Go to listing page

Live Updates: Russia/Ukraine Conflict - Cyber Threats and Attacks

Live Updates: Russia/Ukraine Conflict - Cyber Threats and Attacks

Share Blog Post

The conflict between Russia and Ukraine is being accompanied by a wave of cyberattacks targeting digital and critical infrastructures. A lot of threat activity is being observed by researchers globally and several cyber threat actors are actively taking part in the conflict. Cyware has created this resource to collect and share live alerts on this cyber warfare, impacted organizations, indicators of compromise (IOCs), and other relevant threat intelligence as being reported in the media. We are actively working to keep this page updated and accurate in order to ensure that it is timely and relevant to as many people as possible.

Advisories and Indicators of Compromise (IOCs)


______________________________________________________________________________

(June 15, 2022)

Russia might try reckless cyber attacks as Ukraine war drags on, US warns

As the Ukraine war continues, U.S. officials worry that Russia might resort to new sorts of cyber attacks that could have big unintended consequences. “I do think there is a risk that the deeper you get into this conflict the Russians will…be pressed to resort to more aggressive operations,” Neal Higgins, the deputy national cyber director for national cybersecurity at the White House’s Office of the National Cyber Director, said on Tuesday during the Defense One Tech Summit.


______________________________________________________________________________

(June 15, 2022)

A ragtag band of hackers is waging cyberwar on Putin’s supply lines

The Russian military was using the Belarus national railway system as part of its mobilization of its army during the Ukraine war. But several days after the troops arrived weird things started happening to the computer systems that ran the Belarus national railway system. Malfunctioning ticket systems led to long lines and delays as damaged software systems caused trains to grind to a halt in several cities.

Ref - Bloomberg
______________________________________________________________________________

(June 13, 2022)

Russian hackers start targeting Ukraine with Follina exploits

Ukraine's Computer Emergency Response Team (CERT) is warning that the Russian hacking group Sandworm may be exploiting Follina, a remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool (MSDT) currently tracked as CVE-2022-30190. Russian hackers launched a new malicious email campaign leveraging Follina and targeted more than 500 recipients at various media organizations in Ukraine, including radio stations and newspapers.


______________________________________________________________________________

(June 13, 2022)

Anonymous hits Russia with devastating drone hack

Anonymous has now hacked into a weapons company, which handles the Russian Unmanned Aerial Vehicles (UAV), getting its hands on tactics and plans. The hack, announced on Twitter, allowed the Anonymous operative with the Twitter handle @Youanonspider, to obtain classified documents bearing information about Russia's drone plans and tactics, which the hacktivist collective hoped would "help the war to end as soon as possible." 

Ref - IB Times

______________________________________________________________________________

(June 13, 2022)

Industroyer: A cyber weapon that brought down a power grid

The string of incidents that have impacted critical infrastructure in Ukraine have awakened much of the public to the risks of cyberattack-induced power outages, water supply interruptions, fuel distribution disruptions, loss of medical data and many other consequences that can do far more than just disrupt daily routines – they can be truly life-threatening. Regardless of whether or not the recent attack on the Ukrainian power grid was a test, it should serve as a wake-up call for those responsible for security of critical systems around the world. 


______________________________________________________________________________

(June 13, 2022)

Anonymous hackers successfully hack more Russian websites

The hacking collective Anonymous announced it successfully took down the Federal Customs Service of Russia as well as goodstom.ru, a website belonging to the dental clinic Khoroshaya Stomatologiya located in Saint Petersburg.

Ref - IB Times 

______________________________________________________________________________

(June 10, 2022)

Russian threats unlikely to stop US cyberattacks as part of Ukraine war

Russia has warned that cyberattacks on its infrastructure from the US and other allies of Ukraine may lead to a direct military clash with unpredictable consequences. The US has admitted carrying out “offensive cyber operations” as part of its support for Ukraine in the war with Russia, and threats from the Kremlin are unlikely to put a stop to this.


______________________________________________________________________________

(June 9, 2022)

Dark web sites selling alleged Western weapons sent to Ukraine - New propaganda suspected

Several weapon marketplaces on the dark web have listed military-grade firearms allegedly coming from Western countries that sent them to support the Ukrainian army in its fight against the Russian invaders. While the listings appear genuine and the offered weapons are priced realistically, the chances of them being created by pro-Russian actors for propaganda purposes are high. 


______________________________________________________________________________

(June 9, 2022)

Russian radio station hacked to broadcast Ukrainian National Anthem

The online bulletin broadcast of a Russian radio station, Kommersant FM, was interrupted on Wednesday. The content was replaced with the Ukrainian national anthem and antiwar songs. However, the broadcast was quickly taken off the air.

Ref - Hackread 

______________________________________________________________________________

(June 8, 2022)

Ukraine's secret cyber-defense that blunts Russian attacks

The Russians have seen success worldwide penetrating networks and dropping malware, he added. However, the Ukrainians are able to rebuild the networks within hours. This is because Ukraine has had years of practice repairing networks after Russia deployed NotPetya – which wiped data from energy firms and banks – and the related Bad Rabbit malware. 


______________________________________________________________________________

(June 8, 2022)

FBI cybercrime seizure takes down one-time Ukraine IT Army collaborator

On May 31, the U.S. Department of Justice announced that it had seized a trio of domains as part of an international cybercrime law enforcement action. The domains - ovh-booter[.]com, weleakinfo[.]to and ipstress[.]in, enabled “two distressingly common threats. It didn’t take long for some to notice that one of the domains, IPStress, was until recently affiliated with Ukraine’s IT Army.

Ref - Cyberscoop 

______________________________________________________________________________

(June 7, 2022)

Notorious Russian hacking group uses LockBit amid Ukraine war

Amid Russia’s invasion of Ukraine, a notorious Russian cyber-crime group, Evil Corp, has modified its attack methods in reaction to restrictions that prevent US corporations from paying a ransom. Mandiant, a security firm, reported on June 2 that it believes the group is now using LockBit, a well-known ransomware tool, to obscure proof of the gang’s involvement.

Ref - News18 

______________________________________________________________________________

(June 7, 2022)

Russia’s use of cyberattacks: Lessons from the second Ukraine war

Russia sometimes uses cyberattacks not to disable critical infrastructure to pave the way for military conquest but as part of a comprehensive strategy of disruption to degrade enemy capabilities without provoking retaliation. In such cases, Russia has deployed cyberattacks less frequently, but persistently over time, and these include destructive attacks. The Second Ukraine War may cause the West and its allies to take these “hybrid” or “political” war attacks more seriously since they so obviously parallel Russian actions in wartime.

Ref - FPRI 

______________________________________________________________________________

(June 6, 2022)

Ukrainian officials' phones targeted by hackers

The phones of Ukrainian officials have been targeted by hackers as Russia pursues its invasion of Ukraine, a senior cybersecurity official said Monday. Victor Zhora, the deputy head of Ukraine's State Special Communications Service, said that phones being used by the country's public servants had come under sustained targeting.

Ref - Reuters 

______________________________________________________________________________

(June 6, 2022)

Major DDoS attacks increasing after invasion of Ukraine

Infosec experts have observed a surge in global DDoS activity in recent months. The Cybersecurity and Infrastructure and Security Agency (CISA) issued a warning about these types of attacks from Russian threat groups in April. From Russian supporters attacking the opposition to pro-Ukraine actors targeting Russia and its allies in retaliation, DDoS attacks have disrupted a growing number of networks across the world.


______________________________________________________________________________

(June 6, 2022)

Pro-Russia group ‘Cyber Spetsnaz’ is attacking government agencies

Resecurity, Inc. (USA) has identified an increase in activity within hacktivist groups, they’re leveraging current geopolitical tensions between the Ukraine and Russia to perform cyber-attacks. Following the attacks of the Killnet Collective, a new group has been identified called “Cyber Spetsnaz”. The actors are positioning themselves as an elite cyber offensive group targeting NATO infrastructure and performing cyberespionage to steal sensitive data.


______________________________________________________________________________

(June 6, 2022)

How the Russia-Ukraine war makes ransomware payments harder

Since Russia launched its war against Ukraine, paying ransoms to Russian entities has become a political hot button, with Secretary of Treasury Janet Yellen lamenting how ransomware criminals operate in Russia with impunity. The Treasury Department’s release also declares that paying ransomware payouts to an entity in a sanctions nexus is a threat to U.S. national security.


______________________________________________________________________________

(June 6, 2022)

Anonymous hacktivists raid Central Bank again

The Central Bank of the Russian Federation (CBR) has taken cyber damage courtesy of the hacktivist Rootkit_sec. Unlike previous attacks, the Anonymous operative's latest exploit allowed them to gain control of the "Russian software system" used in running the CBR. In addition to taking control of the system, the hacktivist also leaked some data that belongs to the central bank.

Ref - IB Times

______________________________________________________________________________

(June 6, 2022)

Russian Ministry website reportedly hacked

Russia’s Ministry of Construction, Housing, and Utilities website has been reportedly hacked, with an internet search for the site leading to a “Glory to Ukraine” sign in Ukrainian. RIA, Russia’s state news agency, quoted a ministry representative on Sunday, revealing that the site was down, but users’ personal data was unaffected. RIA said that hackers were purportedly demanding a ransom to prevent the disclosure of personal data to the public.


______________________________________________________________________________

(June 3, 2022)

Anonymous: RKPLaw, Vyberi Radio, and Metprom Group are the latest victims.

