Armageddon hackers identified behind over 5,000 cyberattacks on Ukraine gov’t agencies

Cyber security experts with the SBU Security Service of Ukraine jointly uncovered identities of the hackers.They come from the well-known ARMAGEDON group. The group conducted more than 5,000 cyberattacks on Ukrainian government bodies and critical infrastructure facilities. Specialists documented unparalleled large scale crimes of the hacker group as well.

Armageddon group primarily targeted Ukraine

Authorities don`t disclose information on attack`s objects because of the ongoing investigation restrictions. At this moment five members of the group fall under charges. They charged with high treason under Art. 111 of the Criminal Code of Ukraine.

ARMAGEDON hacker group distributed malicious software under disguise of official electronic correspondence of Ukrainian authorities. Hackers conducted mass spear-phishing on behalf of government agencies, obtained remote access to computers. Group prepared malware and infected computer systems (including portable data storage and mobile devices).

According to the SBU press center the group is part of the FSB security service. The group operated from the occupied Crimea. The FSB’s 18th Center (Information Security Center), based in Moscow coordinated the hackers. The main goals of the group consisted of taking control of the national critical infrastructure. Theft and collection of the classified information, conducting Informational and Psychological Influence operations constitued also the tasks.

Main objects of the attacks were to be public authorities, national critical infrastructure and commercial, industrial enterprises. The Ukrainian security agency revealed the identities of the criminals, acquired undeniable evidence of their illegal activity. It included intercepted phone calls.

The investigation, including forensic examinations, is underway to bring the FSB operatives to justice on the charges of espionage, creation of malicious software or hardware and unauthorized interference with the computer systems.

The Main Intelligence Directorate of the Ministry of Defense and the SBU Department of Cyber Security took part in the investigation. They operated under the procedural guidance of the Office of the Prosecutor General.

What is Armageddon hacker group?

“Armageddon” group is known more broadly as Primitive Bear or Gamareddon. The criminals also interfered with Hillary Clinton’s campaign ahead of the 2016 elections and the work of the Democratic National Committee. According to a Ukrainian report the group’s origin dates back to 2013 or 2014.

Ukrainian media published information that includes a 35-page written analysis, a slideshow and videos that contain recordings of the claimed Russian government hackers discussing attacks in real-time.

Authors of the report divided the lifespan of the Armageddon group into two periods from 2014 to 2017, and then 2017 to the present. During the first few years the group mainly used publicly available software, but after 2017 it began creating custom malware called Pteranodon/Pterodo, “which widely expanded the functionality of the group.”

About Andy

Cybersecurity journalist from Montreal, Canada. Studied communication sciences at Universite de Montreal. I was not sure if a journalist job is what I want to do in my life, but in conjunction with technical sciences, it is exactly what I like to do. My job is to catch the most current trends in the cybersecurity world and help people to deal with malware they have on their PCs.

Check Also

Attackers usually don`t brut-force long passwords

Attackers usually don`t brute-force long passwords

Microsoft’s network of honeypot servers data showed that very few attacks targeted long and complex …

Another Windows zero day allows for admin privileges

Another Windows zero day allows for admin privileges

Researcher Abdelhamid Naceri who often reports on Windows bugs this time dropped a working proof-of-concept …

Leave a Reply