January 2022: Massive Cyber-Attack On Ukraine. Overview And Analysis

Illustrative Image

DEAR FRIENDS. IF YOU LIKE THIS TYPE OF CONTENT, SUPPORT SOUTHFRONT WORK :

MONERO (XMR): 8332UX6Ero53cnz2dKzmfRYtDa5DZ9wRsBfKHcYPHzTvBTTSgLGaC8f8Eo8QsmaoRsCosURvfjv4uiyFcm2WHEf5TfuRYY9

BITCOIN (BTC): bc1q2u872wf5t6tunuzxc5jq6wzz5jwr3ew2q8htxw

BITCOIN CASH (BCH): qqrjde2cq9g473687utlwh4p7ngdaacca5wdraxatl

PAYPAL, WESTERN UNION etc: write to info@southfront.org , southfront@list.ru

On January 14, official websites of the ministries and government bodies of Ukraine were allegedly hacked. The only main pages became available stuffed with the same message, urging Ukrainians to “prepare for the worst.”

The websites of the Ministries of Foreign Affairs, Education and Science, Agrarian Policy and the one of Veteran Affairs were hacked. The portals of the Cabinet of Ministers of Ukraine as well as the Ministries of Sports, Community and Territorial Development, Finance, Ecology and the Ministry of Energy were targeted by the attack.

Click to see full-size image

An appeal was published on the main pages claiming that all personal data of citizens was “uploaded to the network”, and the information on the computer is destroyed and cannot be restored.

“All information about you has become public, be afraid and wait for the worst. This is for your past, present and future. For Volhynia, for the OUN UPA, for Galicia, for Polesie and for historical lands,” the message says.

The message was published in three languages: Ukrainian, Russian and Polish.

However, as it turned out, no information was leaked or destroyed. Kiev officials claimed that the hackers did not get access to databases, no important data on the websites were lost, and their normal operation was restored within a few hours. So far, no information was leaked into the Darknet, there are not even signs of separate fragments.

Thus, these attacks did not lead to any significant damage to the information infrastructure of Ukraine.

As expected, Russia was blamed for this hostile action but along with this such a high-profile topic, which had every prospect to become another reason for increasing of pressure on Russia, was quickly pushed back to the back scene of the information agenda in next few days.

At the same time, the cyber-attack itself seemed to be an important blow to the country’s cyber security, since almost dozen official portals were targeted altogether at once. At a minimum, the hackers had to conduct a deep reconnaissance of the assets (sites, people, social networks, etc.) before the attack. These activities include not only site vulnerability assessment, identification of gaps and entry points, but also elements of social engineering. The process takes an average of 3-4 weeks.

That means, that the operation requires quite a long preparation and is only possible, when trespassers gain all key data that needs to get a relevant access inside, for example through vulnerabilities on the portal’s front end using Remote Code Execution (RCE) attacks.

“Remote Code Execution is used to expose a form of vulnerability that can be exploited when user input is injected into a file or string and the entire package is run on the parser of the programming language. This is not the type of behavior that is exhibited by the developer of the web application. A Remote Code Execution Attack can lead to a full-scale attack that would compromise an entire web application and the webserver.”

This is a usual job for professional hackers, but they tend to do it only when the potential damage exceeds the costs incurred by the hacker team to prepare a cyber-operation.

For example, conducting controllable and legitimate “Red teaming” exercises, measures to determine the degree of protection of a single organization (asset) and identify weaknesses in the processes, are estimated on the market from $150,000 and higher for organizations at the level of ministries and official bodies of the state. Accordingly, for the Ukrainian case, the estimated cost of such exercises for nine organizations is at least $1 350 000. These figures correspond, for example, to the price level of Mandiant (https://www.mandiant.com), a well-known company providing services in this area.

«Red Teaming is a complex simulation of real attacks in order to assess the cybersecurity of systems»

In their turn, hacker teams evaluate “services” for carrying out attacks similar to those faced by Ukrainian state. Information resources cost from 200 000 to 500 000 US dollars for one organization (asset) of this level. Thus, the total cost of attacks can be conditionally estimated in the range from 1 800 000 to 4 500 000 US dollars.

