Perspectiva SSSCIP asupra atacurilor cibernetice derulate în contextul conflictului militar dintre Federația Rusă și Ucraina (ianuarie 2022 – ianuarie 2024)
DOI:
https://doi.org/10.53477/2065-8281-24-02Keywords:
SSSCIP, Ucraina, APT, securitate cibernetică, Federația Rusă, conflict militar.Abstract
Lucrarea de față evaluează raportările SSSCIP privind atacurile cibernetice derulate asupra Ucrainei în perioada ianuarie 2022 - ianuarie 2024. De la exploatarea malware-ului CaddyWiper, atribuit de SSSCIP către APT SANDWORM, la campaniile sofisticate ale FSB și atacul cibernetic asupra Kyivstar, lucrarea prezintă o perspectivă a atacurilor cibernetice de origine rusă derulate asupra Ucrainei, așa cum au fost raportate de autoritatea ucraineană în domeniu. Scopul articolului este acela de a identifica modul în care SSSCIP (principala instituție responsabilă pe componenta de securitate cibernetică) a raportat atacurile cibernetice asupra infrastructurilor IT&C ucrainene, completitudinea datelor publicate, precum și modalitatea în care sunt prezentate campaniile. Pentru realizarea acestui scop, au fost evaluate toate raportările SSSCIP din perioada de referință și au fost incluse în studiu doar acelea care s-au materializat și au afectat infrastructuri IT&C. În concluzii, vor fi evidențiate, în principal, limitările raportărilor SSSCIP și, secundar, perspectiva SSSCIP privind domeniile care au fost cel mai des vizate de atacuri cibernetice și capabilitățile actorilor ruși.
References
Agrafiotis, Ioannis, Jason R.C. Nurse, Michael Goldsmith, Sadie Creese și David Upton. 2018. ”A taxonomy of cyber-harms: Defining the impacts of cyber-attacks and understanding how they propagate.” Journal of Cybersecurity 4 (1). https://doi.org/10.1093/cybsec/tyy006.
Akimenko, Valeriy și Keir Giles. 2020. ”Russia’s Cyber and Information Warfare.” Asia Policy, National Bureau of Asian Research 27 (2): 67-75. doi:10.1353/asp.2020.0014.
Assoudeh, Mitra. 2020. ”Shaping Cybersecurity Strategy: China, Iran, and Russia in a Comparative Perspective.” RenoProQuest Dissertations Publishing. http://hdl.handle.net/11714/7624.
Balmforth, Tom. 2024. ”Exclusive: Russian hackers were inside Ukraine telecoms giant for months”. https://www.reuters.com/world/europe/russian-hackers-were-inside-ukraine-telecoms-giant-months-cyber-spy-chief-2024-01-04/.
Boschetti, Nicolò, Nathaniel G. Gordon și Gregory Falco. 2022. ”Space Cybersecurity Lessons Learned from the ViaSat Cyberattack.” https://doi.org/10.2514/6.2022-4380.
Bratich, Jack. 2020. ”Civil Society Must Be Defended: Misinformation, Moral Panics, and Wars of Restoration.” Communication, Culture and Critique 13 (3): 311-332. https://doi.org/10.1093/ccc/tcz041.
CERT-EU. 2023. ”Russia’s war on Ukraine: one year of cyber operations”. https://cert.europa.eu/static/threat-intelligence/TLP-CLEAR-CERT-EU-1YUA-CyberOps.pdf.
CERT-UA. 2022a. ”Fragment of the study of cyberattacks 14.01.2022”. https://cert.gov.ua/article/18101.
—. 2022b. ”Sandworm Group Cyberattack (UAC-0082) on Ukrainian energy objects using INDUSTROYER2 and CADDYWIPER malware (CERT-UA#4435)”. https://cert.gov.ua/article/39518.
Cyber Security Intelligence. 2022. ”State Service of Special Communications & Information Protection of Ukraine (SSSCIP)”. https://www.cybersecurityintelligence.com/state-service-of-special-communications-and-information-protection-of-ukraine-ssscip-7222.html.
