Cyber Berkut: Hacker Profile

Cyber warfare has earned virtual warriors a place in conventional warfare, at least in Eastern Europe. While Ukrainians painfully endured violence and atrocities meted out to them during the Ukrainian conflict, the Ukrainian government was also engaged in an unfamiliar frontline: cyber attacks.

As the conventional soldiers fought in the frontlines, a group of organized computer hackers tucked behind computers; hackers were making significant strides in influencing the Ukrainian conflict through targeted cyber attacks on government and private websites.

Shortly after these defining cyber attacks began, the Cyber Berkut emerged as the leading hackers behind the monumental damage to the credibility of the Ukrainian government.

Cyber Berkut can be defined using two fronts: nationality and objective. An analysis of Cyber Berkut’s attacks reveals a pro-Moscow hacking organization. Since its first cyber attack, Cyber Berkut has consistently directed objective cyber attacks on the Ukrainian government and military’s websites.

Besides, the organization group has claimed responsibility for multiple denial-of-service (DDoS)attacks against pro-Western governments and organizations that have played a critical role in assisting Ukraine fight off Russian interference. Unlike many believe, security researchers have tracked Cyber Berkut to a part of Ukraine in the eastern region with a significant number of pro-Russian populations.

The group deliberately portrayed itself as a Ukrainian organization. For instance, the hackers emerged right after Ukraine’s special police force, “Berkut.” Also, the group adopted the name of the police force “Berkut” and its “Eagle” logo, a strategy that symbolized resistance against the new Ukraine government. Previously, the Berkut police force supported the pro-Russian regime and was responsible for killing over 100 Ukrainians protesting during the revolution.

One primary objective of Cyber Berkut’s hacks is to humiliate the Ukrainian government and pro-Western. Most cyber-attacks thus involve leakage of confidential documents, especially information on government officials’ personal lives and controversial international deals, including arms deals.

Cyber Berkut’s hackers have proclaimed fighting against neo-nationalism, neo-fascism, and arbitrary power in Ukraine. During the hack on Ukraine’s Central Election Commission website, Cyber Berkut hackers displayed a political message that portrayed the Ukraine government as corrupt and unworthy to lead Ukrainians.

Later on, the hackers displayed an image of fake election results, placing Dymvtro Yarosh, an ultra-far-right candidate in the lead.

Despite Cyber Berkut hacking organization taking a Ukrainian identity, reviews of the organization’s technical links and contexts lead to a pro-Russian or Russian hacking organization. The cyberattacks have affected the Ukraine government’s reputation and shaped Cyber Berkut as a phenomenal hack organization in Europe and beyond.

TrendMicro, a cybersecurity company, revealed that the founding members of Cyber Berkut were only four, all using aliases: Artemov, Mink, KhA, and MDV. TrendMicro acknowledges that each member was active in various underground criminal forums in Russia and Pastebin, a programming website that acts as the dumpsite for stolen data.

As the organization gained momentum, it made a clarion call for volunteers to join the organization. Today, there isn’t reliable information on the number of people working for the organization or the locations for launching attacks.

Undoubtedly, Cyber Berkut has strong connections to Russia. A WHOIS evaluation of the group’s site indicates that Cyber Berkut created the domain shortly after the eruption of the March 2014 fight in Ukraine.

Although the website was registered using a private front which complicates attribution, the temporal information indicates that the organization made quick strides on its online presence just the same time as organized violence was taking shape in the streets of Kiev.

Besides, Cyber Berkut cements the Russian connection through cloning of its site, especially on .ru and .net TLD. Lookups on WHOIS indicate that .net emerged two months after creating the original site while the Russian one followed four months later.

Contextual analysis, especially on the organization’s propaganda and manifesto posts, provides further insight into its Russian connections. Right from the first post, Cyber Berkut posted in Russian rather than Ukrainian.

The group has consistently borrowed from the views of well-known Russian propagandists, especially in the characterization of the enemy. For instance, Russian propagandists have in the recent past associated government enemies with Nazism and Fascism, a method that Cyber Berkut has adopted in many posts. The hackers have made explicit attempts to weave fascist sympathy into the leaked documents in extreme cases.

Not all hackers who engage in cyberattacks are bad. A hacker can be anyone, depending on their motive, who uses their computer hardware and software skills and knowledge to bypass security protocols on a network. Ideally, hacking is not illegal unless the hacker has no permission from the owner to compromise the system.

Hackers are generally grouped by the metaphorical “hat.” The “hat” may be white, grey, or black. These titles were derived from old spaghetti westerns, where good guys wear a white hat while the bad guys wear a black hat.  To identify the type of “hat “worn by Cyber Berkut, their motive and whether they are breaking the law are two major determining factors.

Cyber Berkut are black hat hackers. The group focuses on fighting against autocracy, neo-fascism, and neo-nationalism. The group rallies against foreign interests by other countries to Ukraine who offers political and financial aid.

Their justification is that the aid funds the criminal regime. That’s however not the case as the Ukrainian government through western support has worked towards having a democratic society that upholds and respects the liberties of the Ukrainian people.

Cyber Berkut carries out illegal attacks on state dignitaries and major private and public corporations. The group usually has no permission to tamper with security systems, websites, and networks. For instance, the group had earlier attempted to destroy the electronic system of Ukraine’s Central Election Commission. Such illegal acts jeopardize political stability in Ukraine which is ethically wrong.

