Ukraine Details

    Organization Logo

    Ukraine

    Kyiv1000 employees • Governments

    https://www.kmu.gov.ua/en
    Ukraine

    Industry

    Governments

    Security Incidents

    1

    Ukraine is a country in Eastern Europe, bordered by Belarus to the north, Poland, Slovakia, and Hungary to the west, Romania and Moldova to the southwest, and Russia to the east and northeast. The Black Sea lies to the south. Kyiv is the capital and largest city. Ukraine declared independence from the Soviet Union on August 24, 1991, which was confirmed by a referendum on December 1, 1991, where over 90% of voters endorsed independence. This marked the establishment of Ukraine as a sovereign state, initiating a transition from a Soviet republic to an independent nation.

    The history of Ukraine...
    Show more

    Security Incidents

    Ukraine Breach of Oct 2024
    Severity Score
    Significant to High

    Type

    Phishing Attack

    Summary

    On October 25, 2024, Ukraine faced a sophisticated phishing campaign carried out by APT28, a cyber espionage group linked to Russian military intelligence. CERT-UA discovered that the attackers employed a novel technique wherein malicious PowerShell commands were copied directly onto users' clipboards. This was cloaked by emails that appeared to contain Google spreadsheet links but initiated a faux reCAPTCHA screen, which disguised the malicious action.

    Once the reCAPTCHA imitation screen was engaged, users were innocuously prompted to execute the PowerShell command. This command downloaded a...
    Show more

    Severity

    The cyberattack led by the Russian-linked APT28, also known as "Fancy Bear," against Ukrainian local governments was both sophisticated and innovative. The attackers used a novel phishing vector that leveraged a highly deceptive reCAPTCHA lookalike interface, which, once engaged, executed malicious PowerShell commands through minimal user interaction, effectively compromising governmental systems. The attack targeted key government offices with a highly efficient tactic that focused on exfiltrating sensitive data by exploiting basic system functions and trust mechanisms.

    The use of advanced t...
    Show more

    Impact

    The incident targeting Ukrainian local governments was a sophisticated phishing campaign carried out by the Russian military intelligence-linked hacking group, APT28, also known as Fancy Bear. This cyberattack did not directly lead to a data breach, but it enabled data theft through advanced techniques by luring recipients into executing malicious PowerShell commands. These commands were stealthily copied to user clipboards via a decoy Google reCAPTCHA screen, leading to the compromise of user systems and exfiltration of sensitive data, including credentials from popular browsers like Chrome a...
    Show more

    KEEP YOUR ENVIRONMENT SECURE

    Weak credentials are the leading cause of breaches. Beyond Identity can help.

    See MFA exploits in action
    Watch how adversaries exploit companies in quick videos