| Category | Details |
|---|---|
| Threat Actors | - Suspected Russian hackers, likely tied to GRU - Sandworm APT - Pro-Russian hacktivist group XakNet |
| Campaign Overview | - Cyberattack targeting Ukraine’s state registers storing critical citizen and business data - Aimed to disrupt critical infrastructure and spread panic among citizens |
| Target Regions | - Ukraine (state registers, Ministry of Justice, related services like military app Reserve+ and e-government app Diia) |
| Methodology | - Infiltration via contractor (NAIS) - Data theft and alleged deletion of databases and backups - Exploiting infrastructure vulnerabilities |
| Products Targeted | - Ukrainian state registers (property, biometric, business, and legal data) - Digital services dependent on state data (e.g., Diia, Reserve+) |
| Malware Reference | - Not explicitly mentioned; focused on infrastructure attacks and potential data manipulation |
| Tools Used | - Access via compromised contractor systems (NAIS) - Telegram for communication and claims |
| Vulnerabilities Exploited | - Exploited infrastructure vulnerabilities and contractor systems |
| TTPs | - Months of preparation for targeted attacks - Use of hacktivist groups for plausible deniability - Multi-location data backups targeted |
| Attribution | - Sandworm APT (suspected ties to GRU) - XakNet hacktivist group |
| Recommendations | - Strengthen contractor systems security - Implement redundancy in data storage - Monitor for malicious activities in critical systems - Enhance coordination with international cyber-defense organizations |
| Source | The Record |
Read full article: https://therecord.media/ukraine-government-cyberattack-state-registers-russia
The above summary has been generated by an AI language model
Leave a Reply