SSU: Russia-linked actors are targeting Ukraine with ‘massive wave of hybrid warfare’

The Security Service of Ukraine (SSU) said the country is the target of an ongoing “wave of hybrid warfare.”

The Security Service of Ukraine (SSU) today revealed the country is the target of an ongoing “wave of hybrid warfare” conducted by Russia-linked malicious actors. Threat actors aim at destabilizing the social contest in the country and instilling fear and untrust in the country’s government.

“Ukraine is facing attempts to systemically sow panic, spread fake information and distort the real state of affairs. All this combined is nothing more than another massive wave of hybrid warfare,” states the SSU. “The SSU is seeing such manifestations of hybrid warfare in social networks, some mass media, in the spread of narratives of the aggressor state by certain politicians, etc. The SSU is not just observing these, but also actively counteracting to them.”

“This is reflected in the NSDC decisions, number of neutralized cyberattacks, dismantling of numerous bot farms, exposing agent networks of hostile intelligence services and preventing sabotage and terrorist attacks.” SSU added.

The SSU said the campaign is linked to Russian intelligence agencies that are spreading disinformation through social networks and other media.

“However, stability and peace in our country at the moment depend not only on the government, but also on the measured actions of every Ukrainian. We should all remain calm and resist provocations. Panic and destabilization play into the enemies’ hands, and do not benefit Ukraine.” concludes SSU.

Last week, the Ukrainian Security Service uncovered and dismantled two bot farms in Lviv that were operating a total of 18,000 fake accounts. The Ukrainian authorities speculate bot farms were operating under the control of the Russian government, they were spreading fake news on social networks to spread panic. The bots also published fake information about bomb threats at various facilities in the country.

“The Cyber Unit of the SSU Lviv Office carried out the operation together with the National Police investigators under the supervision of Halych District Prosecutor’s Office.” reported the SSU.

“During the searches, the law enforcement seized:

• two sets of GSM gateways (92 and 375 online channels);
• 3,000 SIM cards of mobile operators;
• laptops with evidence of illegal activity;
• accounting records.“

Russia-linked cyberespionage group Gamaredon (aka Armageddon, Primitive Bear, and ACTINIUM) is behind the spear-phishing attacks targeting Ukrainian entities and organizations related to Ukrainian affairs, since October 2021, Microsoft said.

Recently, Palo Alto Networks’ Unit 42 reported that the Russia-linked Gamaredon APT group attempted to compromise an unnamed Western government entity operating in Ukraine in January, while geopolitical tensions between Russia and Ukraine have escalated dramatically.

In Mid January the Ukrainian government was hit with destructive malware, tracked as WhisperGate, and several Ukrainian government websites were defaced by exploiting a separate vulnerability in OctoberCMS.

Palo Alto Network experts mapped out three large clusters of the infrastructure used by the nation-state APT group used to support different phishing and malware campaigns. These clusters link to over 700 malicious domains, 215 IP addresses, and over 100 samples of malware.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Ukraine)

[adrotate banner=”5″]

[adrotate banner=”13″]