Cyberwarfare / Nation-State Attacks , Endpoint Security , Fraud Management & Cybercrime

Russia Hacked Surveillance Cameras to Target Sites in Kyiv

Hackers Used the Cameras to Spy on Ukraine's Air Defenses, Critical Infrastructure
Russia Hacked Surveillance Cameras to Target Sites in Kyiv
The aftermath of a Russian drone attack on a Kyiv energy facility on Oct. 27, 2022 (Image: State Emergency Service of Ukraine)

Russian military intelligence hacked into surveillance cameras to spy on Ukrainian air defenses and Kyiv's critical infrastructure during Tuesday's intensive missile and drone strikes on the capital city that left more than 250,000 people without internet and electricity amid falling winter temperatures.

See Also: Advanced Cyberthreat Intelligence Against The 2018 Threat Landscape

The Security Service of Ukraine said that it responded by blocking and dismantling the cameras in question. The agency urged users to stop the online transmission and monitoring of security camera feeds because Russian military intelligence is using the "collected data for preparing and adjusting strikes on Kyiv."

Russia has been pounding Kyiv and Kharkiv since the New Year's holiday weekend, resulting in five casualties and over 130 injuries, President Volodymyr Zelenskyy said in a Tuesday briefing released on Telegram. The Kyiv City Military Administration in a live update said the death toll has now risen to 29. It is by far "the worst tragedy for the capital since the beginning of the full-scale invasion," said Serhiy Popko, head of the KMVA.

Russia fired nearly 100 missiles and drones at the two cities Tuesday, but "our air defense warriors have been doing an incredible job for the past three days," Zelenskyy said, according to the Financial Times. "Since Dec. 31, Russian monsters have already fired 170 [Iranian] Shahed drones and dozens of missiles of various types. The absolute majority of them targeted civilian infrastructure."

Meanwhile, Russian intelligence service has monitored the attacks by hacking into the privately owned online surveillance cameras. "According to SBU cyber specialists, one of the devices was located on the balcony of an apartment building and was used by a local condominium to monitor the surrounding area," the SBU reported.

Hackers gained remote access to the surveillance camera and changed its viewing angle to covertly record all visual information within the range of the camera. Russian intelligence then watched the feed over the YouTube streaming platform to help the military monitor the air strikes and relay targeting information to soldiers, the SBU said.

The surveillance camera used for monitoring the parking lot of another Kyiv residential complex helped hackers spy on the surrounding area, which included critical infrastructure facilities.

The Kremlin's Prying Eyes

The hacking incidents come on the heels of a special investigation by Radio Free Europe that alleged the Kremlin has accessed videos from thousands of surveillance cameras throughout Ukraine for years.

Radio Free Europe said Ukrainian surveillance cameras manufactured by Moscow-based firm DSSL were equipped with a Russian software known as Trassir. This system is capable of tracking the movements of people and vehicles with facial recognition and license plate monitoring technology.

Investigators tracked the footage from these cameras to servers in Moscow that were owned by companies with ties to the Russian intelligence arm - the FSB. The State Service of Special Communications and Information Protection told investigators it had warned the government that Trassir video-surveillance systems sold by DSSL "pose a security threat."

Internal Affairs Minister Ihor Klymenko said at the time that state authorities would conduct a "thorough check" of the investigation findings. Ukraine began abandoning Russian software only after the start of the full-scale Russian invasion.

SBU cyber specialists said they have blocked over 10,000 surveillance cameras since the beginning of the invasion.

Internet and Power Supply Affected

Strikes from Russian missiles, drones and bombers hit Ukrainian internet and power supply services, including energy company DTEK, which said Russian missiles had damaged power grid equipment and overhead lines in Kyiv and the surrounding region, causing blackouts that affected almost 260,000 Kyiv residents.

"Critical infrastructure, industrial, civilian and military facilities were attacked. The main focus of the attack was the capital of Ukraine," DTEK tweeted. "DTEK's power engineers are quickly restoring power after the attack."

Power has been restored for all 260,000 people in Kyiv and another 185,000 in surrounding areas, DTEK Executive Director Dmytro Sakharuk said Wednesday. "We are now continuing to repair networks after yesterday's shelling, because some consumers had to be connected via backup circuits."

The power outage and missile raids also affected internet services in the capital city on Tuesday as internet monitoring platform NetBlocks reported "a significant disruption to internet connectivity in Kyiv, Ukraine, amid new Russian missile attacks targeting the capital's civil and critical infrastructure. The incident is the most severe conflict-related outage to impact Kyiv in recent months."

Ukraine predicted attacks against critical infrastructure before winter and said it had been shoring up its defenses (see: Ukraine Cyber Defenders Prepare for Winter).


About the Author

Mihir Bagwe

Mihir Bagwe

Principal Correspondent, Global News Desk, ISMG

Bagwe previously worked at CISO magazine, reporting the latest cybersecurity news and trends and interviewing cybersecurity subject matter experts.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.in, you agree to our use of cookies.