In the Ukrainian case, it is obvious that the result did not correlate with the costs in any way.

It can be argued that the attack was not aimed to cause technical damage, but to have informational and psychological impact. Even in this case, the short-term publication of a message in three languages may not be a worthy goal.

As we wrote above, immediately after the attacks, Ukrainian officials traditionally blamed Russia, but they did it in a rather delicate manner, which is unusual for them.

Then, this scandal disappeared from the information agenda for a few days. At that time, hysteria about the upcoming Russian aggression against Ukraine was brought to the top of the world headlines.

This information campaign was used as an excuse to launch actions to impose new sanctions against Russia.

By the end of January, it became obvious that Russia had not invaded and was unlikely to invade Ukraine in the near future. The fact that there are no signs of the upcoming invasion was ascertained even by the Ukrainian authorities.

However, the issue of Russia’s “cyber aggression” against Ukraine has not been forgotten.

On January 19, the head of the NSDC Danilov held talks with Josep Borrel. He informed the European leader about the involvement of the Russian Federation in these cyber-attacks.

Senior White House officials indicated in their statements that cyber-attacks, labeled as ‘Russian’ ones, will be considered equated to armed aggression and will entail similar consequences.

European officials supported their American counterparts. Similar statements were made by the Austrian Foreign Minister Alexander Schallenberg, the German Foreign Minister Annalena Baerbock and representatives of the Netherlands’ ruling parties of VVD and D66.

Earlier, High Representative of the Union for Foreign Affairs and Security Policy Josep Borrel indirectly confirmed this accusation during a meeting of EU Foreign ministers in Paris, according to the report by Financial Times on January 16.

By the end of January, the hysteria on Russian cyber threat suddenly got a second wind. LINK, LINK

The traditional scheme of stove-piping is plain to see. At first, the information circulates inside the EU bodies with its further transmission to euro-atlantic analytical structures and think tanks.

Then, the information was spread again by the Ukrainian media and by February 2, it reached the leading global MSM like the New York Times.

The accusation promoted by the campaign is obvious: “Russia carried out an information aggression against Ukraine in mid-January”, and, as stated by Kiev’s allies, this should have been assessed almost similarly to a military attack on Ukraine.

The ground for accusations against Russia is vague.

One of the main arguments is that the message published on Ukrainian websites was written in three languages, and hidden IP addresses that were behind the attack were highly likely rooted in Poland. Analysis of the Polish text showed a low probability that it was written by native Polish speakers, but either by a person who learned Polish or used a Google translator.

Based on these “facts” accompanied by the presumption of guilty for Russians and Putin personally, Washington, Brussels and their proxies claim that the attack was carried out by notorious mythical Russian hackers.

Meanwhile, NATO and U.S. psychological operations and information operations warfare centers are deployed in Poland, Bulgaria and the Baltic States and most of their employees over there are not Poles either.

When assessing the events surrounding the January 14 cyber-attacks, in the absence of any factual evidence, it is advisable to pay attention to the questions of who benefited from it in the first place, and what consequences and opportunities these attacks created.

A part of Euro-Atlantic elites initially hoped that they would provoke an escalation in Eastern Europe through diplomatic and information hysteria about tens of thousands of Russian and Belarusian troops concentrated near the Ukrainian border. If this is not enough, it was apparently supposed to use accusations of another type of aggression as a backup option.

The easiest way is to accuse Russia of cyber-aggression, assessing it similar to military action when other options are exhausted.

This was the card they put on the table when the Trump-card didn’t work.

Escalation in Eastern Europe primarily meets the interests of the Anglo-Saxon axis. The buildup of information campaigns through the creation of a cascade of excuses and reasons, using backdoor actions, are typified for the British and American secret services behavior. In turn, the profile of NATO and Ukraine’s services are under their direct and full control.

Thus, it is most likely that the cyber-attack on January 14 was the result of a US, Great Britain or NATO’s cyber operation or their joint effort. The main goal is to have auxiliary motives to impose sanctions against Russia if there is no other, bigger excuse.