Operation Russia continues, albeit much more slowly than last month. The latest victims include RRustam Kurmaev and Partners (RKP Law) (B00da and Porteur leaked a 1T archive containing data and emails from the law firm), Vyberi Radio (Anonymous has leaked an 823 GB archive containing 1.5 million emails), and Metprom Group (B00da, Porteur, and Wh1t3 Sh4d0w leaked a 184 GB archive containing company emails).


______________________________________________________________________________

(June 3, 2022)

Deadly Secret: Electronic warfare shapes the Russia-Ukraine war

A Ukrainian intelligence official called the Russian threat “pretty severe” when it comes to disrupting reconnaissance efforts and commanders’ communications with troops. Russian jamming of GPS receivers on drones that Ukraine uses to locate the enemy and direct artillery fire is particularly intense “on the line of contact,” he said.

Ref - Securityweek 

______________________________________________________________________________

(June 2, 2022)

US ran offensive cyber ops to support Ukraine, says general

America's military conducted offensive cyber operations to support Ukraine in its response to Russia's illegal invasion, US Cyber Command chief General Paul Nakasone has said. Nakasone, who also serves as director of the NSA, didn't provide specific details about the offensive operations, though he said they were lawful and complied with US policy.

Ref - The Register 

______________________________________________________________________________

(June 2, 2022)

Russia-linked ransomware groups are changing tactics to dodge crackdowns

Russia-linked ransomware groups are splitting into smaller cells or cycling through different types of malware in attempts to evade a growing array of U.S. sanctions and law-enforcement pressure, cybersecurity experts say. After the U.S. in 2019 put sanctions on a Russia-based group known as Evil Corp, which Washington accused of stealing over $100 million from more than 300 banks, hackers believed to be affiliated with the gang switched its operating model, according to a report published Thursday by security firm Mandiant Inc.


______________________________________________________________________________

(May 31, 2022)

FBI warns of Ukrainian charities impersonated to steal donations

Scammers are claiming to be collecting donations to help Ukrainian refugees and war victims while impersonating legitimate Ukrainian humanitarian aid organizations, according to the Federal Bureau of Investigation (FBI). The alert comes after a long stream of reports from security vendors and people who have spotted similar scams online since Russia invaded Ukraine on February 24.

Ref - FBI

______________________________________________________________________________

(May 30, 2022)

Anonymous claims attacks against Belarus for involvement in Russian invasion of Ukraine

Anonymous-affiliated collective Spid3r claims to have attacked Belarus’ government websites in retaliation for the country’s alleged support of Russia’s invasion of Ukraine. The group made the announcement on Twitter, publishing screenshots of various websites connected with the Belarus state being down, including the Ministry of Communications, the Ministry of Justice, and the Ministry of Economy.


______________________________________________________________________________

(May 29, 2022)

Pro-Russian hacker group KillNet plans to attack Italy on May 30

Pro-Russian hacker group KillNet is threatening again Italy, it announced a massive and unprecedented attack on May 30. The collective is also challenging Anonymous which is their adversary. The Italian CSIRT has published an alert to warn of the potential risk of cyberattacks against national bodies and organizations has been identified.


______________________________________________________________________________

(May 28, 2022)

Russian Gamaredon APT could fuel a new round of DDoS attacks

Researchers at 360 Qihoo observed a wave of DDoS attacks launched by Russia-linked APT-C-53 (aka Gamaredon) and reported that the threat actors also released as open-source the code of a DDoS Trojan called LOIC. The instances of the malware spotted by the experts were compiled in early March, a few days after the Russian invasion of Ukraine began.


______________________________________________________________________________

(May 26, 2022)

Cyberattacks against UK CNI increase amidst Russia-Ukraine war

The systems that underpin the UK’s critical national infrastructure (CNI) are under increasing cyber threat. Over seven in 10 cybersecurity decision-makers at UK CNI organizations reported a rise in cyberattacks since the start of the Ukraine war, according to new research by UK cybersecurity services firm, Bridewell.


______________________________________________________________________________

(May 26, 2022)

Russian hackers are linked to new Brexit leak website, Google says

A new website that published leaked emails from several leading proponents of Britain's exit from the European Union is tied to Russian hackers, according to a Google cybersecurity official and the former head of UK foreign intelligence. The site was reminiscent of past hack-and-leak operations attributed to Russian hackers.

Ref - Reuters

______________________________________________________________________________

(May 25, 2022)

Unknown APT group is targeting Russian government entities

Researchers from Malwarebytes observed an unknown Advanced Persistent Threat (APT) group targeting Russian government entities with at least four separate spear-phishing campaigns since the beginning of the Russian invasion of Ukraine. The threat actors behind the attacks aimed at implanting a Remote Access Trojan (RAT) to gain full control over the infected systems. In the first campaign, attackers distributed a custom malware disguised as an interactive map of Ukraine (interactive_map_UA.exe).


______________________________________________________________________________

(May 25, 2022)

Russia unleashes low-key but tangible cyberattacks against Ukraine

Although Russia has not orchestrated any major cyberattack, its hackers have launched nearly 40 offensives against the Ukrainian State, following a strategy planned before the invasion. Six separate groups of hackers belonging to the Russian intelligence and security services have used eight different software programs to carry out nearly 40 attacks aimed at destroying data and rendering computer networks unusable. This works out to two to three per week since the days leading up to the invasion. These attacks have targeted Ukrainian State services and the country's critical infrastructure.

Ref - Lemonde 

______________________________________________________________________________

(May 25, 2022)

As Ukraine conflict continues, US banks still face threats from Russian cyberattacks

The Russia-Ukraine conflict will soon enter its third month. While the initial uncertainty has worn off, the cyberattacks purported by Russia and its operatives are likely to intensify as sanctions and the associated economic toll increase. Russian cyberattacks will continue to inflict collateral damage on a wide variety of organizations, but will likely continue to strongly target financial services organizations, said Dan Katz, cybersecurity and data privacy director at Mazars, a global consultancy.


______________________________________________________________________________

(May 25, 2022)

Sanctions frustrating Russian ransomware actors

Russia's invasion of Ukraine appears to be having an unanticipated impact in cyberspace — a decrease in the number of ransomware attacks. "We have seen a recent decline since the Ukrainian invasion," Rob Joyce, the U.S. National Security Agency's director of cybersecurity, told a virtual forum Wednesday.

Ref - VOA News 

______________________________________________________________________________

(May 24, 2022)


How the war in Ukraine threatens hospital cybersecurity

the health care sector is high on the list of possible targets. Concerns include ransomware — the remote lockdown of a network until a fee is paid — as well as malware that permanently erases affected files such as patient records. Teaching hospitals are prime targets for many reasons, including the sophisticated biomedical research they conduct and the life-and-death nature of their work.

Ref - AAMC 

______________________________________________________________________________

(May 24, 2022)

Personal data of tens of millions of Russians and Ukrainians exposed online

The trove of data was leaked due to a misconfigured Elasticsearch server and in total it stored 870 million records or 147 GB of data. The server was detected randomly on December 5th, 2021, while checking certain IPs however the details of it have only been shared this week. The anonymous server was left unsecured and unprotected as it didn’t have any authentication protocols.

Ref - Hackread 

______________________________________________________________________________

(May 24, 2022)

Nation-state malware could become a commodity on dark web soon, Interpol warns

In the ongoing conflict between Russia and Ukraine, the malware developed by both nation-state actors and non state actors represents a serious risk for critical infrastructure and organizations worldwide. Threat actors could perform reverse engineering of military-made malicious code and use their own versions in attacks in the wild. The scenario also opens the doors to false flag operations, nation-state actors could have access to cyber weapons used in the conflict and use them in attacks in the wild making the attribution impossible.


______________________________________________________________________________

(May 23, 2022)

Anonymous declares cyber-war on Pro-Russian hacker gang Killnet

Hacktivist group Anonymous has announced on social media that it’s launching a cyber-war against the pro-Russian group Killnet, which recently attacked European institutions. The news comes after anonymous hackers recently declared “cyberwar” against Vladimir Putin’s government following the Russian invasion of Ukraine, including leaking over 360,000 Russian federal agency files in the process.


______________________________________________________________________________

(May 23, 2022)

Russia keeps getting hacked - How the tables have turned

In a meeting with the Russian Security Council on Friday, Russian President Vladimir Putin said the number of cyberattacks by foreign "state structures" had increased several times over, Reuters reported. Putin said the challenges came on the heels of Western suppliers having unilaterally stopped technical support of their equipment in Russia in response to Russia's invasion of Ukraine. Since then, there have been data leaks abound, from Russia's second-biggest bank to e-commerce sites.

Ref - Mashable 

______________________________________________________________________________

(May 21, 2022)

Russia-linked Sandworm continues to conduct attacks against Ukraine

The experts from ESET announced the discovery of a new variant of a malware loader used by the threat actors as part of the Industroyer2 attacks, CERT-UA tracked the malicious code as ArguePatch. The APT group has hidden the ArguePatch in an ESET executable (eset_ssl_filtered_cert_importer.exe), the malicious code was overwritten in a function called during the MSVC runtime initialization.


______________________________________________________________________________

(May 20, 2022)

Russian Sberbank says it’s facing massive waves of DDoS attacks

Russia's banking and financial services company Sberbank is being targeted in a wave of unprecedented hacker attacks. Earlier this month, the bank fought off the largest distributed denial-of-service (DDoS) attack in its history. Sergei Lebed, vice president and director of cybersecurity at Sberbank, told the audience participating at the Positive Hack Days conference that thousands of internet users have been attacking the organization over the past months.


______________________________________________________________________________

(May 19, 2022)

Sweden, Finland weigh cyber risks stemming from NATO applications

Authorities in Sweden and Finland have raised alert levels for cyberattacks, concerned they face increased hacking risks because of the war in Ukraine and the two Nordic countries’ subsequent applications to join NATO.