Davydiuk, Andrii și Vitalii Zubok. 2023. ”Analytical Review of the Resilience of Ukraine’s Critical Energy Infrastructure to Cyber Threats in Times of War.” 15th International Conference on Cyber Conflict: Meeting Reality (CyCon). Tallinn, ESTONIA: IEEE. 121-139. doi:10.23919/CyCon58705.2023.10181813.
Furstenau, Leonardo Bertolin, Michele Kremer Sott, Andrio Jonas Ouriques Homrich și Liane Mahlmann Kipper. 2020. ”20 Years of Scientific Evolution of Cyber Security: a Science Mapping.” International Conference on Industrial Engineering and Operations Management. Dubai, UAE: IEOM Society International. https://www.researchgate.net/publication/40413661_20_Years_of_Scientific_Evolution_of_Cyber_Security_a_Science_Mapping.
Gatlan, Sergiu. 2024. ”Russian hackers wiped thousands of systems in KyivStar attack”. https://www.bleepingcomputer.com/news/security/russian-hackers-wiped-thousands-of-systems-in-kyivstar-attack/.
Geissler, Dominique, Dominik Bär, Nicolas Pröllochs și Stefan Feuerriegel. 2023. ”Russian propaganda on social media during the 2022 invasion of Ukraine.” EPJ Data Science 12 (1). doi:10.1140/epjds/s13688-023-00414-5.
Hernandez-Castro, Julio, Edward Cartwright și Anna Stepanova. 2017. ”Economic Analysis of Ransomware.” https://ssrn.com/abstract=2937641.
Hernandez-Castro, Julio și Edward Cartwright. 2020. ”An economic analysis of ransomware and its welfare consequences.” The Royal Society Open Science Hupperich, Thomas. 2023. ”On DDoS Attacks as an Expression of Digital Protest in the Russo-Ukrainian War 2022.” 2023 International Symposium on Networks, Computers and Communications. Doha, Qatar: IEEE. doi:10.1109/ISNCC58260.2023.10323968.
Khonji, Mahmoud, Youssef Iraqi și Andrew Jones. 2013. ”Phishing Detection: A Literature Survey.” IEEE Communications Surveys & Tutorials 15 (4): 2091 - 2121. doi:10.1109/SURV.2013.032213.00009.
Kizilova, Kseniya. 2022. ”Assessing Russian Public Opinion on the Ukraine War.” Social Science Open Access Repository 2-5. https://nbn-resolving.org/urn:nbn:de:0168-ssoar-86994-6.
Kloba, Lev și Taras Kloba. 2022. ”Cyber threats of the banking sector in the conditions of the war in Ukraine.” Financial and Credit Activity - Problems of Theory and Practice 5 (46): 19-28. doi:10.55643/fcaptp.5.46.2022.3883.
Kozak, Pavel, Ivo Klaban și Tomáš Šlajs. 2023. ”Industroyer cyber-attacks on Ukraine’s critical infrastructure.” 2023 International Conference on Military Technologies (ICMT). Brno, Czech Republic: IEEE. 1-6. doi:10.1109/ICMT58149.2023.10171308.
Krithika, N. 2017. ”A study on wha (watering hole attack)–the most dangerous threat to the organisation.” International Journal of innovations in Scientific and Engineering Research (IJISER) 4 (8): 196-198. https://web.archive.org/web/20180421102442id_/; http://www.ijiser.com/paper/2017/vol4issue8/Aug2017p101.1.pdf.
Lee, Chia-yi. 2022. ”Why do terrorists target the energy industry? A review of kidnapping, violence and attacks against energy infrastructur.” Energy Research & Social Science 87 (8): 102459. doi:10.1016/j.erss.2021.102459.
Lewis, James A. 2022. ”Cyber War and Ukraine.” https://www.csis.org/analysis/cyber-war-and-ukraine.
