Cyber security experts with the SBU Security Service of Ukraine jointly uncovered identities of the hackers.They come from the well-known ARMAGEDON group. The group conducted more than 5,000 cyberattacks on Ukrainian government bodies and critical infrastructure facilities. Specialists documented unparalleled large scale crimes of the hacker group as well.
Armageddon group primarily targeted Ukraine
Authorities don`t disclose information on attack`s objects because of the ongoing investigation restrictions. At this moment five members of the group fall under charges. They charged with high treason under Art. 111 of the Criminal Code of Ukraine.
ARMAGEDON hacker group distributed malicious software under disguise of official electronic correspondence of Ukrainian authorities. Hackers conducted mass spear-phishing on behalf of government agencies, obtained remote access to computers. Group prepared malware and infected computer systems (including portable data storage and mobile devices).
According to the SBU press center the group is part of the FSB security service. The group operated from the occupied Crimea. The FSB’s 18th Center (Information Security Center), based in Moscow coordinated the hackers. The main goals of the group consisted of taking control of the national critical infrastructure. Theft and collection of the classified information, conducting Informational and Psychological Influence operations constitued also the tasks.
Main objects of the attacks were to be public authorities, national critical infrastructure and commercial, industrial enterprises. The Ukrainian security agency revealed the identities of the criminals, acquired undeniable evidence of their illegal activity. It included intercepted phone calls.
The investigation, including forensic examinations, is underway to bring the FSB operatives to justice on the charges of espionage, creation of malicious software or hardware and unauthorized interference with the computer systems.
The Main Intelligence Directorate of the Ministry of Defense and the SBU Department of Cyber Security took part in the investigation. They operated under the procedural guidance of the Office of the Prosecutor General.
What is Armageddon hacker group?
“Armageddon” group is known more broadly as Primitive Bear or Gamareddon. The criminals also interfered with Hillary Clinton’s campaign ahead of the 2016 elections and the work of the Democratic National Committee. According to a Ukrainian report the group’s origin dates back to 2013 or 2014.
Ukrainian media published information that includes a 35-page written analysis, a slideshow and videos that contain recordings of the claimed Russian government hackers discussing attacks in real-time.
Authors of the report divided the lifespan of the Armageddon group into two periods from 2014 to 2017, and then 2017 to the present. During the first few years the group mainly used publicly available software, but after 2017 it began creating custom malware called Pteranodon/Pterodo, “which widely expanded the functionality of the group.”