Dmytro used to be a fairly average student up until a couple of weeks ago.
The Record only identified the 18-year-old by his first initial for his protection. He is now volunteering to coordinate online defense of his nation from a bomb shelter near Kyiv.
Even before the Russian invasion, Ukrainian officials began hiring local tech experts for its so-called cyber forces unit.
Its primary function was to track and repel cyberspace attacks , according to SerhiiDemediuk (a top Ukrainian cybersecurity official).
But it was too late. Russia invaded Ukraine in February 24.
And now instead of professionally-trained cybersecurity specialists, Ukraine has turned for help to volunteers with different levels of IT skills organized in official and unofficial groups that can be hard to track — often “hacking back.”
Slava Banik from the Ukrainian Ministry of Digital Transformation was responsible for the development of eservices.
Online, people from Ukraine and from around the world are creating a highly decentralized cyberwar environment where anyone can play a webgame to help fight the Russian invasion.
Banik spoke of the IT Army’s efforts to attract more than 300,000.
The IT Army’s main attack method is to flood Russian websites and knock them offline with junk traffic. This is known as distributed Denial-of Service Attacks, which are one of the simplest types of digital attacks. Hacktivist groups frequently use them.
Many attacks have at least been successful. According to Telegram’s public channel, volunteer hackers temporarily disrupted Russian government websites, online banking platforms, and streaming services websites.
Russia appears to be responding to these attacks by using geofencing, a technical defense measure that blocks access from certain sites it controls. This includes its military website.
There are many other hacktivist organizations that claim to be allies with the Ukrainian government, encouraging them to oppose Russian propaganda.
However, Western officials fear that hackers’ attacks will get out of control, and could harm ordinary people not involved in this conflict.
Research warns that volunteers, such as those volunteering, could be in violation local law. Additionally, tools being advertised to potential members of the front in cyberspace might also put them at risk.
While Russia’s digital attacks were less severe than expected, observers speculate that the military focused on destroying the communications infrastructure in response to international outcry regarding reports of civilian attack.
YegorAushev, CEO of Cyber Unit Technologies (Kyiv-based cybersecurity firm), stated that Russian hackers wouldn’t be able to hack digital infrastructure if it was possible.
Do you want to tat?
Ukraine was historically a victim of cyberwarfare with Russia.
In 2015, the Russian hacker group Sandworm attacked its power grid. The NotPetya wiper tool affected over 12,500 computers that were used by Ukrainian telecom, banks, postal and government services.
According to Ukrainian officials it is also being attacked by DDoS attacks and other more destructive digital attacks.
According to Ukraine’s information infrastructure protection state service, recorded more then 3,000 DDoS attack on its websites from February 15 through March 10.
Researchers from Slovakia-based cybersecurity firm ESET also reported a new type of destructive wiper malware–CaddyWiper– affecting computers in Ukraine.
Report: A commercial chat service provider was hijacked in order to spread malware within the supply chain.
According to a Friday report by security firm Crowdstrike, attackers stole the installer of a popular commercial chat service provider in order spread malware.
Comm100, which offers chat services through websites and social networks, was the victim of the attack. The assailants’ attack seems to have been inspired by the SolarWinds attacks. They also targeted a prominent software provider in order to gain entry into victims’ systems.
An attack that included trojan malware was performed via an installer for Comm100’s Windows Desktop Agent software. This file could be found on Crowdstrike’s company website. According to Crowdstrike a valid Comm100 certification dated September 26, 2022 was used. It was still in use until the morning on September 29.
Crowdstrike claims that the malware embedded within the installer would secretly connect to a remote server command-and-control, creating a backdoor for infected systems.
Crowdstrike noted that although Comm100 has not responded to a request by The Record for comment immediately, it has released an updated installer. It is unclear how many people downloaded malicious files. However, Comm100 claims it has more than 15,000 customers on its website.
Crowdstrike reported that attackers are Chinese. It was based on “presences Chinese-language comments” in the malware, the use Alibaba infrastructure as a host server, technical connections to the previous “targeting online gambling entities in East or Southeast Asia”, and other factors.