Liedekerke, Arthur de și Kira Frankenthal. 2023. ”The Cyber Dimension in Russia’s War of Aggression.” doi:10.5771/9783748917205-239.
Lilly, Bilyana, Kenneth Geers, Greg Rattray și Robert Koch. 2023. ”Business@War: The IT Companies Helping to Defend Ukraine.” 15th International Conference on Cyber Conflict: Meeting Reality (CyCon) (IEEE ) 71-83. doi:10.23919/CyCon58705.2023.10181980.
Lonergan, Erica D, Margaret W Smith și Grace B. Mueller. 2023. ”Evaluating Assumptions About the Role of Cyberspace in Warfighting: Evidence from Ukraine.” 15th
International Conference on Cyber Conflict (CyCon). Tallinn, ESTONIA: IEEE. 85-102. https://doi.org/10.23919/CyCon58705.2023.10182101.
Matania, Eviata și Udi Sommer. 2023. ”Tech titans, cyber commons and the war in Ukraine: An incipient shift in international relations.” https://doi.org/10.1177/00471178231211500.
McFail, Michael, Jordan Hanna și Daniel Rebori-Carretero. 2021. ”Detection Engineering in Industrial Control Systems. Ukraine 2016 Attack: Sandworm Team and Industroyer Case Study.” The MITRE Corporation 2-3. https://www.mitre.org/sites/default/files/2022-04/pr-22-0094-detection-engineering-in-industrial-control-systems-ukraine-2016-attack-case-study.pdf.
Mcwhorter, Dan. 2014. ”APT28 Malware: A Window into Russia’s Cyber Espionage Operations?”. https://www.mandiant.com/resources/blog/apt28-a-window-into-russias-cyber-espionage-operations.
Microsoft. fără an. „Definiția atacurilor DDoS”. Accesat 14 ianuarie 2023. https://www.microsoft.com/ro-ro/security/business/security-101/what-is-a-ddos-attack.
—. 2022. ”Destructive malware targeting Ukrainian organizations”. https://www.microsoft.com/en-us/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/.
Mohurle, Savita și Manisha Patil. 2017. ”A brief study of Wannacry Threat: Ransomware Attack 2017.” International Journal of Advanced Research in Computer Science 8 (5). https://www.ijarcs.info/index.php/Ijarcs/article/view/4021.
Paniotto, Volodymyr. 2020. ”The Attitude of Ukraine’s Population to Russia and Russia’s Population to Ukraine (2008–2020).” NaUKMA Research Papers Sociology 3: 3-14. doi:10.18523/2617-9067.2020.3.3-14.
Patil, Dharmaraj, Tareek Pattewar, Shailendra Pardeshi, Vipul Punjabi și Rajnikant Wagh. 2022. ”Learning to Detect Phishing Web Pages Using Lexical and String Complexity Analysis.” https://eudl.eu/doi/10.4108/eai.20-4-2022.173950.
Paverman, Joseph Herbert. 2019. ”An Examination of Cyber-Attacks Carried Out by Russia to Perpetuate Expansion.” Utica CollegeProQuest Dissertations Publishing. https://www.proquest.com/openview/a0cb326bdab5e2f4c65f0baca4d2ab47/1?pq-origsite=gscholar&cbl=18750&diss=y.
Proska, Ken, John Wolfram, Jared Wilson, Dan Black, Keith Lunden, Daniel Kapellmann Zafra, Nathan Brubaker, Tyler Mclellan și Chris Sistrunk. 2023. ”Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology”. https://www.mandiant.com/resources/blog/sandworm-disrupts-power-ukraine-operational-technology.
Radu, Claudiu-Cosmin. 2022. ”Russia’s approach to cyberspace.” International Scientific Conference Strategies XXI. Volume XVIII. București: “Carol I” National Defence University Publishing House. 533-544. https://doi.org/10.53477/2971-8813-22-61.