______________________________________________________________________________

(May 19, 2022)

This Russian botnet does far more than DDoS attacks - and on a massive scale

Cybersecurity firm Nisos says that the Fronton botnet is "a system developed for coordinated inauthentic behavior," and the implementation of particular software, dubbed SANA, shows that the botnet's true purpose could be for misinformation and the spread of propaganda rapidly and automatic fashion. 

Ref - ZDNet 

______________________________________________________________________________

(May 19, 2022)

Iran, China-linked gangs join Putin's disinformation war online

Pro-Beijing and Iran miscreants are using the war in Ukraine to spread disinformation that supports these countries' political interests — namely, advancing anti-Western narratives – according to threat-intel experts at Mandiant.

Ref - The Register 

______________________________________________________________________________

(May 19, 2022)

Ukraine's vigilante IT army now has a DDoS bot to automate attacks against Russia

Ukraine’s unofficial ‘army’ of IT vigilantes has developed a new automated attack tool to increase the effectiveness of its cyberattacks against Russian domains. Its “attack automation bot” was built to help more people easily launch distributed denial of service (DDoS) cyberattacks against Russia. The new tool encourages individuals to donate their cloud resources to the bot, which is capable of launching a “coordinated attack from all the available servers”.

Ref - ITPro 

______________________________________________________________________________

(May 19, 2022)

Cyberattacks and misinformation activity against Ukraine continues, say security researchers

The cyber offensive against Ukraine continues with malware attacks and the spread of misinformation, according to security researchers. A new campaign tied to Ghostwriter, discovered by Mandiant, is pushing false narratives about refugees, while other groups push a misinformation campaign aimed at an "aggressive defense of Russian strategic interests," according to the researchers.

Ref - ZDNet 

______________________________________________________________________________

(May 19, 2022)

Cyberattacks launched by Russia before Ukraine invasion may have been more damaging

The "AcidRain" attack is one of the first examples of cyber used as part of a combined-arms operation, much like military might use aircraft to soften a fortified target before tanks and infantry attack it. However, the Russian hackers appear to have let AcidRain run amok, either not able or not caring to limit the attack to Ukrainian devices. As a result, hundreds of thousands of people outside Ukraine were affected in several ways, including losing internet services and power.


______________________________________________________________________________

(May 17, 2022)

Chaos ransomware variant sides with Russia

FortiGuard Labs recently came across a variant of the Chaos ransomware that appears to side with Russia. The malware adds a ‘fuckazov’ file extension to the affected files. Figure 1 shows the content of an encrypted file. “azov” may be a reference to the Azov Battalion who put up a fierce fight against Russian military forces in the Azovstal steel plant in Mariupol, Ukraine.

Ref - Fortinet 

______________________________________________________________________________

(May 17, 2022)

Analysis of Ukraine power grid cyberattacks

Evidence from three cyberattacks against the Ukrainian power grid, in 2015, 2016, and recent in 2022, suggests that the Russian government is actively supporting hacking groups to disrupt the enemy’s critical infrastructure. However, it is unclear what the motivation behind the Sandworm attacks is, and experts are left in the dark to speculate about the intentions behind these attacks.


______________________________________________________________________________

(May 17, 2022)

Cyberattacks in Lithuania surged when war in Ukraine began

In the first quarter of 2022, Lithuania recorded 1,020 cyberattacks compared to the 981 the country registered in the previous year. Overall for 2022, trends fail to show a decrease in cyber-incidents. Russia’s war on Ukraine is not the only reason for the increasing number of cyber-attacks. The COVID-19 pandemic and the Belarusian hybrid attack against Lithuania also had a significant influence on the country’s cybersecurity situation.


______________________________________________________________________________

(May 17, 2022)

New Hampshire faces increased cyberattacks due to the Russia-Ukraine conflict

New Hampshire has been embattled in an onslaught of cybercrime for many years. What we’re seeing overseas is that anytime a big geopolitical conflict arises – this time Russia and Ukraine – the countries have dumped a lot of technical innovation into their conflict.

Ref - Yahoo 

______________________________________________________________________________

(May 16, 2022)

Killnet hackers announce attacks on UK for standing up to Putin's war

Killnet hackers have announced global cyber attacks against a number of countries - including the UK - for standing up to Vladimir Putin's war in Ukraine. The other countries being targeted by the Russia-linked group are the US, Germany, Italy, Latvia, Romania, Lithuania, Estonia, Poland and Ukraine.

Ref - Express 

______________________________________________________________________________

(May 16, 2022)

Ukraine supporters in Germany targeted with PowerShell RAT malware

An unknown threat actor is targeting German users interested in the Ukraine crisis, infecting them with a custom PowerShell RAT (remote access trojan) and stealing their data. The malware campaign uses a decoy site to lure users into fake news bulletins that supposedly contain unreleased information about the situation in Ukraine. These sites offer malicious documents that install a custom RAT that supports remote command execution and file operations.


______________________________________________________________________________

(May 15, 2022)

Ukraine CERT-UA warns of new attacks launched by Russia-linked Armageddon APT

Ukraine Computer Emergency Response Team (CERT-UA) reported a phishing campaign using messages with subject “On revenge in Kherson!” and containing the “Plan Kherson.htm” attachment. The HTM-file will decode and create an archive named “Herson.rar”, which contains a file-shortcut named “Plan of approach and planting explosives on the objects of critical infrastructure of Kherson.lnk”.


______________________________________________________________________________

(May 14, 2022)

OpRussia update: Anonymous breached other organizations

The #OpRussia launched by Anonymous on Russia after the criminal invasion of Ukraine continues, the collective claims to have hacked multiple organizations and government entities. The hacktivists leaked the stolen data via DDoSecrets. The list of organizations breached this week by Anonymous includes SOCAR Energoresource, Achinsk City Government, Polar Branch of the Russian Federal Research Institute of Fisheries and Oceanography, and Port and Railway Projects Service of JSC UMMC.


______________________________________________________________________________

(May 13, 2022)

Russian cyber hackers Killnet could prevent Ukraine from winning Eurovision 

Russian cyber hackers could target the Eurovision song contest to stop Ukraine from winning the accolade. Killnet, a pro-Putin group, is suggesting that it will immobilize online voting servers, over support for Ukrainian entry Kalush Orchestra.

Ref - Dailymail 

______________________________________________________________________________

(May 12, 2022)

Ukraine war: Don’t underestimate Russia cyber-threat, warns US

There has been a sustained cyber-conflict over Ukraine which could still escalate, a senior US intelligence official has told the BBC. Despite warnings, major cyber-attacks on the West have so far not materialized. But Russia shouldn't be underestimated, Rob Joyce, director of cyber-security at the National Security Agency said. Independent hackers targeting Russia in support of Ukraine could also spark escalation, he warned.

Ref - BBC 

______________________________________________________________________________

(May 12, 2022)

Cyber risk remains a primary concern in the Russia-Ukraine war

It appears that Russian state-sponsored adversaries may have the opportunity and capability to attack Western critical infrastructure, but lack the intent as a particularly disruptive attack may trigger a commensurate response from either Ukraine or the West, depending on the target. At this stage of the war, however, it remains unlikely that Russia will carry out major disruptive or destructive attacks against Western critical infrastructure via cyber means. However, the energy, financial services, and information technology sector make for likely targets based upon previous incidents.

Ref - Flashpoint 

______________________________________________________________________________

(May 11, 2022)

Pro-Russian hackers target Italy defense ministry, senate websites -ANSA news agency

Pro-Russian hackers have attacked the websites of several Italian institutions, including the defense ministry and the senate, ANSA news agency reported on Wednesday. The defense ministry and the Italian cyber security agency did not immediately respond to a request for comment.

Ref - Devdiscourse 

______________________________________________________________________________

(May 11, 2022)

Russia ramping up cyberattacks against Starlink: Musk

Russia is ramping up its efforts to jam Starlink internet service in Ukraine, SpaceX chief Elon Musk said on Wednesday. He noted that Starlink has so far thwarted all cyberattacks coming from Russia. The billionaire added that Russia is "ramping up their efforts" against Starlink.


______________________________________________________________________________

(May 10, 2022)

Russian hackers targeting opponents of Ukraine invasion, warns GCHQ chief

Russian hackers are seeking to target western countries supporting Ukraine in its efforts to resist Moscow’s invasion, the head of GCHQ has said. Jeremy Fleming, the director of the British spy agency, said in a speech on Tuesday morning that while fears of a fully-fledged online war between Russia and Ukraine had perhaps failed to materialize, there remained “plenty” of cyber activity as part of the conflict.

Ref - The Guardian 

______________________________________________________________________________

(May 10, 2022)

Ransomware has gone down because sanctions against Russia are making life harder for attackers

The number of ransomware attacks has gone down in recent months because sanctions against Russia are making it harder for cybercriminals to organize attacks and receive ransom payments, Rob Joyce, director of cybersecurity at the National Security Agency (NSA), has revealed.

Ref - ZDNet 

______________________________________________________________________________

(May 10, 2022)

US, EU blame Russia for cyberattack on satellite modems in Ukraine

The European Union formally accused Russia of coordinating the cyberattack that hit satellite Internet modems in Ukraine on February 24, roughly one hour before Russia invaded Ukraine. The attack targeted the KA-SAT consumer-oriented satellite broadband service operated by satellite communications provider Viasat. It affected thousands of Ukrainian customers and tens of thousands of other broadband customers across Europe, according to Viasat.


