc packages to facilitate payload supply, information exfiltration, distant entry, and propagation through linked USB drives.
“Gamaredon has also demonstrated resourcefulness by employing various techniques to evade network-based detections, leveraging third-party services such as Telegram, Cloudflare, and ngrok,” safety researcher Zoltán Rusnák mentioned. “Despite the relative simplicity of its tools, Gamaredon’s aggressive approach and persistence make it a significant threat.”
