DDoS as Attackvector for State-Sponsored/Hacktivist-Groups in Times of Crisis

The Russia-Ukraine war is flanked in cyberspace by a number of actions and attacks, some of which can be attributed to state actors, others to hacktivists.

DDoS is the easiest cyber weapon to use and is guaranteed to be in the arsenal of any nation that is serious about the issue, so we were not surprised to see such attacks.

We would like to document some DDoS attacks and their effects that were observed in the context of the Russia-Ukraine war.

State-Sponsored Attacks

Feb 25th, the day after russia invaded ukraine, CISA (Cybersecurity & Infrastructure Security Agency), which is part of the U.S. Department of Homeland Security has issued an unusual warning to business that says they should be prepared to defend against cyber attacks originating from Russia.

cisa

Feb 28th has seen a targeted DDoS-attack against KA-SAT/VIASAT. As a result of this attack, parts of the satellite-based internet in Ukraine and also in Europe went down. According to various reports, KA-SAT is also used by the Ukrainian military.

ka-sat

From the Viasat - Incident Report:

At approximately 0302 UTC on 24 February 2022, high volumes of focused, malicious traffic were detected emanating from several SurfBeam2 and SurfBeam 2+ modems and/or associated customer premise equipment (CPE) physically located within Ukraine and serviced by one of the KA-SAT consumer-oriented network partitions. This targeted denial of service attack made it difficult for many modems to remain online.

As collateral damage, the control accesses of 6000 wind turbines went offline in the course of this attack in Germany.

As a result, the amount of energy fed into the grid by wind turbines dropped by 90% for about 2 weeks, although there were enough windy days during this period.

wka1

wka1

Blue == Windpower fed into the energy grid, dropping after the attack against KA-SAT, Data from smard.de

March 28th: Ukraine's national internet provider Ukrtelecom has confirmed a cyberattack on its core infrastructure.

wka1

Hacktivism and Clownerie

The above attacks can most probably be assigned to the state-sponsored spectrum, but there was also a lot of hacktivism from both sides. some at LOIC level, some quite serious.

wka1

wka1

wka1





Fragen? Kontakt: info@zero.bs