______________________________________________________________________________

(May 9, 2022)

Anonymous NB65 claims to hack Russian payment processor Qiwi

On May 1st, 2022, NB65, one of the Anonymous affiliate hacktivist groups published a tweet in which it claimed to have gained access to Qiwi’s databases for operation OpRussia. NB65 also tweeted that it managed to extract 10.5TB of data comprising 30 million payment records and filtered 12.5 million credit cards of Qiwi customers.

Ref - Hackread 

______________________________________________________________________________

(May 9, 2022)

Ukraine warns of “chemical attack” phishing campaign pushing infostealer malware

Ukraine's Computer Emergency Response Team (CERT-UA) is warning of the mass distribution of Jester Stealer malware via phishing emails using warnings of impending chemical attacks to scare recipients into opening attachments. These phishing emails contain XLS documents laced with malicious macros, so if the file is opened and content is enabled in Microsoft Office, an EXE payload will be fetched from a remote source and executed on the computer.


______________________________________________________________________________

(May 9, 2022)

Hackers display “blood is on your hands" on Russian TV, take down RuTube

During the Russian President Putin's speech at today's "Victory Day" military parade, pro-Ukrainian hacking groups defaced the online Russian TV schedule page to display anti-war messages. Russian citizens attempting to access TV schedules via their smart TVs read messages that accused the Kremlin of propaganda and that blood was on their hands for the acts of violence in Ukraine.


______________________________________________________________________________

(May 8, 2022)

Russian hackers target German govt websites in a series of cyberattacks

Russian hackers have been blamed for carrying out a series of cyberattacks on the official websites of the German government. The portals of the German Ministry of Defence, the Bundestag, the federal police, and a number of federal police services were allegedly hacked by Russian hackers. This comes after Germany announced military assistance to Ukraine. Security officials believe the attacks are payback for German armament supply to Ukraine in its conflict with Russia.


______________________________________________________________________________

(May 8, 2022)

Russia, once considered a top force in cyberspace, now being mocked by world's best hackers

The State Special Communications Service announced on May 2 that Russian cyberattacks against Ukraine had reached a maximum. The Russians have failed to carry out a large-scale attack that would indeed cause significant damage to the Ukrainian economy, army, or population.

Ref - Yahoo

______________________________________________________________________________

(May 8, 2022)

Tracking Cobalt Strike servers used in cyberattacks on Ukraine

On April 18, 2022, CERT-UA published alert #4490, which describes a malicious email campaign targeting Ukraine. The email attempts to deploy a Cobalt Strike beacon on the victim's system through the use of an MS Office macro. In the alert, CERT-UA provides a list of indicators of compromise (IoCs), including a list of IP addresses and domains used in the attack that are known to be Cobalt Strike command and control (C2) servers.

Ref - IronNet 

______________________________________________________________________________

(May 7, 2022)

Canada on high alert for ransomware attacks amid Russia’s invasion of Ukraine

Canada went on high alert for ransomware attacks on Feb. 24, the day Russia invaded Ukraine. Canada’s Communications Security Establishment (CSE) warned Canadian banks, power utilities, and other major firms that day to take immediate action and bolster online cyber defenses.

Ref - The Star 

______________________________________________________________________________

(May 6, 2022)

'All ventilators will be attacked' Russian hackers threaten to target NHS in a revenge plot

The threat comes following the arrest of an alleged pro-Putin cybercriminal in London who is believed to be responsible for a hack on government and media websites in Romania. The suspect is part of a group known as “Killnet” who have since vowed to disable NHS ventilators, as well as ones in Romania and Moldova should their comrade not be released.

Ref - Express

______________________________________________________________________________

(May 6, 2022)

IT infrastructure used to launch DDoS attacks on Russian targets

Organizations could unwittingly be participating in hostile activity against the Russian government as compromised IT infrastructure is used without their knowledge to launch denial of service attacks. The list of targets included Russian websites from a variety of sectors, including government, military, media, finance, energy, retail, mining, manufacturing, chemicals, production, technology, advertisements, agriculture, and transportation, as well as those of political parties.


______________________________________________________________________________

(May 5, 2022)

Ukraine’s IT Army is disrupting Russia's alcohol distribution

Hacktivists operating on the side of Ukraine have focused their DDoS attacks on a portal that is considered crucial for the distribution of alcoholic beverages in Russia. According to reports from multiple Russian media outlets, several vodka producers and distributors claim they are unable to access the EGAIS portal as required by government regulations.


______________________________________________________________________________

(May 5, 2022)

1,400 Bangladeshi IP addresses used for cyberattack in Russia & Ukraine

Almost 1,400 IP address has been used by hackers of Russia and Ukraine to launch cyberattacks on each other. This revelation comes after a recent investigation conducted by Bangladesh Government's e-Government Computer Incident Response Team (BGD e-GOV CIRT or BD CIRT).


______________________________________________________________________________

(May 4, 2022)

Amid Russian invasion of Ukraine, be aware of scams and cyberattacks

The Russian invasion of Ukraine continues to claim lives months after the initial assault in February. Cybersecurity experts advise the general public to remain vigilant amid “evolving intelligence” for the potential of cyberattacks on critical infrastructure. Scams are not the only threat from fake accounts. Individuals masquerading to be refugees from Ukraine have been linked to distributed denial of service attacks on Ukrainian websites. These follow several severe attacks on Ukraine’s critical infrastructure by state-backed threat actors.

Ref - The Daily 

______________________________________________________________________________

(May 4, 2022)

The Ukraine cyberwar that never was: Cybersecurity experts warn it’s too early to relax

Cybersecurity experts still warn that it’s too early to let the guard down. They caution that the war in Ukraine could still spill over into other nations, compromising cybersecurity on a global scale. “I have no doubt in my mind that Putin will be wagging his finger at the cyber attackers that are on his side, suggesting that they continue with their sophistication and persistence,” Jake Moore, global cybersecurity advisor at cybersecuirty firm ESET says.

Ref - Verdict 

______________________________________________________________________________

(May 4, 2022)

Pro-Ukraine hackers use Docker images to DDoS Russian sites

Docker images with a download count of over 150,000 have been used to run distributed denial-of-service (DDoS) attacks against a dozen Russian and Belarusian websites managed by government, military, and news organizations. Behind the incidents are believed to be pro-Ukrainian actors such as hacktivists, likely backed by the country's IT Army.


______________________________________________________________________________

(May 3, 2022)

China-linked APT Curious Gorge targeted Russian and Ukrainian government agencies

Curious Gorge, a group TAG attributes to China’s PLA SSF, has remained active against government, military, logistics, and manufacturing organizations in Ukraine, Russia and Central Asia. In Russia, long-running campaigns against multiple government organizations have continued, including the Ministry of Foreign Affairs


______________________________________________________________________________

(May 3, 2022)

German finance watchdog sees 'very big' risk of cyberattacks since Russia-Ukraine conflict

Germany's financial regulator BaFin warned of the "very big" risk of cyberattacks targeting the financial sector, a threat it said had become "more likely" since Russia's war on Ukraine. "The risk that companies in the financial sector will fall victim to cyberattacks or that internal IT security incidents will occur is very big and very present," BaFin president Mark Branson told a press conference.


______________________________________________________________________________

(May 3, 2022)

Update on cyber activity in Eastern Europe

Government-backed actors from China, Iran, North Korea, and Russia, as well as various unattributed groups, have used various Ukraine war-related themes in an effort to get targets to open malicious emails or click malicious links. Financially motivated and criminal actors are also using current events as a means of targeting users.

Ref - Google

______________________________________________________________________________

(May 3, 2022)

Ukraine’s online volunteers go after Russian targets

Ukraine’s massive cyberarmy, which includes both workers from the country’s burgeoning technology sector and volunteers from around the world, has turned the tables on Russia in a way that experts never expected. Ukraine has actively fought off a deluge of attempted cyberattacks on its critical infrastructure, while bringing the fight to Russia. 


______________________________________________________________________________

(May 3, 2022)

Windows XP proves Russia is losing the cyberwar against Ukraine, too

During the Ukraine attacks, Russia used the extensive railways of its partner in the war, Belarus, to rush soldiers, tanks, heavy weapons, and other war materiel to the Ukraine border. However, the Cyber Partisans, a hacktivist group of exiled Belarus tech professionals, attacked the Belarussian train system, slowing troop movements, supplies, and weaponry. They played a role in fuelling the logistical chaos that quickly engulfed the Russians, leaving troops stranded on the front lines without food, fuel, and ammunition within days of the invasion.

Ref - ARN Net

______________________________________________________________________________

(May 2, 2022)

Vietnam ‘opinion workers’ push Russian fake news on Ukraine on social media

Vietnamese “opinion workers” who promote the Communist Party and protect its image on social media now have a new role: spreading fake or misleading reports that support Russia’s invasion of Ukraine on Facebook.


______________________________________________________________________________

(May 1, 2022)

Hacking Russia was off-limits, but the Ukraine war made it a free-for-all

Digital assailants have plundered the country’s (Russia’s) personal financial data, defaced websites, and handed decades of government emails to anti-secrecy activists abroad. One recent survey showed more passwords and other sensitive data from Russia were dumped onto the open web in March than information from any other country.

Ref - Stripes 

______________________________________________________________________________

(May 1, 2022)

A YouTuber is promoting DDoS attacks on Russia — how legal is this?

In a plea made this week on his channel, the YouTuber demonstrated how viewers could download a free pen-testing (DDoS) tool called Liberator and "stop that Russian propaganda machine." The YouTube video in question has thus far generated over 86,000 views.


