ANALYSIS OF CYBER ATTACKS AND THE ACTIVITIES OF APT GROUPS IN UKRAINE

Authors

DOI:

https://doi.org/10.28925/2663-4023.2024.24.172184

Keywords:

APT, cyber threats, cyber war, Mitre, Zero Trust, Defence in Depth

Abstract

The article is devoted to the analysis of cyberattacks and the activities of the APT (Advanced Persistent Threat) group in Ukraine, which significantly intensified the trend of the last decade in the context of the growing globalization of information warfare and political conflicts. The paper takes an in-depth look at the methods, tactics, and procedures (TTP) used by known APT groups such as Sandworm, Fancy Bear (APT28), and Gamaredon to carry out targeted cyber-attacks against Ukraine. The main focus of the article is the identification of patterns in the activities of APT groups and the formation of recommendations for the development of effective cyber protection strategies. The work uses data from open sources, CERT-UA reports, and analytical materials of international companies to assess the current state of cyber security and identify existing vulnerabilities that can be used by attackers. The article details various cyber-attack techniques that include the use of polymorphic and metamorphic malware, supply chain attacks, and methods, tactics, and procedures according to the Mitre framework. Considerable attention is paid to strategies for protection against APT attacks, with a special focus on zero trust architecture (Zero Trust) and defense in depth (Defense in Depth), which includes the application of multi-level protection systems to minimize risks and ensure recovery after incidents. Also discussed are tactics to counter attackers, the use of advanced network and endpoint security solutions, and the widespread adoption of multi-factor authentication and methods to protect against phishing attacks. The article emphasizes the importance of a comprehensive approach to the construction of a protection system, which includes both technical and organizational aspects. The results of the study emphasize ensuring the constant updating of technologies and methods of threat analysis for an adequate response to modern and future cyber-attacks.

Downloads

Download data is not yet available.

References

Hönö, O. (2023). From moonlight maze to solarwinds: how russian apt groups operate? Master’s Thesis. Jyväskylä.

Mwiki, H., Dargahi, T., Dehghantanha, A., & Choo, K.-K. R. (2019). Analysis and Triage of Advanced Hacking Groups Targeting Western Countries Critical National Infrastructure: APT28, RED October, and Regin. Critical Infrastructure Security and Resilience, 221–244. https://doi.org/10.1007/978-3-030-00024-0_12

Han, W. et al. (2021). APTMalInsight: Identify and cognize APT malware based on system call information and ontology knowledge framework. Information Sciences, 546, 633–664.

Mohamed, N. (2022). State-of-the-Art in Chinese APT Attack and Using Threat Intelligence for Detection. A Survey. Journal of Positive School Psychology, 6(5), 4419–4443.

Activity of the UAC-0114 (Winter Vivern) group in relation to the state bodies of Ukraine and Poland (CERT-UA#5909). (n.d.). cert.gov.ua. https://cert.gov.ua/article/3761023

Cyber attack by the APT28 group using the CredoMap malicious program (CERT-UA#4843). (n.d.). cert.gov.ua. https://cert.gov.ua/article/341128

Cyberattack by the APT28 group using the CredoMap_v2 malicious program (CERT-UA#4622). (n.d.). cert.gov.ua. https://cert.gov.ua/article/40102

APT28 cyberattack: distribution of emails with “instructions” for “updating the operating system” (CERTUA#6562). (n.d.). cert.gov.ua. https://cert.gov.ua/article/4492467

Cyber attack of the Sandworm group (UAC-0082) on the energy facilities of Ukraine using malicious programs INDUSTROYER2 and CADDYWIPER (CERT-UA#4435). (n.d.). cert.gov.ua. https://cert.gov.ua/article/39518

Cyber attack of the UAC-0026 group using the HeaderTip malware (CERT-UA#4244). (n.d.). cert.gov.ua. https://cert.gov.ua/article/38097

Cyber attack of the UAC-0035 group (InvisiMole) on state organizations of Ukraine (CERT-UA#4213). (n.d.). cert.gov.ua. https://cert.gov.ua/article/37829

Cyber attack of the UAC-0098 group on the state bodies of Ukraine using the Metasploit framework (CERT-UA#4560). (n.d.). https://cert.gov.ua/article/39934

Targeted Turla attacks (UAC-0024, UAC-0003) using CAPIBAR and KAZUAR malware (CERT-UA#6981). (n.d.). cert.gov.ua. https://cert.gov.ua/article/5213167

Cyber Operations during the Russo-Ukrainian War. (n.d.). www.csis.org. https://www.csis.org/analysis/cyber-operations-during-russo-ukrainian-war

2022 ICS Attacks: Fewer-Than-Expected on US Energy Sector, But Ransomware Surged. (n.d.). SecurityWeek. https://www.securityweek.com/2022-ics-attacks-fewer-than-expected-on-us-energy-sector-but-ransomware-surged/

Energy Provider in Ukraine Targeted With Industroyer2 ICS Malware. (n.d.). SecurityWeek. https://www.securityweek.com/energy-provider-ukraine-targeted-industroyer2-ics-malware/

Chinese threat actor Scarab targets Ukraine, CERT-UA warns. (n.d.). Security Affairs. https://securityaffairs.com/129477/apt/chinese-threat-actor-scarab-targets-ukraine-cert-ua-warns.html

Gamaredon APT Improves Toolset to Target Ukraine Government, Military. (n.d.). Threatpost | The first stop for security news. https://threatpost.com/gamaredon-apt-toolsetukraine/152568/

Possible APT attacks against Ukraine expand to target journalists, researchers say. (n.d.). CyberScoop. https://cyberscoop.com/gamaredon-apt-ukraine-anomali-foritnet/

Ukraine Targeted by Chinese Threat Actor Group, Scarab. (n.d.). www.anvilogic.com. https://www.anvilogic.com/threat-reports/scarab-attacks-ukraine-china

Pro-Russian CyberSpy Gamaredon Intensifies Ukrainian Security Targeting - SentinelLabs. (n.d.). SentinelOne. https://www.sentinelone.com/labs/pro-russian-cyberspy-gamaredon-intensifies-ukrainian-security-targeting/

Russian Cybercrime Trickbot Group is systematically attacking Ukraine. (n.d.). Security Affairs. https://securityaffairs.com/132999/cyber-crime/trickbot-systematically-attacking-ukraine.html

Unprecedented shift: The Trickbot group is systematically attacking Ukraine. (n.d.). securityintelligence.com. https://securityintelligence.com/x-force/trickbot-group-systematically-attacking-ukraine/

Enterprise Matrix. (n.d.). attack.mitre.org. https://attack.mitre.org/matrices/enterprise/

Zhuravchak, D., Glushchenko, P., Opanovych, M., Dudykevych, V., & Piskozub, A. (2023). A zero-trust concept for active directory protection to detect ransomware. Electronic specialized scientific publication “Cybersecurity: education, science, technology”, 2(22), 179–190. https://doi.org/10.28925/2663-4023.2023.22.179190

Downloads


Abstract views: 14

Published

2024-06-26

How to Cite

Opanovych, M. (2024). ANALYSIS OF CYBER ATTACKS AND THE ACTIVITIES OF APT GROUPS IN UKRAINE. Electronic Professional Scientific Journal «Cybersecurity: Education, Science, Technique», 4(24), 172–184. https://doi.org/10.28925/2663-4023.2024.24.172184

Issue

Vol. 4 No. 24 (2024): Cybersecurity: Education, Science, Technique

Section

Articles

License

Copyright (c) 2024 Максим Опанович

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.