Ukraine's Past & Present Cyberwar

Robert Lipovsky

Abstract :

For the past eight years, Ukraine has been the target of enormous cyber-aggression by numerous Russian APT groups. The presentation walks you through the most notable attacks, including those against the country’s power grid with a special focus on the latest attempt: Industroyer2.

This new version of the only malware specially designed to trigger electricity blackouts was deployed in Ukraine amidst the ongoing Russian invasion. Like in 2016 with the original Industroyer, the aim of this recent cyberattack was to cause a major power outage - and this time the attackers failed. We outline how the attack unfolded, why it was unsuccessful and reverse engineer the samples, showing how the code evolved since the first version.

We also look at the evolution of disruptive wiper campaigns of the Sandworm APT group - from the infamous NotPetya worm, through the HermeticWiper campaign, which we discovered on February 23, 2022 - only a few hours before the invasion - to CaddyWiper. We’ll also disclose how the attackers have been trolling us recently.

In addition to Sandworm, we’ll analyze the campaigns and malware used by another Russian APT: Gamaredon. Although the Sandworm attacks have received more attention from the cybersecurity industry, it is Gamaredon that is by far the most active APT group targeting Ukraine. We’ll look at the unique characteristics of this relentless threat actor.

Finally, we’ll tackle the question, whether the attacks can spill over to other countries, and highlight the lessons learned how to defend from these threats.

Speaker:  Robert Lipovsky

Robert Lipovsky is a Principal Threat Intelligence Researcher for ESET, with 15 years’ experience in cybersecurity and a broad spectrum of expertise covering targeted APTs, crimeware, as well as vulnerability research. He is responsible for threat intelligence and malware analysis and leads the Malware Research Team at ESET headquarters in Bratislava. He is a regular speaker at security conferences, including Ekoparty, Black Hat USA, RSA Conference, Virus Bulletin, BlueHat, and ATT&CKcon. He also teaches reverse engineering at the Slovak University of Technology – his alma mater – and at Comenius University. When not bound to a keyboard, he enjoys traveling, playing guitar and flying single-engine airplanes.