______________________________________________________________________________

(April 30, 2022)

Caution about malware strikes on financial systems

Bangladesh is alerted against botnet and malware infections of important data infrastructures, including in financial institutions, to forestall cyber-attacks on the sidelines of the Ukraine war. Officials say the government's dedicated cyber-threat agency issued the warning as global cyberwar is getting spawned in the Russia-Ukraine war with the western military alliance, NATO, backing the latter with weapons support.


______________________________________________________________________________

(April 29, 2022)

Ukraine’s digital battle with Russia isn’t going as expected

In recent weeks, Fedorov and the Ukrainian government have deployed the controversial face recognition program ClearviewAI to identify killed and captured Russian soldiers. They have crowdsourced intelligence collection, letting ordinary Ukrainians report troop movements. And, perhaps most critically, they have beaten back aggressive attempts to knock offline their internet, energy, and financial systems.

Ref - Wired 

______________________________________________________________________________

(April 29, 2022)

Romania DDoS attack shows Ukraine's allies are in Russia’s crosshairs

Government websites in Romania have been crippled by a distributed denial of service (DDoS) cyberattack carried out by Russia-supporting cybercrime gang Killnet, the country’s prime minister confirmed today. The attack is the latest sign that Russia is targeting neighboring countries, which have offered support to Ukraine during the ongoing war in Eastern Europe.

Ref - Tech Monitor 

______________________________________________________________________________

(April 29, 2022)

Ongoing DDoS attacks from compromised sites hit Ukraine

Ukraine‘s computer emergency response team (CERT-UA) announced that it is investigating, along with the National Bank of Ukraine (CSIRT-NBU), ongoing DDoS attacks targeting pro-Ukraine sites and the government web portal. The attacks originated from compromised websites, most of them use the WordPress CMS. Threat actors planted a malicious JavaScript code, tracked as BrownFlood, in the web pages of the sites to generate the malicious traffic to a list of static URLs included in the JavaScript code.


______________________________________________________________________________

(April 29, 2022)

Anonymous hacked Russian PSCB Commercial Bank and companies in the energy sector

The #OpRussia launched by Anonymous on Russia after the criminal invasion of Ukraine continues, the collective claims to have published more than 6 TB of Russian data via DDoSecrets. The recent targets include Elektrocentromontazh - the largest chief power organization in Russia, PSCB Petersburg Social Commercial Bank, and ALET - a customs broker for companies in the fuel and energy industries.


______________________________________________________________________________

(April 28, 2022)

Russian cyberattacks aimed at collecting data from Ukraine

If Russia is successful at taking control of more of eastern Ukraine, stolen personal data will be an asset. Russian occupiers have already collected passport information, a top Ukrainian presidential adviser tweeted recently, that could help organize separatist referendums. Ukraine, for its part, appears to have done significant data collection quietly assisted by the U.S., the U.K., and other partners targeting Russian soldiers, spies, and police, including rich geolocation data.


______________________________________________________________________________

(April 28, 2022)

Ukraine targeted by DDoS attacks from compromised WordPress sites

Ukraine's computer emergency response team (CERT-UA) has published an announcement warning of ongoing DDoS attacks targeting pro-Ukraine sites and government web portals. The threat actors, who at this time remain unknown, are compromising WordPress sites and injecting malicious JavaScript code to perform the attacks.


______________________________________________________________________________

(April 27, 2022)

The hybrid war in Ukraine

At least six different Kremlin-linked hacking groups have conducted nearly 240 cyber operations against Ukrainian targets, Microsoft said Wednesday, in data reveal a broader scope of alleged Russian cyberattacks during the war on Ukraine than previously documented. The Microsoft report is the most comprehensive public record yet of Russian hacking efforts related to the war in Ukraine.

Ref - Microsoft 

______________________________________________________________________________

(April 27, 2022)

Bronze President group spies on Russian targets as Ukraine invasion continues

Bronze President (aka Mustang Panda or HoneyMyte) has potentially shifted from Asia to focus on Russia as the invasion of Ukraine continues. According to Secureworks Counter Threat Unit (CTU), the group is either sponsored or at the very least tolerated by the Chinese government" and "appears to be changing its targeting in response to the political situation in Europe and the war in Ukraine."

Ref - ZDNet 

______________________________________________________________________________

(April 27, 2022)

Russia is being hacked at an unprecedented scale

Every day, often at around 5 am local time, the Telegram channel housing Ukraine’s unprecedented “IT Army” of hackers buzzes with a new list of targets. The volunteer group has been knocking Russian websites offline using wave after wave of distributed denial-of-service (DDoS) attacks, which flood websites with traffic requests and make them inaccessible, since the war started.

Ref - Wired 

______________________________________________________________________________

(April 27, 2022)

A deeper look at hacking groups and malware targeting Ukraine

According to the Computer Emergency Response Team of Ukraine (CERT-UA), the country has recorded 802 cyberattacks since Russia invaded the country earlier this year. That compares to just 362 documented attacks during the same time last year, CERT-UA said. 

Ref - The Record 

______________________________________________________________________________

(April 27, 2022)

Pro-Russia hackers were inside Ukraine's government networks long before the ground war started

The cybersecurity company Trellix says pro-Russia hackers had infiltrated the networks of numerous Ukrainian government agencies long before Russia’s ground invasion started in late February. In fact, hackers had planted malicious code in the networks even before Russian troops began assembling at the Ukrainian border in 2021.

Ref - Fast Company 

______________________________________________________________________________

(April 26, 2022)

DDoS attacks were at an all-time high in Q1 2022 due to war in Ukraine

Kaspersky recently released findings that the number of DDoS attacks is the highest they have ever been and dwarfs the rate of DDoS attacks from just a year prior. According to the cybersecurity company, the total number of attacks from Q1 of 2022 was four-and-a-half times higher than that of Q1 of 2021. This has been chalked up to the ongoing war in Ukraine and the subsequent attacks on businesses in the government and financial sectors, specifically.


______________________________________________________________________________
 
(April 26, 2022)

The Russia-Ukraine conflict has brought cyberwarfare into the mainstream

The Russia-Ukraine conflict has seen cyber warfare enter the mainstream, with both sides using hacking tactics. Businesses not directly involved in the situation should now take steps to enhance their cyber defenses and avoid being caught in the crossfire. The National Cyber Security Centre (NCSC) has good advice for what organizations should be doing to improve security when the cyber threat is heightened.

Ref - Digit 

______________________________________________________________________________

(April 26, 2022)

Russian affiliates believed to be behind cyberattacks on wind turbines firms

Cyber attacks on three Germany-based wind-energy companies have raised alarms that Russian-sympathisers are trying to disrupt European efforts to lessen resilience on Russian oil and gas. The three companies targeted in the attacks are Deutsche Windtechnik AG, which provides maintenance services, and two manufacturers, namely Nordex SE and Enercon GmbH.

Ref - IT Pro

______________________________________________________________________________

(April 25, 2022)

Identities of more than 100 would-be troops accessed in a possible Russian intelligence sting

The identities of more than 100 potential British Army recruits have been hacked from a UK defense computer in a possible Kremlin intelligence sting. A third party, who is feared to have been a Russian agent, infiltrated the database in a shocking security breach. The Ministry of Defense admitted last night that the records of 124 potential candidates were illegally accessed, but it is thought hundreds more could have been at risk.


______________________________________________________________________________

(April 24, 2022)

Since declaring cyberwar on Russia, Anonymous leaked 5.8 TB of Russian data

The #OpRussia launched by Anonymous on Russia after the criminal invasion of Ukraine continues to collect successes, the collective claims to have published approximately 5.8 TB of Russian data via DDoSecrets. The collective vows to release more data belonging to Russian businesses and government, organizations including a commercial bank.


______________________________________________________________________________

(April 23, 2022)

Russia is losing a war against hackers stealing huge amounts of data

In its first 10 years, WikiLeaks claimed to publish 10 million documents. In the less than two months since the invasion began, they’ve published over 6 million Russian documents. The vast majority of sources who provided the hacked Russian data appear to be anonymous individuals, many self-identifying as part of the Anonymous hacktivist movement.


______________________________________________________________________________

(April 23, 2022)

Ukraine issues warning to its citizens regarding possible cyber attacks on orthodox Easter

As Orthodox Easter (Sunday, April 24) nears, Ukraine has warned its citizens regarding cyberattacks on the said day, which is regarded as one of the most significant holidays of the year. Earlier on Saturday, the State Special Communications Service of Ukraine warned civilians in the war-ravaged country that cyberattacks at the behest of the enemy may intensify on Easter. It also stated that owing to Russia's military operation in Ukraine, not everyone will be able to celebrate the holiday with family and friends this year.


______________________________________________________________________________

(April 23, 2022)

Phishing attacks using the topic “Azovstal” targets entities in Ukraine

The Computer Emergency Response Team of Ukraine (CERT-UA) warns of phishing attacks aimed at organizations in the country using the topic “Azovstal”. The phishing message use the subject “Azovstal” and a weaponized office document. Upon opening the attachment and enabling the macro, it will start the infection process. The malicious code will download, create on disk and run the malicious DLL “pe.dll”.


______________________________________________________________________________

(April 22, 2022)

Hackers claim to target Russian institutions in a barrage of cyberattacks and leaks

Hackers claim to have broken into dozens of Russian institutions over the past two months, including the Kremlin’s internet censor and one of its primary intelligence services, leaking emails and internal documents to the public in an apparent hack-and-leak campaign that is remarkable in its scope. The hacking operation comes as the Ukrainian government appears to have begun a parallel effort to punish Russia by publishing the names of supposed Russian soldiers who operated in Bucha.


