The Ukrainian Security Service (SSU) said today that the nation is being targeted by a “wave of hybrid warfare” to instill fear and undermine public faith in the state’s ability to protect its inhabitants. The SSU went on to say that it had to fend off many such attempts related to hostile intelligence services and bot farms, which were aimed at social media and mainstream media.
“The SSU is seeing such manifestations of hybrid warfare in social networks, some mass media, in the spread of narratives of the aggressor state by certain politicians, etc. The SSU is not just observing these, but also actively counteracting to them,” the Ukrainian Security Service added.
This is shown in the NSDC decisions, the number of cyberattacks neutralized, takedown of multiple bot farms, revealing of enemy intelligence agencies’ agent networks, and prevention of sabotage as well as terrorist activities. For instance, last week, the Ukrainian government security agency decommissioned two bot farms linked to Russian special services that controlled 18,000 social media accounts.
The two botnets were used to broadcast fake news, stir fear, and convey bomb threats around the country, disrupting operations. According to a February 1 warning by the Ukrainian Computer Emergency Response Team, the Gamaredon hacking gang coordinated cyberattacks against Ukrainian authorities. A day later, the SSU said it had thwarted more than 120 cyberattacks on Ukrainian governmental organizations’ information systems in January 2022.
Gamaredon is the threat group behind a surge of spear-phishing emails targeting Ukrainian businesses and organizations relevant to Ukrainian issues since at least October 2021, as per Microsoft. Redmond security and threat researchers further said that Gamaredon’s current cyber-espionage effort is coordinated out of Crimea, corroborating SSU’s conclusion that these state-backed hackers are officers of the Crimean FSB known to have allied with the Russian occupation during the 2014 takeover.
However, as pointed out by Microsoft, Gamaredon is not related to the January hacks that used damaging data-wiping malware masquerading as ransomware to target Ukraine’s government organizations and corporate groups.