Ukraine cyber agency enlists Radware to protect government networks

Ukraine’s State Service of Special Communications and Information Protection (SSSCIP), the government body tasked with performing a similar cyber function to the UK’s National Cyber Security Centre (NCSC), has implemented network protection services from Radware as the country’s fight against Russia continues.

The SSSCIP is now using Radware’s Cloud DDoS Protection and Cloud Web Application Firewall (WAF) services, offered on a pro-bono basis, to improve its technical cyber defence capabilities in the face of highly aggressive and persistent cyber attacks.

The SSSCIP team said it chose Radware for a comprehensive threat detection and mitigation service to protect a number of critical Ukrainian government web services, all of which have been on the receiving end of volumetric cyber attacks across multiple vectors from both nation state threat actors and individuals acting in support of Moscow’s war.

As previously reported, such attacks began some time prior to the actual kinetic invasion of Ukraine, ramping up dramatically in the days immediately prior to the attack on 24 February.

“It’s our top priority to protect the IT infrastructure in Ukraine,” said Victor Zhora, deputy chief of Ukraine’s SSSCIP. “Radware has helped us shield our networks, protect our applications and bolster the resilience of our IT infrastructure.”

Yoav Gazelle, chief business officer at Radware, added: “With cyber playing a bigger role in international conflicts, the internet has become its own battle ground.

“Designed to ready organisations against emerging threats, our real-time mitigation solutions and emergency response teams work 24/7 to detect and automatically block the most sophisticated attacks, including zero-day and unknown DDoS attacks.”

Since the Russian invasion on 24 February, the SSSCIP has been on high alert, and frequently publishes new alerts for Ukrainian civilians and organisations on novel Russian cyber attacks. Earlier this week, its Computer Emergency Response Team of Ukraine warned of new phishing attacks in the form of emails allegedly from the Ukrainian tax authorities, headed “Unpaid Tax Notification” with an attached docx file which, when opened, downloaded Cobalt Strike – a precursor to many other forms of cyber attack – to the victim’s device.

In the same bulletin, it warned of another attack through the dissemination of a malicious document on the subject of nuclear terrorism, which when opened launched the CredoMap malware, which has been linked to the APT28 (also known as Fancy Bear and Strontium) Russian state threat actor.

The SSSCIP’s work is not, however, only limited to raising cyber security awareness. The agency is also playing a vital part in supporting Ukraine’s telecoms and broadcast networks as they try to stay up and running. In the past few weeks, it has been issuing frequent information bulletins to the public, detailing services that have been stood up again after being disrupted by Russian military action.

Earlier this week, it revealed Ukrtelecom had restored backbone fibre optic lines in the Chernihiv region, as well as internet services in areas near the port city of Odesa.

Meanwhile, in the past week, engineers for Kyivstar have made 284 site visits to make infrastructure repairs, recovered 218 base stations and replaced 1,400 metres of lost fibre cable.