______________________________________________________________________________

(April 22, 2022)

Ukraine postal service hit with cyberattack after issuing commemorative war stamps

Ukrainian officials said the country’s postal service was targeted by a cyberattack following the sale of stamps portraying a Ukrainian soldier giving the middle finger to a Russian warship, according to Reuters. The stamps went on sale last week following the sinking of Russia’s Moskva cruiser. The warship, which was the flagship of Russia’s Black Sea Fleet, sank last week after it caught on fire. 

Ref - The Hill

______________________________________________________________________________

(April 22, 2022)

They’ve leaked terabytes of Russian emails, but who’s reading?

Around 150GB of emails from the Blagoveshchensk City Administration was published online by the transparency collective Distributed Denial of Secrets — just one of many data sets leaked to the organization since the invasion of Ukraine began. the collective has published 5.8 terabytes of leaks since the invasion started, with no signs of slowing down. On the day of that tweet, DDoSecrets published two new leaked email caches: 575,000 emails from property management company Sawatzky and 250,000 emails from Worldwide Invest, a Moscow-based investment firm.

Ref - The Verge 

______________________________________________________________________________

(April 21, 2022)

Russian state-sponsored and criminal cyber threats to critical infrastructure

The cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom are releasing this joint Cybersecurity Advisory (CSA). The intent of this joint CSA is to warn organizations that Russia’s invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyber activity. This activity may occur as a response to the unprecedented economic costs imposed on Russia as well as material support provided by the United States and U.S. allies and partners.

Ref - CISA 

______________________________________________________________________________

(April 21, 2022)

Russia’s war in Ukraine has complicated the means through which cybercriminals launder funds

The takedown of Hydra combined with the Russian authorities’ attempts to establish firmer control over cryptocurrency flows will likely lead to changes in how cybercriminals transfer ill-gotten funds. Some threat actors have suggested turning to means enabling them to store value for a longer period of time, including “cold” wallets (wallets that are not connected to the internet) and even gold.


______________________________________________________________________________

(April 21, 2022)

Cybercriminals are ‘drinking the tears’ of Ukrainians

Cyber opportunists are engaging in lachryphagy to exploit humanitarian concerns about the war for profit or data collection. To date, one of the largest cryptocurrency scams involving fraudulent Ukrainian relief payments totaled $50 million in March, the Wall Street Journal reports.

Ref - The Hill

______________________________________________________________________________

(April 20, 2022)

Anonymous #OpRussia reports Metro system hack, counter-disinformation milestone

Ghost Security announced that it had gained access to IT systems servicing Russia’s metro systems and “found something crazy”: “The controls to the smoke system, the AC (TEMP) in each train (labeled car in attached images), battery system, and much more. They claim to have found the full building blueprints with the temp control and threaten to publish the data soon.


______________________________________________________________________________

(April 20, 2022)

Anonymous hacked other Russian organizations, some of the breaches could be severe

The Anonymous collective and affiliate groups have intensified their attacks and claim to have breached multiple organizations. The organizations breached in the last three days include Tendertech, GUOV i GS – General Dept. of Troops and Civil Construction, Synesis Surveillance System, Neocom Geoservice, and Gazregion.


______________________________________________________________________________

(April 20, 2022)

Ukraine ramps up cyber defenses to slow surge in attacks

To deal with the threat, Ukrainian authorities on April 5 certified the government's use of physical security keys, which are small portable devices that give an additional layer of security. Ukraine is now issuing the keys to as many government agencies as possible, said Oleksandr Potii, deputy chief of the State Service of Special Communication and Information Protection. The government wants to push phishing proof, password-less authentication solutions in Ukraine.


______________________________________________________________________________

(April 20, 2022)

Russian state hackers hit Ukraine with new malware variants

Threat analysts report that the Russian state-sponsored threat group known as Gamaredon (a.k.a. Armageddon/Shuckworm) is launching attacks against targets in Ukraine using new variants of the custom Pteredo backdoor. According to a report by Symantec, which tracks the group as Shuckworm, the actor is currently using at least four variants of the “Pteredo” malware, also tracked as Pteranodon.


______________________________________________________________________________

(April 19, 2022)


Watch out for Ukraine donation scammers in Twitter replies

Scammers are trying to capitalize on the recent Ukraine-Russia war, by faking donation spree on Twitter. One such request on social media came via a well-known Twitter user, @Xenta777, asking for military equipment-related donations. Somebody set up an imitation account (@Xenta7777, i.e. with the additional “7” in the username), and then posted his own ID in response to someone asking where to donate.


______________________________________________________________________________

(April 18, 2022)

What the war in Ukraine means for the internet?

The war in Ukraine has shown that the internet really can survive a devastating, violent conflict. Survivability was built into the very idea of the internet, from its origins in the Cold War, when the US decided that it needed to share processing power between supercomputers. It was designed precisely not to have a centralized command centre. This makes the system less vulnerable to attack because there is no single point of failure

Ref - Spiked 

______________________________________________________________________________

(April 17, 2022)

U.S. officials preparing for potential Russian cyberattacks

The Biden administration has been releasing sensitive intelligence and dire warnings that the Kremlin is preparing to launch a new generation of cyberattacks on American soil. U.S. cyber defenders tell they are now watching Russian state actors probe some of the most critical systems, and are bracing themselves — especially at the Department of Homeland Security — with an initiative called "Shields Up."

Ref - CBS News

______________________________________________________________________________

(April 16, 2022)

The unceasing action of Anonymous against Russia

This week Anonymous and other hacker groups affiliated with the collective have launched multiple attacks against Russian government agencies and organizations. The group ‘NB 65’ (@xxNB65) announced it has hacked Continent Express, the Russian largest independent travel agency and leaked nearly 400 GB of files and databases via the DDoSecrets platform.


______________________________________________________________________________

(April 17, 2022)

Currency.com faces Russian cyberattack hours after the exit

Crypto firm Currency.com faced a Russian cyberattack just hours after leaving the market amid the ongoing invasion of Ukraine. In an interview with the Sunday Times, London-based billionaire and crypto chief Viktor Prokopenya said the firm faced a huge backlash after it decided to pull the plug, with call-center staff immediately facing abuse and death threats.

Ref - City AM 

______________________________________________________________________________

(April 17, 2022)

10 Ways the Ukraine-Russia War Affects Small Businesses in the US

From bracing for even higher inflation and disruption to supply chains, to cybersecurity under increased threat, the Russian-Ukraine conflict is taking its toll on businesses around the world, including in the United States. Being familiar about how the war could impact businesses can help companies take the necessary precautions and be better prepared.


______________________________________________________________________________

(April 15, 2022)

Can Russia and the West avoid a major cyber escalation?

Analyzing over 300 collected cyber incidents during the war in Ukraine, two things can be preliminary concluded regarding escalation in the cyber domain. First, most cyber operations seem to have occurred in the first three weeks of the war, with the tempo slowing down somewhat in early April. Second, the most impactful operations occurred at the beginning of the war.


______________________________________________________________________________

(April 15, 2022)

Experts warn things may escalate in the Russia-Ukraine conflict

As Russia's invasion of Ukraine continues, there are questions over whether such cyberattacks will become a more prominent part of the conflict. Meanwhile, experts are evaluating the gulf between what many government officials and cybersecurity researchers predicted and what has so far taken place.


______________________________________________________________________________

(April 14, 2022)

Hackers target the Ukrainian government with IcedID malware, Zimbra exploits

Hackers are targeting Ukrainian government agencies with new attacks exploiting Zimbra exploits and phishing attacks pushing the IcedID malware. The Computer Emergency Response Team of Ukraine (CERT-UA) detected the new campaigns and attributed the IcedID phishing attack to the UAC-0041 threat cluster, previously connected with AgentTesla distribution, and the second to UAC-0097, a currently unknown actor.


______________________________________________________________________________

(April 14, 2022)

OldGremlin ransomware gang targets Russia with new malware

OldGremlin, a little-known threat actor that uses its particularly advanced skills to run carefully prepared, sporadic campaigns, has made a comeback last month after a gap of more than one year. The group distinguishes itself from other ransomware operations through the small number of campaigns - less than five since early 2021 - that target only businesses in Russia and the use of custom backdoors built in-house.


______________________________________________________________________________

(April 14, 2022)

Prepare for Armageddon: Ukraine’s tactic against Russian hackers

According to western and Ukrainian officials, as well as cyber security experts, the long-running tracking and tackling of Armageddon is just one example of a “persistent defense” that has enabled Ukraine to fend off an astounding number of cyber attacks in recent weeks. That has allowed the country to show the same resilience online as its troops have on the ground. This toughness comes from years of preparing for and sometimes recovering from, sophisticated Russian cyber attacks.


______________________________________________________________________________

(April 13, 2022)

Feds uncover a ‘Swiss Army Knife’ for hacking industrial control systems

The Department of Energy, the CISA, the NSA, and the FBI jointly released an advisory about a new hacker toolset potentially capable of meddling with a wide range of industrial control system equipment. The malware toolkit, known as Pipedream, is perhaps the most versatile tool ever made to target critical infrastructures like power grids and oil refineries.

Ref - Wired 

______________________________________________________________________________

(April 12, 2022)

Industroyer2: Industroyer reloaded - targets a Ukrainian energy company

ESET researchers collaborated with CERT-UA to analyze the attack against the Ukrainian energy company. The attack used ICS-capable malware and regular disk wipers for Windows, Linux, and Solaris operating systems. It was assessed with high confidence that the attackers used a new version of the Industroyer malware, which was used in 2016 to cut power in Ukraine. Moreover, the APT group Sandworm is thought to be responsible for this new attack.


