Ukraine is calling on underground cyber groups and independent hackers to help it fight Russia as the Ukraine-Russia conflict takes shape on the cybersphere. Cyber warfare is emerging as the third frontier in the Ukraine-Russia conflict after land and air. As such, hacking groups have begun picking sides and are targeting government sites, media and other organizations for DDoS attacks, phishing campaigns, and more.
Ukraine has called upon the hacking community to defend them against the avalanche of cyberattacks that have hit the nation in preceding weeks. On Sunday, the country’s minister for digital transformation, Mykhailo Fedorov, called on “digital talents†to help them thwart cyberattacks and possibly launch cyber offensives against Russia.
The Ukraine-Russia crisis has escalated to military confrontation since WhisperGate malware hit Ukrainian organizations earlier in February. Since then, the Ukrainian government has been targeted in a barrage of cyberattacks through another malware called HermeticaWiper, as well as distributed-denial-of-service (DDoS) attacks.
“We are creating an IT army,†Fedorov said. The minister, who is also Ukraine’s first vice prime minister, posted a link to the Telegram channel where tasks and operational details will be dispersed.
We are creating an IT army. We need digital talents. All operational tasks will be given here: . There will be tasks for everyone. We continue to fight on the cyber front. The first task is on the channel for cyber specialists.
— Mykhailo Fedorov (@FedorovMykhailo) February 26, 2022Opens a new window
The channel has over 235,000 subscribersOpens a new window as of February 28. The IT Army has listed Gazprom, a state-owned energy firm, and Yandex, a Russian internet giant, as two of its targets in one of the messages. Subscribers are encouraged to “use any vectors of cyber and DDoS attacks,†on them. A screengrab of the complete list is posted on TwitterOpens a new window .
According to Reuters, Fedorov’s appeal for building the IT Army of Ukraine was preceded by requests surfacing on underground hacking forums for Ukrainian cybercommunity volunteers to “get involved in the cyber defense of our country.â€
Yegor Aushev, co-founder of Kyiv-based cybersecurity firm Cyber Unit Technologies, told ReutersOpens a new window that he was requested by a senior official in the defense ministry on Thursday, February 24, 2022, to write this post, which he did.
See More: Ukrainian Government Sites Bombarded with DDoS and Data Wiping Malware Attacks
Cyber Attacks Against Russia by Ukraine-supporting Cyber Groups
The recruitment drive is already generating returns for Ukraine. Hacktivist collective Anonymous was one of the first to announce support for Ukraine and the commencement of the cyber warfare against Russia, although it is unknown if Anonymous and others are operating as a part of the IT Army of Ukraine.
The Anonymous collective is officially in cyber war against the Russian government. #AnonymousOpens a new window #UkraineOpens a new window
— Anonymous (@YourAnonOne) February 24, 2022Opens a new window
On the same day, Anonymous successfully took down some Russian government websites and defaced othersOpens a new window , Russian media companies Russia TodayOpens a new window (RT) and TASSOpens a new window , official sites for the Kremlin and the ministry of defense, and the main Russian government websiteOpens a new window . government.ru is still inaccessible as of this writing.
Some hackers who claimed to be associated with Anonymous said they have leakedOpens a new window credentials to the Russian defense ministry. The tweet wasOpens a new window removed because it violated Twitter rules.
Another hacktivist group Belarusian Cyber-Partisons, targeted Belarusian railway infrastructure to slow down Russian troop movement into northern Ukraine. As such, the group said it compromisedOpens a new window the routing and switching systems of the country’s railway traffic control system. The Cyber-Partisons said Belarusian Railway network runs on “outdated piece of crapware that runs on Windows XP.â€
Furthermore, a major Russian bank — Sberbank — is also down after its API was targetedOpens a new window . So is the Ministry of Information Policy of BelarusOpens a new window . It is unclear whether Anonymous or Cyber-Partisons attacked Sberbank and Belarus’ information policy ministry and exactly how many hackers are actively targeting Russian organizations.
Other Cyber Groups in the Ukraine-Russia Conflict
Besides Anonymous and Cyber-Partisons, Ghostsec, BlackHawk, and others have sided with Ukraine.
On the other hand, The Red Bandits, CoomingProjectOpens a new window , SandWorm and others announced their support for Russia. The Conti ransomware gang also declaredOpens a new window backing Russia, only to track back later.
“If anybody will decide to organize a cyberattack or any war activities against Russia, we are going to use our all possible resources to strike back at the critical infrastructures of an enemy,†Conti wrote on its dark website. But since Conti’s members were reportedly divided on the Ukraine-Russia conflict, the group released a revised statement that warned western aggression.
“The Conti Team is officially announcing that we will use our full capacity to deliver retaliatory measures in case the Western warmongers attempt to target critical infrastructure in Russia or any Russian-speaking region of the world. We do not ally with any government and we condemn the ongoing war,†Conti’s post read.
The list of groups either backing or opposing either Russia or Ukraine is given below:
🚨🚨2 MAR updated list of #cyberOpens a new window groups involved in #UkraineRussiaWarOpens a new window . More groups added.
Please RT and like this one, so that the most current version is easily available to all. 💪💪#cybersecurityOpens a new window #threatintelligenceOpens a new window #infosecOpens a new window #cyberattackOpens a new window #CyberwarOpens a new window pic.twitter.com/7Nrc4evda9Opens a new window
— CyberKnow (@Cyberknow20) March 2, 2022Opens a new window
See More: Destructive Malware That Hit Ukraine Can Target U.S. And U.K. Organizations, Warns Microsoft
Phishing
The Computer Emergency Response Team of Ukraine (CERT-UA) posted on Facebook late last week that UNC1151 is carrying out a phishing campaign against Ukrainian military personnel and other individuals.
Last year, cybersecurity firm Mandiant assessed that UNC1151 is linked to the Belarusian government since its objectives align with Belarusian government interests and other technical and geopolitical indicators. CERT-UA alleges that UNC1151’s members include the Ministry of Defense of the Republic of Belarus officers.
Mandiant also confirmed that the domains and other infrastructure used in the phishing campaign, which CERT-UA alerted of, can be associated with the Minsk-based UNC1151. An example of the phishing message used is:
“Dear user! Your contact information or not you are a spam bot. Please, click the link below and verify your contact information. Otherwise, your account will be irretrievably deleted. Thank you for your understanding. Regards, I.UA Team.â€
Once compromised, the attackers access messages for any information and leverage the contact book to propagate the attack further. Mandiant has previously statedOpens a new window that UNC1151 also targets Belarusian dissidents, media entities, and journalists.
Ukraine Seeking Help from Western Corporations
The Ukrainian government is also actively seeking the help of social media giant Meta and satellite internet service company Starlink by requesting respective CEO Mark Zuckerberg and SpaceX CEO (Starlink parent) Elon Musk. Musk responded with an extension of Starlink services in Ukraine.
Meanwhile, Meta didn’t actually suspend Facebook and Instagram in Russia as requested by Fedorov but took other steps such as discontinuing ads in the two countries and restricting access to multiple accounts in Ukraine, among other stepsOpens a new window .
YouTube and Twitter have also limited monetization of ads, especially of those accounts affiliated to the Russian state-owned media. The move is to curb the spread of misinformation/disinformation.
Let us know if you enjoyed reading this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!