Ukraine’s state registers hit with one of Russia’s largest cyberattacks, officials say

Category	Details
Threat Actors	– Suspected Russian hackers, likely tied to GRU – Sandworm APT – Pro-Russian hacktivist group XakNet
Campaign Overview	– Cyberattack targeting Ukraine’s state registers storing critical citizen and business data – Aimed to disrupt critical infrastructure and spread panic among citizens
Target Regions	– Ukraine (state registers, Ministry of Justice, related services like military app Reserve+ and e-government app Diia)
Methodology	– Infiltration via contractor (NAIS) – Data theft and alleged deletion of databases and backups – Exploiting infrastructure vulnerabilities
Products Targeted	– Ukrainian state registers (property, biometric, business, and legal data) – Digital services dependent on state data (e.g., Diia, Reserve+)
Malware Reference	– Not explicitly mentioned; focused on infrastructure attacks and potential data manipulation
Tools Used	– Access via compromised contractor systems (NAIS) – Telegram for communication and claims
Vulnerabilities Exploited	– Exploited infrastructure vulnerabilities and contractor systems
TTPs	– Months of preparation for targeted attacks – Use of hacktivist groups for plausible deniability – Multi-location data backups targeted
Attribution	– Sandworm APT (suspected ties to GRU) – XakNet hacktivist group
Recommendations	– Strengthen contractor systems security – Implement redundancy in data storage – Monitor for malicious activities in critical systems – Enhance coordination with international cyber-defense organizations
Source	The Record

Read full article: https://therecord.media/ukraine-government-cyberattack-state-registers-russia

The above summary has been generated by an AI language model