______________________________________________________________________________

(April 12, 2022)

Sandworm hackers fail to take down Ukrainian energy provider

The Russian state-sponsored hacking group known as Sandworm tried on Friday to take down a large Ukrainian energy provider by disconnecting its electrical substations with a new variant of the Industroyer malware for industrial control systems (ICS) and a new version of the CaddyWiper data destruction malware.


______________________________________________________________________________

(April 11, 2022)

CISA warns organizations of WatchGuard bug exploited by Russian state hackers

The CISA has ordered federal civilian agencies and urged all US organizations on Monday to patch an actively exploited bug impacting WatchGuard Firebox and XTM firewall appliances. Sandworm, a Russian-sponsored hacking group also exploited this high severity privilege escalation flaw (CVE-2022-23176) to build a new botnet dubbed Cyclops Blink out of compromised WatchGuard Small Office/Home Office (SOHO) network devices.


______________________________________________________________________________

(April 11, 2022)

Rise in NPM protestware: another open-source dev calls Russia out

Developers are increasingly voicing their opinions through their open-source projects in active use by thousands of software applications and organizations. To do this, a maintainer adds broken code, protest messages, or undesired damaging functionality in the latest versions of their project without documenting it beforehand. Most recently, the developer of the 'event-source-polyfill' npm package has peacefully protested Russia's "unreasonable invasion" of Ukraine, to Russian consumers.


______________________________________________________________________________

(April 11, 2022)

Anonymous hacked Russia’s Ministry of Culture and leaked 446 GB

The Anonymous collective has hacked Russia’s Ministry of Culture and leaked 446 GB of data through the DDoSecrets platform. Data leak service DDoSecrets has published over 700 GB of data allegedly stolen from the Russian government, including over 500,000 emails. The dump includes three datasets, the largest one is related to the Ministry of Culture at 446 GB (containing 230,000 emails), which is responsible for state policy regarding art, cinematography, archives, copyright, cultural heritage, and censorship.


______________________________________________________________________________

(April 10, 2022)

Facebook blocked Russia and Belarus threat actors’ activity against Ukraine

Facebook/Meta revealed that Russia-linked threat actors are attempting to weaponize the social network to target Ukraine. The company blocked about 200 accounts operated from Russia that were used to falsely report people for various violations, including hate speech, bullying, and inauthenticity, in an attempt to have them and their posts removed from the platform.


______________________________________________________________________________

(April 9, 2022)

Hackers use Conti's leaked ransomware to attack Russian companies

A hacking group used Conti's leaked ransomware source code to create their own ransomware to use in cyberattacks against Russian organizations. A hacking group known as NB65 created their ransomware using the leaked source code for the Conti Ransomware operation, which are Russian threat actors who prohibit their members from attacking entities in Russia.


______________________________________________________________________________

(April 9, 2022)

A DDoS attack took down Finnish govt sites as Ukraine’s President addresses MPs

On April 8, a denial-of-service attack took down the websites of the Finnish ministries of Defense and Foreign Affairs. The attack started at about noon, while Ukrainian President Zelenskyy addressed Finland’s members of parliament (MPs). The Finnish authorities mitigated the attack in around one hour.


______________________________________________________________________________

(April 8, 2022)

How Russia's invasion triggered a U.S. crackdown on its hackers

Over the past two months, President Joe Biden's executive branch has taken more actions to deter and even temporarily disarm Russia's most dangerous hackers than perhaps any previous administration in such a short space of time.

Ref - Wired

______________________________________________________________________________

(April 8, 2022)

Anonymous and the IT ARMY of Ukraine continue to target Russian entities

This week Anonymous claimed to have hacked multiple private businesses and leaked their data through the DDoSecrets platform. The list of recently compromised businesses includes 
Forest - a Russian logging and wood manufacturing firm, Aerogas - an engineering company that focuses in the oil and gas industry, and Petrofort - one of the largest office spaces and business centers in Saint Petersburg.


______________________________________________________________________________

(April 7, 2022)

Disrupting cyberattacks targeting Ukraine

On Wednesday, April 6th, Microsoft obtained a court order authorizing them to take control of seven internet domains Strontium was using to conduct cyber attacks. The company since re-directed those domains to a sinkhole controlled by Microsoft, enabling them to mitigate Strontium’s current use of these domains and enable victim notifications.

Ref - Microsoft 

______________________________________________________________________________

(April 7, 2022)

Website of Russian oil giant Gazprom Neft down after alleged hack

The website of Gazprom Neft, the oil arm of Russian state gas company Gazprom, was offline on Wednesday after an alleged hack, in what appears to be the latest hack on a government-associated site following Russia’s invasion of Ukraine. A statement allegedly from Gazprom CEO Alexie Miller, a close friend of President Vladimir Putin, was briefly displayed on the website.


______________________________________________________________________________

(April 7, 2022)

Anonymous threatens to release secrets after claiming they've hacked Kremlin

The vigilante cyber collective Anonymous has claimed to have gained access to the Kremlin's internal Close Circuit Television system while threatening to 'reveal all of their secrets.' Anonymous reported this security breach through a tweet that attributed the attack to a hacker cell within Anonymous, who goes by the handle @Thblckrbbtworld.

Ref - Unilad

______________________________________________________________________________

(April 7, 2022)

Mystery of alleged Chinese hack on eve of Ukraine invasion, the target was not just Ukraine

Allegations of Chinese cyber activity as the recent conflict broke out in Ukraine have been emerging. The details appear unusually murky but one Western intelligence official believes the aim was espionage - and the cyber-attack may have been broader than previously reported. Since late February, Chinese cyber-actors have been launching cyber-attacks against the government and military networks in Ukraine, Russia, and Belarus," claims one western intelligence official.

Ref - BBC

______________________________________________________________________________

(April 7, 2022)

Russian-backed hackers broke into the Facebook accounts of Ukrainian military officials

A group of hackers with ties to the Belarusian government broke into the Facebook accounts of Ukrainian military officials and posted videos calling on the Ukrainian army to surrender. According to Facebook's parent company, Meta, the posts appeared as if they were coming from legitimate account owners.

Ref - CBS News

______________________________________________________________________________

(April 6, 2022)

Hackers flood the internet with what they say are Russian companies' files

Distributed Denial of Secrets, a private organization, has been working on curating, publishing and promoting giant caches of files leaked from Russia, gathered from a variety of sources, including U.S. police departments, the conservative social media platform Gab and the far-right Oathkeepers, a prominent group involved in the Jan. 6 riot. Ukrainian authorities have also leaked remarkable sets of supposedly sensitive information. They’ve published the personal information of 620 Russian intelligence officers and lists of military personnel they accuse of war crimes.

Ref - NBC News 

______________________________________________________________________________

(April 6, 2022)

Attack on Ukraine telecoms provider caused by compromised employee credentials

Russian hackers used compromised employee credentials to launch the cyber-attack that severely disrupted internet services in Ukraine last week, it has been claimed today. Kyrylo Honcharuk, CIO of Ukrtelecom, Ukraine’s national telecommunications provider targeted in the attack on March 28, said Russia accessed the account of an employee in a region “recently temporarily” occupied, although the exact location was not disclosed.


______________________________________________________________________________

(April 6, 2022)

The myth of the missing cyberwar

Preconceived notions of the role of cyberattacks on the battlefield have made it hard for analysts to see cyber-operations in Ukraine for what they are and for the role they play within Russia’s military campaign. Leaning on these preconceptions will only lead to future policy and intelligence failures.


______________________________________________________________________________

(April 6, 2022)

Anonymous hacker collective leaks one million Kremlin emails

The hacker collective Anonymous claims to have seized around 900,000 emails from deep within the Russian government, in what is perhaps the biggest cyberattack on the Kremlin during Russia's Ukraine offensive yet. The leaked emails have allegedly been taken from Russia's biggest state media network which has been repeatedly accused of spreading propaganda during the conflict.

Ref - Daily Star 

______________________________________________________________________________

(April 6, 2022)

Actions to disrupt Russian cybercrime operation led by FBI Pittsburgh office

The Biden administration has charged a Russian oligarch with violating U.S. government sanctions and has disrupted a cybercrime operation controlled by a Russian military intelligence agency, officials said Wednesday. The actions, announced amid Russia’s ongoing war against Ukraine, underscore what U.S. officials say are their efforts to crack down on Russian criminal activity, choke off the flow of “dirty money” and to disrupt the Kremlin’s malicious cyber acts.


______________________________________________________________________________

(April 6, 2022)

Ukraine warns of cyberattack aiming to hack users' Telegram Messenger accounts

Ukraine's technical security and intelligence service warned of a new wave of cyberattacks that aim to gain access to users' Telegram accounts. "The criminals sent messages with malicious links to the Telegram website in order to gain unauthorized access to the records, including the possibility to transfer a one-time code from SMS," the State Service of Special Communication and Information Protection (SSSCIP) of Ukraine said in an alert.


______________________________________________________________________________

(April 6, 2022)

U.S. disrupts Russian Cyclops Blink botnet before being used in attacks

U.S. government officials announced the disruption of the Cyclops Blink botnet controlled by the Russian-backed Sandworm hacking group before being used in attacks. The malware, used by Sandworm to create this botnet since at least June 2019, is targeting WatchGuard Firebox firewall appliances and multiple ASUS router models. Cyclops Blink enables the attackers to establish persistence on the device through firmware updates, providing remote access to compromised networks.


______________________________________________________________________________

(April 5, 2022)

Russian cyberattacks increase on Ukraine’s critical infrastructure

Cyberattacks from Russia continued to increase in late March, mostly through attempts to gather information from, and spread malware to, Ukrainian critical infrastructure, Ukraine cyber officials said. The same group of Russia-linked hackers that targeted local government agencies in Ukraine with compromised emails also sent malicious emails to Latvian authorities, said Victor Zhora, deputy chief of Ukraine’s State Service of Special Communication and Information Protection, speaking with reporters on Tuesday.