Ratten, Vanessa. 2022. ”The Ukraine/Russia conflict: Geopolitical and international business strategies.” Thunderbird - International Business Review 65 (2): 265-271. https://doi.org/10.1002/tie.22319.
Sapuppo, Mercedes. 2023. ”Ukrainian telecoms hack highlights cyber dangers of Russia’s invasion”. https://www.atlanticcouncil.org/blogs/ukrainealert/ukrainian-telecoms-hack-highlights-cyber-dangers-of-russias-invasion/.
Smith, Margaret W. și Thomas Dean. 2023. ”The Irregulars: Third-Party Cyber Actors and Digital Resistance Movements in the Ukraine Conflict.” 15th International Conference on Cyber Conflict: Meeting Reality (CyCon) 103-119. doi:10.23919/CyCon58705.2023.10182061.
Soesanto, Stefan. 2023. ”Ukraine’s IT Army.” Global Politics and Strategy 65 (2): 93-106. https://doi.org/10.1080/00396338.2023.2218701.
SSSCIP. 2022a. ”A fragment of the January 14 cyber attack investigation has been published”. https://www.cip.gov.ua/en/news/opublikovano-fragment-doslidzhennya-kiberatak14-sichnya.
—. 2022b. ”A new program erasing data from computers has been detected”. https://www.cip.gov.ua/en/news/viyavleno-novu-programu-yaka-stiraye-dani-z-komp-yuteriv.
—. 2022c. ”Cyberattack against Ukrtelecom on March 28: the details”. https://www.cip.gov.ua/en/news/kiberataka-na-ukrtelekom-28-bereznya-detali.
—. 2022d. ”Cyberattacks against Ukraine are carried out by Russian military hackers”.https://www.cip.gov.ua/en/news/cyberattacks-against-ukraine-are-carried-out-by-russian-military-hackers.
—. 2022e. ”Сyberattacks on the sites of military structures and state banks”. https://www.cip.gov.ua/en/news/shodo-kiberataki-na-saiti-viiskovikh-struktur-ta-derzhavnikh-bankiv.
—. 2022f. ”Four Months of War: Cyberattack Statistic”. https://www.cip.gov.ua/en/news/chotiri-misyaci-viini-statistika-kiberatak.
—. 2022g. ”Hackers mainly attack state institutions, telecommunication operators, local authorities, logistics companies and medical resources of Ukraine”. https://www.cip.gov.ua/en/news/khakeri-atakuyut-perevazhno-derzhavni-ustanovi-operatoriv-zvyazku-miscevi-organi-vladi-logistichni-kompaniyi-ta-mediaresursi-ukrayini.
—. 2022h. ”Heavy cyberattack on Ukraine’s energy sector prevented. https://www.cip.gov.ua/en/news/poperedzhena-masshtabna-kiberataka-na-energetichnii-sektor-ukrayini.
—. 2022i. ”Latest update on networks operation in Ukraine as of April 11, 15:00”. https://www.cip.gov.ua/en/news/operativna-informaciya-derzhspeczv-yazku-pro-robotu-mobilnogo-zv-yazku-internetu-ta-cifrovogo-telebachennya-v-ukrayini-stanom-na15-00-11-kvitnya-2022-roku.
—. 2022j. ”Russian cyberattack on the OLL.TV service”. https://www.cip.gov.ua/en/news/kiberataka-rosiyi-na-servis-oll-tv.
—. 2022k. ”Russian cyberwarfare against Ukraine seem to have reached its peak”. https://www.cip.gov.ua/en/news/rosiiski-kibernastupalni-operaciyi-na-ukrayinu-imovirno-dosyagli-svogo-maksimalnogo-potencialu.
—. 2022l. ”Russian hackers attempted to cut electricity supply to many Ukrainians”. https://www.cip.gov.ua/en/news/rosiiski-khakeri-namagalisya-pozbaviti-dostupu-do-elektroenergiyi-znachnu-kilkist-ukrayinciv.
