(Image by NEIVANMADE)
Just a quick note: a Hag Pesach Sameach/Happy Passover to all celebrating this evening.
Russia hit Kharkiv again today.
#Ukraine: a 🇷🇺 strike destroyed the #Kharkiv TV tower this afternoon, temporarily suspending TV broadcasts in the city & region. RSF denounces this attack on a civilian infrastructure that constitutes a war crime. https://t.co/v7IINVx3WS pic.twitter.com/6Mxnda7mi5
— RSF (@RSF_inter) April 22, 2024
Kharkiv TV tower right now.
Russia is ruining the city and stays barely punished! pic.twitter.com/Ehhuuc5vEw
— Illia Ponomarenko 🇺🇦 (@IAPonomarenko) April 22, 2024
Target disappeared on border of Kharkiv Oblast. Explosions in Kharkiv city.
— Euan MacDonald (@Euan_MacDonald) April 22, 2024
Russia explicitly aims to devastate critical infrastructure of the city of 1,3 million. Would you imagine the levelling of the Milan TV tower? Destruction of a power generation station in Munich or entire heating system in Prague? Russia does that all to Kharkiv
Photo AFP via KI pic.twitter.com/PlCjxeJNub— Olena Halushka (@OlenaHalushka) April 22, 2024
Putin and Russia aren’t just trying to blow up all of Ukraine’s critical infrastructure, they’re also trying to take it down through cyberwarfare. The Computer Emergency Response Team Ukraine (CERT-UA) has the details:
General information
The government team of responding to computer emergencies of Ukraine CERT-UA in March 2024 revealed a malicious plan of the Sandworm group, aimed at disrupting the sustainable functioning of information and communication systems (ICS) of about twenty enterprises in the energy sector, water and heat supply (OKI) in ten regions of Ukraine.
During the urgent measures to respond to incidents, in addition to the well-known from 2022, the QUEUESEED backing (KNUCKLETOUCH, ICYWELL, WRONGSENS, KAPEKA), a new toolkit of attackers was discovered, namely, malware LOADGRIP and BIASBOAT (Linux variant QUEUESEED), which were installed on the EOM (Linux OS), designed to automate process management processes (ASUTP) using specialized software (SDR) of domestic production. It should be noted that BIASBOAT was presented as an encrypted file server, for which the attackers used a pre-received value of “machine-id”.
CERT-UA experts have confirmed the fact of compromising at least three “supply chains”, in connection with the circumstances of the initial unauthorized access or correlating with the establishment of SDRs, which contained software bookmarks and vulnerabilities, or caused by the full-time technical ability of the supplier’s employees to access the ICS organizations for support and technical support.
Due to the functioning of the EOM with SDRs within the ICS OCI, the attackers used them to move horizontally and develop cyberattacks in relation to corporate networks of enterprises. For example, on such EOMs in catalogs from SDRs was found pre-created PHP-webschell WEEVELY, PHP tunnel REGEORG.NEO or PIVOTNACCI.
In the period from 07.03.2024 to 15.03.2024, CERT-UA specialists took measures to inform all identified enterprises and research and counteract cyber threats in the relevant ICS, as part of which the circumstances of the initial compromise are established, malware was removed and analyzed, a chronology of incident events was built, server and active network equipment was assisted, and security technology was installed (at some LOADGRIP/ businesses)/BIASBOAT was established in 2023).
It should be emphasized that the EOM running Windows attackers used malware QUEUESEED and GOSSIPFLOW, which has been monitored since 2022 in the context of destructive cyberattacks of the group UAC-0133 on water supply facilities, in particular, using SDELETE. Thus, with a high level of confidence, UAC-0133 is a subcluster of UAC-0002 (Sandworm/APT44).
Note that the implementation of cyberattacks was facilitated by the following factors:
- incorrect segmentation (no isolation) of servers from SDRs of suppliers used as an element of ASUTP, in the context of both restrictions on access from / to the Internet network and ICs of the organizations themselves, within which they operate
- negligent attitude of suppliers to the security of software provided to consumers; in particular, the surface analysis of the source code will reveal banal vulnerabilities that allow remote code execution (RCE).
CERT-UA assumes that unauthorized access to ICS of a significant number of heat, water and energy supply facilities was to be used to enhance the effect of missile strikes on Ukrainian infrastructure in the spring of 2024.
More at the link.
Here is President Zelenskyy’s address from earlier today. Video below, English transcript after the jump.