In addition, the group has engaged in other illegal activities alongside posting video content blocked on YouTube. One time hackers temporarily disrupted Ukrainian government websites of the Ministry of Internal Affairs. On June 29th, 2014, they blocked President Petro Poroshenko’s website plus the attempt to disrupt the recruitment exercise of the National Guard of Ukraine. Such acts are completely unethical and aimed at patronizing acts of intimidation.

Its involvement in illegal cyber-attacks has breached vital intelligence of different countries. As a result, the Cyber Berkut is considered to engage in unethical practices that are a threat to global peace and cooperation. Most of its activities have negatively affected foreign relations between countries such as Russia and Western countries. The hacking group is way more than black hat, it is illegal and a threat to government intelligence.

Over the years, Cyber Berkut has conducted various cyberattacks on websites, banks, government, and government institutions in the international system. Cyber Berkut, however, has a number of specific targets. It targets major financial institutions and government corporations.

The skilled hackers continue to carry out the acts of cyber retributions. As pro-Russian hackers, one of their specific targets is the Ukrainian government institutions, major banks, and social network pages. The group is against the Ukrainian government’s efforts to achieve political stability.

For instance, the group targeted PrivatBank, Ukraine’s largest commercial bank. The hackers stole published customer data from the bank after the bank withdrew its operations from Donetsk and Luhansk cities.

The Cyber Berkut group also targets security forces. For example, they published information in reference to the security forces that fired on anti-Russian Maidan protestors in Kiev city. Some of the hacked data that the group published include account information, passport data, and mobile phone numbers.

Cyber Berkut’s hacking activities drew the attention of security researchers in the mid-2014s when it launched distributed denial of service (DDoS) against several government websites. Typically, a DDoS attack is one of the most powerful attacks on the internet due to its collateral impact. Literary, DDoS means taking down a website through flooding or crashing it with heavy traffic.

So, Cyber Berkut managed to direct falsified internet traffic to the Ukrainian Ministry of Defense, NATO, the German government, and the Polish government websites and brought them down. Also, Cyber Berkut launched DDoS on websites run by the German government.

Cyber Berkut’s most sensational cyber attack on the Ukrainian government was the interference on Ukraine’s Central Election Commission software. The hackers erased the router settings and data in the hard disk, affecting the display of real-time updates of election results for around 20 hours.

While the hack did not influence the election results, the malfunction created a lot of tension in Ukraine, especially due to fears of manipulation of votes.

At the end of these attacks, it was clear that Cyber Berkut was an organized hacking group waging a cyberwar against Ukraine and pro-Western governments supporting the country against Russia’s aggression.

1.     DDoS Attack on Ukraine Ministry of Defense

Cyber Berkut’s first impression raised eyebrows from security researchers in 2014. The group identified and applied Distributed Denial-of-Service cyber attacks. The DDoS was used to falsify internet traffic, switch off target websites against the Polish government, the Ukrainian Ministry of Defense and NATO.

Cyber Berkut DDoS was an unsophisticated attack vector used to attack German government websites. The group acted in protests of financial and political support given to Ukraine by the Germans.

2.     Cyber Attack on Ukraine’s Central Election Commission website

In May, 2014, the group claimed responsibility for influencing and tampering with Ukraine’s Central Election Commission. The software used only displayed real-time updates of the tightly contested Ukraine election which did not function for 20 hours. The information in the hard drives was lost while router settings were erased. Nonetheless, the hack did not affect the final outcome of the election.

3.     Notorious Attack on Electronic Billboards in Kiev

The group hacked electronic billboards in Kiev; showed graphic images of civilians killed in the Ukrainian conflict, and connected the atrocities to Ukrainian government officials. Still, a Russian tabloid, Komsomolskaya Pravda, referred to alleged Cyber Berkut’s leaked conversation in which Ukrainian government officials admit to Ukraine downing Malaysia Airlines flight MH17.

4.     Cyber Attack during US President Joe Biden’s visit to Ukraine

Still, Cyber Berkut claimed to have accessed confidential documents from handset devices used by an official from Mr. Biden’s team during the US Vice-President’s visit to Kiev. The documents appeared to give an insight into Washington’s involvement in military assistance to the Ukraine government. Besides, Cyber Berkut hacked several Ukrainian government websites and placed messages on the home pages, which read, “Joseph Biden is the fascists’ master.”

5.     Tricked German official websites and Chancellor Angela Merkel’s page

Hackers claimed responsibility for shutting down the Chancellor’s official page and the lower house of parliament. The group demanded that Germany stop political and financial support for the Ukrainian government in Kiev. Cyber Berkut released a statement noting that the support was aimed at waging war against pro-Russian forces in the eastern part of Ukraine.

Cyber Berkut is one of the major groups that are a threat to intelligence. The hackers have advanced their operations from using crude DDoS to more advanced methods like distributing proprietary cyber-attack tools lately. With well-organized and coordinated hacktivists who are digitally active, the group will continue to conquer the cybersecurity industry.

Today the group is utilizing new ways to bolster their technical credentials as among elite hacker groups of all the time. It claims to have identified and utilized an adaptive security appliance software which shows the computer emergency response team of Ukraine is lagging behind.

Such high-level technical expertise tools have modernized the group’s capabilities