—. 2022m. ”Russian Invaders Disabled Communication Services in the South of Ukraine”. https://www.cip.gov.ua/en/news/rosiiski-okupanti-vidklyuchili-zv-yazok-na-pivdni-ukrayini.
—. 2022n. ”SSSCIP’s State Centre of Cybersecurity has neutralized an attack on public authorities’ websites”. https://www.cip.gov.ua/en/news/derzhavnii-centr-kiberzakhistu-derzhspeczv-yazku-neitralizuvav-ataku-na-saiti-derzhavnikh-organiv.
—. 2022o. ”Starlink in Ukraine: How Elon Musk’s Satellite Internet is Helping Now and What the Prospects Are”. https://www.cip.gov.ua/en/news/starlink-v-ukrayini-yak-suputnikovii-internet-vid-ilona-maska-dopomagaye-zaraz-ta-yaki-perspektivi.
—. 2022p. ”Statistics of Cyber Attacks on Ukrainian Critical Information Infrastructure: 15-22 March”. https://www.cip.gov.ua/en/news/statistika-kiberatak-na-ukrayinsku-kritichnu-informaciinu-infrastrukturu-15-22-bereznya.
—. 2022q. ”The war continues not only on land, in the air and at sea. Cyberspace has also become an arena for hostilities”. https://www.cip.gov.ua/en/news/the-war-continues-not-only-on-land-in-the-air-and-at-sea-cyberspace-has-also-become-an-arena-for-hostilities
—. 2022r. ”Today’s attacks are a continuation of the attacks that took place on February 15”. https://www.cip.gov.ua/en/news/23-lyutogo-2022-roku-stavsya-chergovii-akt-kiberagresiyi-proti-ukrayini.
—. 2022s. ”Ukraine is not the only target for russian hackers, but a major one”. https://www.cip.gov.ua/en/news/ukrayina-ne-yedina-cil-rosiiskikh-khakeriv-prote-odnaz-golovnikh.
—. 2022t. ”Ukrainian television and radio are back in Kherson”. https://www.cip.gov.ua/en/news/do-khersona-povernulosya-ukrayinske-telebachennya-i-radio.
—. 2022u. ”Within a month of war, there were already three times more hacker attacks than during the same period last year”. https://www.cip.gov.ua/en/news/za-misyac-viini-vzhe-stalosya-maizhe-vtrichi-bilshe-khakerskikh-atak-riznogo-vidu-nizh-zaanalogichnii-period-minulogo-roku.
—. 2023a. ”A Cyberattack Failed to Disrupt Ukrinform News Agency”. https://www.cip.gov.ua/en/news/kiberataka-ne-zmogla-zupiniti-robotu-informaciinogo-agentstva-ukrinform.
—. 2023b. ”At least 23 russian cyber terrorist groups act against Ukraine”. https://www.cip.gov.ua/en/news/proti-ukrayini-pracyuyut-shonaimenshe-23-rosiiski-kiberteroristichni-khakerski-grupi.
—. 2023c. ”Attacks against IT companies and specialized software developers as a threat to critical infrastructure”. https://www.cip.gov.ua/en/news/ataki-na-it-kompaniyi-taspecializovanikh-rozrobnikiv-pz-yak-zagroza-kritichnii-infrastrukturi.
—. 2023d. ”CERT-UA experts are investigating a cyberattack against Kyivstar telecom operator’s network”. https://www.cip.gov.ua/en/news/fakhivci-cert-ua-doslidzhuyut-kiberataku-na-merezhu-telekom-operatora-kiyivstar.
—. 2023e. ”Cyberattack on the State Statistics of Ukraine: the enemy reports another non-existent «victory»”. https://www.cip.gov.ua/en/news/kiberataka-na-derzhstat-ukrayini-vorog-ukotre-prozvituvav-pro-peremogu-yakoyi-ne-bulo.
—. 2023f. ”Cybercriminals tried to steal data, disguising themselves as Ukrainian MFA”. https://www.cip.gov.ua/en/news/kiberzlovmisniki-namagalisya-vikradati-dani-maskuyuchis-pid-ukrayinske-mzs.
