Ukraine’s top criminal enforcement agency released a thorough report on Thursday, accusing Russian hackers and “traitors who sided with the enemy” of being behind a broad effort that began in 2014.
According to the Ukrainian Security Service, the hackers were behind more than 5,000 cyberattacks on Ukrainian state entities and key infrastructure, attempting to “infect” over 1,500 government computer systems.
According to the article, the Russian intelligence agency the Federal Security Service (FSB) is behind the “Armageddon” group, also known as Gamaredon or Primitive Bear outside of Ukraine’s borders.
It differs from other Russian intelligence and military hacking operations responsible for attacks on targets around the world, including the historic hacks of the Democratic National Committee and Hillary Clinton’s campaign ahead of the 2016 presidential election.
According to the Ukrainian assessment, Armageddon was founded in 2013 or 2014, making it “relatively young,” but “potential of turning into a cyberthreat with consequences that will exceed the negative effect” of other Russian government hacking groups.
Despite the Gamaredon hacking group’s global reach, it has returned to its old Soviet component Republic on several occasions. Ukraine is highlighting the incursions at a time when tensions with Russia are increasing.
In Ukraine, the FSB agents implicated, as well as former Ukrainian law enforcement officers, are accused of espionage, unlawful interference with computer networks, and the design and usage of malicious software, among other offences.
The Ukrainians released a 35-page written report, a presentation, and videos that included recordings of claimed Russian government hackers discussing attacks in real time. The agency claimed, “The Ukrainian special service revealed the intruders’ identities [and] obtained incontrovertible evidence of their illegal activity, including interception of their phone calls.”
Control of vital infrastructure, theft and gathering of intelligence and secret material, “information and psychological influence operations,” and limiting access to information systems were among their main goals, according to the Ukrainian agency.
In Ukraine, the FSB agents implicated, as well as former Ukrainian law enforcement officers, are accused of espionage, unlawful interference with computer networks, and the design and usage of malicious software, among other offences.
The group’s actions are part of Russia’s ongoing hybrid warfare against Ukraine, which combines classic overt military methods with covert and subtle tactics including influence operations and cyberattacks to carry out espionage and denial-of-service strikes. It has even involved aggressive attacks on key infrastructure, such as the power outage in Ukraine caused by Russian hackers in December 2015.
According to the report released on Thursday, the group’s main goal is to conduct targeted cyber intelligence operations, notably against government entities. The techniques and methods used by Armageddon aren’t extremely advanced, and they aren’t attempting to remain undetected. “The group’s activities are characterized by intrusiveness and audacity,” according to the study.
Armageddon’s evolution was divided into two phases by the Ukrainian authors, from 2014 to 2017, and then from 2017 to the present. The organisation used publicly accessible software for the first few years, but after 2017, it began building bespoke malware called Pterodo/Pteranodon, “which widely expanded the functionality of the group.”