APT Groups Actively Involved During the Russia-Ukraine Cyber War

Introduction

The Russia-Ukraine war, which started last February, caused both worldwide fears and serious imbalances in the global economy. With this war, the whole world indisputably has seen Russia’s army power on the land and its cyber power in virtual reality.

Russia, which carried out many attacks on Ukraine from the land and caused thousands of people to lose their lives, also continued to work to prevent all communication channels in Ukraine by supporting cyber-attacks from virtual environments. This cyber war was carried out by APT (Advanced Persistent Threat) groups which were supported by the government.

The war, which was carried out intensively on land with the instructions given by Russia, was also carried out in virtual environments by the hackers we mentioned as APT groups. That’s why the war between Russia and Ukraine has escalated and caused many frightening events for the entire world order.

The Reason for The War and Reflection on The Internet

Crimean problems, which have continued between Russia and Ukraine since 2014, turned into a war with an attack launched by Russia in February 2022.

This war, which was carried out on the land and caused many destructions for Ukraine, was also strengthened with cyber-attacks supported by Russia; With these cyber-attacks, it was aimed to make the Ukrainian people vulnerable by blocking all communication channels.

Some of the Ukrainian people, who were exposed to many attacks from both land and virtual environments, tried to protect themselves and their families by fleeing their country, while the other part tried to protect themselves for days by finding shelters and warehouses.

The world press was able to follow this destruction thanks to reporters and journalists who went to Ukraine from different countries.

Another place where we followed the latest news about the war was social media accounts; Whenever they could access the internet, local people asked for help from the whole world through live broadcasts on their social media accounts or by sharing posts such as photos and videos.

What is the Cyber War between Russia and Ukraine?

Cyberwar is a type of attack carried out by a country to access another country’s internet databases and collapse the country’s internet infrastructure. When the purposes of cyber-attacks are examined in general, the main examples which can be given are the disruption of security in the country by hacking government websites or causing serious damage to economic conditions by accessing bank databases.

The main purpose of the cyber-attacks, which first started in January and continued during the war between Russia and Ukraine, was to both destroy the social and economic security in Ukraine and prevent people from getting help by blocking their communication channels.

What are APT Groups?

These cyber wars between countries are carried out by some state-sponsored groups called APT (Advanced Persistent Threat). These groups, which can access computer networks without authorization by using some kinds of hacking techniques, carry out activities that cause serious dangers to the country, and since their detection is a difficult and very long process, the targeted country can experience serious problems during this period.

It is claimed that hacker groups named Armageddon, UNC1151, Fancy Bear, AgentTesla, Pandora hVNC are among some APT groups that launched a state-sponsored cyber-attack on Ukraine during this war between Russia and Ukraine.

  • Armageddon is a spear-phishing campaign and its target is local state organizations.
  • UNC1151 is a suspected state-sponsored cyber espionage group and its target is military personnel.
  • Fancy Bear is a hacker group and its target is various organizations around the world.
  • AgentTesla is a very popular APT group and it steals information as a Trojan.
  • Pandora hVNC is another APT hacker group and is used by most advanced users.

What are the Roles of APT Groups in This War?

Russian-sponsored cyberattacks by APT groups posed threats to Ukraine both in terms of security and economy for months and were condemned by many countries of the world.

APT groups hacked the defense ministry’s websites, causing a security breach, and accessed the databases of Ukraine’s two largest banks, preventing people from using them. These attacks over the country from all areas caused both the government and the people to become much more vulnerable to attack, causing Ukraine to spend months full of fear.

What are the Effects of These Attacks on Ukraine?

Before Russia’s attacks on Ukraine began, it was claimed that Ukraine was experiencing problems with its internet connection, and that it was under a number of cyber-attacks. February 24, which was the day the attacks began, these allegations began to be strongly proven.

These attacks which were conducted by APT groups caused some of the following destructive problems for Ukraine:

  1. The systems of the institutions and state were degraded, and this situation made Ukraine vulnerable to possible dangers.
  2. By blocking the Internet access of the Ukrainians, Russians prevented them from accessing reliable information and communicating in case of emergency.
  3. The economic destruction of the whole country by hacking and having access to Ukrainian bank accounts.

How Can Be Protected by APT Groups?

Cyber-attacks, especially those carried out with the support of the government, have been created and planned for many years, so the traditional methods such as firewalls and antivirus programs used against these cyber-attacks are insufficient.

It is almost impossible to prevent a cyber-attack or it takes a long time and requires a lot of effort; therefore it can be said that it is not possible to prevent a cyber-attack in times of emergency such as during the war between Russia and Ukraine.

Share This: