Press Release :
Lookingglass Cyber Solutions today released a report by its Cyber Threat Intelligence Group (CTIG) corroborating the Ukrainian government and Security Service of Ukraine’s (SBU) claims that “Operation Armageddon” is a Russian state-sponsored cyber espionage campaign targeting Ukrainian government and military officials.
The report, Operation Armageddon: Cyber Espionage as a Strategic Component of Russian Modern Warfare, is one of the first to fully document cases of a cyber campaign and provides a timeline to show how cyber warfare and espionage have been used in coordination with kinetic warfare, battlefield planning, and troop movement, along with other strategic military tactics and assets.
The Ukrainian government and SBU are actively investigating this threat and have issued at least two known official statements in September 2014 and March 2015. Lookingglass started investigating after the SBU first publicly announced the attacks in September 2014.
The attack timing suggests the campaign initially started due to Ukraine’s decision to accept the Ukraine-European Union Association Agreement (AA), designed to improve economic integrations between Ukraine and the European Union. Russian leaders publicly stated that they believed this move by Ukraine directly threatened Russia’s national security. Although initial steps to join the Association occurred in March 2012, the campaign didn’t start until much later (mid-2013), as Ukraine and the EU started to more actively move towards the agreement.
Each attack in the campaign started with a targeted spear phishing email convincing the victim to either open a malicious attachment or click a link leading to malicious content. The attackers use “Lure Documents” either previously stolen from, or of high relevance and interest to Ukrainian targets, often government officials, in order to lure their victims into opening the malicious content.