—. 2023g. ”How russian and pro-russian hackers attack Ukraine”. https://www.cip.gov.ua/en/news/yaki-rosiiski-ta-prorosiiski-khakeri-atakuyut-ukrayinu.
—. 2023h. ”Local public authorities are among the key targets for russian hackers”. https://www.cip.gov.ua/en/news/miscevi-organi-vladi-odna-z-osnovnikh-mishenei-rosiiskikh-khakeriv.
—. 2023i. ”Russian hackers attacked users in Ukraine and Poland once again: this time they used emails containing links to «documents»”. https://www.cip.gov.ua/en/news/rosiiski-khakeri-vchergove-atakuvali-koristuvachiv-ukrayini-ta-polshi-cogo-razu-zadopomogoyu-elektronnikh-listiv-z-posilannyami-na-dokumenti.
—. 2023j. ”Russian hacking group Turla attacks defense forces using CAPIBAR and KAZUAR malware — CERT-UA investigation”. https://www.cip.gov.ua/en/news/rosiiske-ugrupuvannya-turla-spryamovuye-ataki-proti-sil-oboroni-vikoristovuyuchi-shkidlivi-programi-capibar-ta-kazuar-doslidzhennya-cert-ua
—. 2023k. ”Targeted cyberattacks remain among the major cyber threats posed by the FSB hackers — Report”. https://www.cip.gov.ua/en/news/targetovani-kiberataki-zalishayutsya-odniyeyu-z-osnovnikh-kiberzagroz-vid-khakeriv-iz-fsb-zvit.
—. 2023l. ”The attack on Ukrinform might have been carried out by the Sandworm hacking group, associated with russian GRU: preliminary results of CERT-UA investigation”. https://www.cip.gov.ua/en/news/ukrinform-mogli-atakuvati-khakeriz-ugrupuvannya-sandworm-pov-yazanogo-z-rosiiskim-gru-poperedni-dani-doslidzhennya-cert-ua.
Steinbrecher, Dominique. 2022. ”Viasat KA-SAT attack (2022)”. https://cyberlaw.ccdcoe.org/wiki/Viasat_KA-SAT_attack_(2022).
Sullivan, Scott. 2023. ”Unpacking Cyber Neutrality.” 15th International Conference on Cyber Conflict (CyCon). Talinn, ESTONIA: IEEE. 9-23. https://www.ccdcoe.org/uploads/doc/CyCon_2023_book_print.pdf.
Tarasenko, Oleh, Dmytro Mirkovets, Artem Shevchyshen, Oleksandr Nahorniuk-Danyliuk și Yurii Yermakov. 2022. ”Cyber security as the basis for the national security of Ukraine.” Cuestiones Politicas 40 (73): 583-599. https://doi.org/10.46398/cuestpol.4073.33.
Temple-Raston, Dina. 2023. ”In recent interview, ousted Ukrainian cyber official spoke about new Russian attacks, long-term plans”. https://therecord.media/victor-zhora-interview-click-here-ousted.
Visvizi, Anna și Miltiadis D. Lytras. 2020. ”Government at risk: between distributed risks and threats and effective policy-responses.” Transforming Government: People, Process and Policy 14 (3): 333-336. https://doi.org/10.1108/TG-06-2020-0137.
Willett, Marcus. 2022. ”The Cyber Dimension of the Russia–Ukraine War.” Global Politics and Strategy 64 (5): 7-26. https://doi.org/10.1080/00396338.2022.2126193.
Wilson, Richard L. și Alexia Fitz. 2023. ”Nuclear Weapons, Cyber Warfare, and Cyber Security: Ethical and Anticipated Ethical Issues.” Proceedings of the 18th International Conference on Cyber Warfare and Security Vol. 18 No. 1. Baltimore, MD: Towson University. 440-448. https://doi.org/10.34190/iccws.18.1.1050