fbpx

A chilling Russian cyber target in Ukraine: Digital files



BOSTON (AP) — Russiarelentless digital attacks Ukraine It may have caused less damage than anticipated. But much of the hacking is focused on a different purpose, which is less noticeable but has dire potential consequences: data collection.

Ukrainian agencies that were breached on the eve of the February 24 invasion include the Ministry of Internal Affairs, which oversees the police, national guard and border patrol. A month ago, a national database of auto insurance policies was raided during a cyberattack that falsified Ukrainian websites.

Attacks paired with pre-war data theft likely armed Russia with extensive details about most Ukraine‘ say analysts of population, cybersecurity and military intelligence. this information Russia It could use it to detect and locate the Ukrainians most likely to resist an invasion, potentially targeting them for incarceration or worse.

“It’s fantastically useful information if you’re planning a career,” said Jack Watling, a military analyst at the UK think tank Royal United Services Institute, “to know exactly what car everyone drives and where they live and all that.”

As the digital age evolves, information sovereignty is increasingly used for social control, as demonstrated in China’s repression of the Uighur minority. Not surprisingly, it was a pre-war priority for Ukrainian officials. Russia would be collecting information about citizens.

“The idea was to kill or imprison these people in the early stages of the invasion,” said Victor Zhora, a senior Ukrainian cyber defense official.

Aggressive data collection accelerated just before the invasion, with hackers serving. RussiaAccording to Zhora’s agency, the State Service for Special Communications and Information Protection, its military is increasingly targeting individual Ukrainians.

Serhii Demediukassistant secretary UkraineThe National Security and Defense Council said, via email, that personal data remains a priority for Russian hackers attempting more government network breaches: “Cyber ​​warfare is in a really hot phase these days.”

There is little doubt that political targeting is a target. Ukraine He says Russian forces killed and kidnapped local leaders whose lands they had seized.

Demediuk was stingy with details, but said that in mid-January and the invasion began, Russian cyberattacks primarily sought to “destroy government agencies’ information systems and critical infrastructure” and included data theft.

The Ukrainian government says that the January 14 auto insurance hack resulted in the theft of 80% of Ukrainian policies registered with the Motor Transport Bureau.

Demediuk acknowledged that the Ministry of Interior was among the state institutions breached on February 23. HE IS He said a “small portion” of the ministry’s data was stolen, but so far no cases of its use have been identified. HE IS did not give details. Security researchers from ESET and other cybersecurity companies Ukraine He said the nets had been compromised months ago and there was ample time for covert theft.

Data collection through hacking is a long-running business.

one unit RussiaThe FSB intelligence agency, which researchers call Armageddon, has been doing this outside of Crimea for years. Russia Captured in 2014. Ukraine It says it tried to infect more than 1,500 Ukrainian government computer systems.

In a February 4 blog post, Microsoft said it has been trying to breach and maintain access to nonprofits, as well as government, military, judiciary and law enforcement agencies since October, with its primary purpose being to “leak sensitive information.” This included the distribution of humanitarian aid, as well as anonymous organizations “critical to the emergency response and ensuring the security of Ukrainian territory.”

After the invasion, hackers targeted European organizations helping Ukrainian refugees, according to Zhora and cybersecurity firm Proofpoint. Authorities did not specify which organizations or what may have been stolen.

Another attack on April 1 UkraineThe National Call Centre, which runs a hotline for complaints and inquiries on a wide variety of issues, such as corruption, domestic abuse, people displaced by occupation, war veterans benefits. Used by hundreds of thousands of Ukrainians, it issues COVID-19 vaccine certificates and collects callers’ personal data, including emails, addresses, and phone numbers.

Adam Meyers, senior vice president of intelligence at cybersecurity firm CrowdStrike, believes the attack could have had a greater psychological impact than the intelligence-gathering effect, which, like others, is aimed at undermining Ukrainians’ trust in their institutions.

“Fear that when the Russians take over, if they don’t cooperate, the Russians will know who they are, where they are, and they will come after you,” Meyers said.

Center director Marianna Vilshinska said the attack disabled the center for at least three days. Neither phones nor chatbots worked. They broke the whole system.”

Hackers calling themselves Cyber ​​Army Russia claimed to have stolen the personal data of 7 million people in the attack. However, Vilshinska denied that users breached the database with their personal information. “They haven’t received any valuable information,” she said.

He confirmed that a contact list the hackers posted online from more than 300 center employees was genuine, but said other files the hackers posted — listing 3 million names and phone numbers and 1 million addresses — were not from the centre.

Targeted phishing attacks in recent weeks have focused on military, national and local officials aiming to steal credentials to open government data treasures. Such activities largely depend on: UkraineCellular networks were very intelligence-rich, Meyers of CrowdStrike said. Russia want to close.

On March 31, Ukraine’s SBU intelligence agency said it had captured a remotely controlled “boat farm” in the eastern Dnipropretrovsk region. Russia He sent text messages to 5,000 Ukrainian soldiers, police and SBU members asking them to surrender or sabotage their troops. Agency spokesperson Artem Dekhtiarenko said authorities are investigating how the phone numbers were obtained.

Gene Yoo, CEO of cybersecurity firm ReSecurity, said that it is not difficult: Subscriber databases of leading Ukrainian wireless companies have been offered for sale on the dark web by cybercriminals for some time, as in many countries.

if Russia successful in seizing control further east. Ukraine, stolen personal data will be an asset. Russian occupiers have already gathered passport information that could help organize separatist referendums, according to a recent tweet by a senior Ukrainian presidential adviser.

UkraineFor its part, it appears to have conducted significant data collection targeting Russian soldiers, spies and police – including rich geolocation data – with the quiet help of US, UK and other partners.

Demediuk, a senior security official, said the country “knows exactly where and when a particular soldier crossed the border”. UkraineHe stopped in the settlement he occupied, in which building he spent the night, stole and committed crimes on our land.”

We know their cell phone numbers, the names of their parents, spouses, children, their home addresses, who their neighbors are, where they go to school and the names of their teachers.

Analysts point out that some claims about data collection from both sides of the conflict may be exaggerated.

But in recordings posted online by Ukraine’s Minister of Digital Transformation, Mikhailo Fedorov, callers can be heard calling the distant wives of Russian soldiers and pretending to be Russian state security guards that packages sent to them from Belarus were looted from homes in Ukraine.

In one, a woman with a nervous voice admits that she bought what she calls a souvenir – a tote bag, a key chain.

The caller tells her that she shares criminal responsibility, that her husband “killed people”. Ukraine and they stole their belongings.”

It’s closing.





Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

(0)