______________________________________________________________________________

(April 5, 2022)

The Russian invasion, cyberwar, and global supply chains

The servers, computers, tablets, and smartphones we use are built-in global supply chains with components and assembly taking place in many countries. An unfriendly nation could require that the components or assembly of computer components taking place within their domain contain “backdoors” that can be exploited for cyber spying or attacks.

Ref - Forbes 

______________________________________________________________________________

(April 5, 2022)


Ukraine spots Russia-linked 'Armageddon' phishing attacks

The Computer Emergency Response Team of Ukraine (CERT-UA) has spotted new phishing attempts attributed to the Russian threat group tracked as Armageddon (Gamaredon). The malicious emails attempt to trick the recipients with lures themed after the war in Ukraine and infect the target systems with espionage-focused malware. CERT-UA has identified two separate cases, one targeting Ukrainian organizations and the other focusing on government agencies in the European Union.


______________________________________________________________________________

(April 5, 2022)

U.S. has ‘stepped up’ to protect Ukraine’s networks - Cyber Command chief

U.S. Cyber Command chief Gen. Paul Nakasone said Tuesday that his organization has “stepped up” its efforts to strengthen Ukraine’s networks and cyber defenses against Russian digital attacks since Moscow began its invasion in February.

Ref - The Record 

______________________________________________________________________________

(April 5, 2022)

Anonymous vows ‘unprecedented attack’ on Russia

Anonymous hackers who have been targeting Russia since the invasion of Ukraine reported more strikes against critical infrastructure sectors — including one using an “improved” iteration of Russian Conti ransomware — and called for the targeting of companies that “have blood on their hands” for continuing to do business in Russia after the massacre of Ukrainian civilians in Bucha.


______________________________________________________________________________

(April 5, 2022)

Anonymous targets the Russian Military and State Television and Radio propaganda

Anonymous leaked personal details of the Russian military stationed in Bucha where the Russian military carried out a massacre of civilians that are accused of having raped and shot local women and children. Leaked data include names, ranks, and passport details of Russians serving in the 64 Motor Rifle Brigade which occupied Bucha prior to March 31


______________________________________________________________________________

(April 4, 2022)

Anonymous releases 'personal data of 120,000 Russian soldiers fighting in Ukraine'

Hacking group Anonymous has claimed to have released 'personal data of 120,000 Russian soldiers fighting in Ukraine.' Anonymous announced yesterday that its latest attack has 'leaked' the personal details of the military. 

Ref - Dailymail 

______________________________________________________________________________

(April 4, 2022)

Hackers steal 900K emails from Russia’s largest state-owned media corporation

Hackers obtained more than 900,000 emails from the All-Russia State Television and Radio Broadcasting Company (VGTRK), the largest state-owned media corporation in the nation. The emails, which appear to encompass over 20 years worth of communications, were provided to the journalism collective Distributed Denial of Secrets (DDoSecrets) by the hacking group known as Network Battalion 65? (NB65).

Ref - Daily Dot

______________________________________________________________________________

(April 4, 2022)

Inside Cyber Front Z, the ‘People’s Movement’ spreading Russian propaganda

A review of the channel by VICE News found that the Cyber Front Z army is used to boost pro-Kremlin videos, commentary, and articles on sites like YouTube, Instagram, and Twitter. The group has pushed many of the baseless conspiracy theories and narratives that the Kremlin has supported throughout this war

Ref - Vice 

______________________________________________________________________________

(April 4, 2022)

Russians bypass website blocks to access Western news sources

A new blog post published today by Cloudflare presents statistical evidence that the netizens of Russia are adopting blockage circumvention tools pretty aggressively to access British, American, and French news sites. At the same time, the Russian government appears unwilling to isolate the country from the global internet, as many suggested was the plan, and also unable to ramp up its resource access blockages due to quality issues.


______________________________________________________________________________

(April 4, 2022)

Multiple hacker groups capitalizing on Ukraine conflict for distributing malware

At least three different APT groups from across the world have launched spear-phishing campaigns in mid-March 2022 using the ongoing Russo-Ukrainian war as a lure to distribute malware and steal sensitive information. The campaigns, undertaken by El Machete, Lyceum, and SideWinder, have targeted a variety of sectors, including energy, financial, and governmental sectors in Nicaragua, Venezuela, Israel, Saudi Arabia, and Pakistan.


______________________________________________________________________________

(April 3, 2022)


During the month of the war almost three times more hacker attacks of various kinds

According to the head of the State Service of Special Communication and Information Protection of Ukraine Yurii Shchygol, hackers attack primarily government agencies, the financial and defense sectors, telecom operators, local authorities, logistics companies and the media. In total, during the month of the war there were almost three times more hacker attacks of various kinds than during a similar period last year.


______________________________________________________________________________

(April 2, 2022)


Cyber espionage actor deploying malware using Excel

Researchers have found that cyber espionage actor UAC-0056, also known as SaintBear, UNC2589, and TA471, is now using a macro-embedded Excel document to target several entities in Ukraine, including ICTV, a private TV channel.


______________________________________________________________________________

(April 2, 2022)


Russian bot farm sends 5,000 messages to Ukrainian officers

Ukraine's intelligence service announced on a Facebook post on Thursday that Russian operatives had engineered a bot farm that sent 5,000 SMS messages to the Ukrainian military and law enforcement officers requesting that they defect and surrender to the Russians.


______________________________________________________________________________

(April 2, 2022)

Anonymous leaked 15 GB of data allegedly stolen from the Russian Orthodox Church

Anonymous continues to target Russian government entities and private businesses, this week the group claimed to have hacked the private firms Thozis Corp and Marathon Group owned by oligarchs. Now the collective announced the hack of the Russian Orthodox Church’s charitable wing and leaked 15GB of data along with 57,000 emails.


______________________________________________________________________________

(April 2, 2022)

Ukraine intelligence leaks names of 620 alleged Russian FSB agents

The Ukrainian Defense Ministry’s Directorate of Intelligence has leaked the alleged personal data of 620 Russian FSB officers. Personal details leaked by the Ukrainian body include names, phone numbers, addresses, vehicle license plates, SIM cards, date and location of birth, signatures, and passport numbers.


______________________________________________________________________________

(April 2, 2022)

China accused of cyber-attacks on Ukraine before Russian invasion

China launched cyber-attacks on Ukrainian military and nuclear targets shortly before the Russian invasion, according to a report. The UK government confirmed that the National Cyber Security Centre was investigating the allegations, which claim that more than 600 websites, including Ukraine’s defense ministry, were subjected to thousands of hacking attempts coordinated by the Chinese government.


______________________________________________________________________________

(April 2, 2022)

Russia’s slow cyberwar in Ukraine begins to escalate, experts say

The war in Ukraine has come with an ever-present threat of cyber catastrophe, as experts and US military officials remain on high alert for potential hacks. And while the big one has yet to come, the battle online continues to escalate. UK intelligence officers warned on Thursday that Russia was increasingly seeking out cyber targets as its ground military campaign in Ukraine stalls.

Ref - The Guardian 

______________________________________________________________________________

(April 1, 2022)

Anonymous targets oligarchs’ Russian businesses: Marathon Group hacked

Anonymous continues to target Russian firms owned by oligarchs, yesterday the collective announced the hack of the Thozis Corp, while today the group claimed the hack of Marathon Group. The group breached the systems of the company and released 62,000 emails (a 52GB archive) through DDoSecrets.


______________________________________________________________________________

(April 1, 2022)

Scammers are exploiting Ukraine donations

A crypto donation scam occurs when perpetrators create phishing websites and emails that contain cryptocurrency wallets asking for donations. Several new domains have been created which are performing this malicious activity, such as ukrainehelp[.]world and ukrainethereum[.]com.

Ref - McAfee

______________________________________________________________________________

(April 1, 2022)

Russian government hackers linked to cyberattack on the first day of Ukraine invasion

Russian government hackers have been linked to an attack on a satellite communications company at the start of the invasion of Ukraine. Businesses and individuals using routers made by Viasat, an American business that provides broadband-speed satellite internet connections, were knocked offline on 24 February.

Ref - Sky 

______________________________________________________________________________

(March 31, 2022)


Multiple hacking groups are using the war in Ukraine as a lure in phishing attempts

According to cybersecurity researchers at Google's Threat Analysis Group (TAG), government-backed hackers from Russia, China, Iran and North Korea, as well as various unattributed groups and cyber-criminal gangs, are using various themes related to the war in Ukraine to lure people into becoming victims of cyberattacks.

Ref - ZDNet 

______________________________________________________________________________

(March 31, 2022)

Viasat confirms satellite modems were wiped with AcidRain malware

A newly discovered data wiper malware that wipes routers and modems has been deployed in the cyberattack that targeted the KA-SAT satellite broadband service to wipe SATCOM modems on February 24, affecting thousands in Ukraine and tens of thousands more across Europe. The malware, dubbed AcidRain by researchers at SentinelOne, is designed to brute-force device file names and wipe every file it can find, making it easy to redeploy in future attacks.


______________________________________________________________________________

(March 31, 2022)

Hackers increasingly using 'Browser-in-the-Browser' technique in Ukraine related attacks

The Belarusian threat actor known as Ghostwriter (aka UNC1151) has been spotted leveraging the recently disclosed browser-in-the-browser (BitB) technique as part of their credential phishing campaigns exploiting the ongoing Russo-Ukrainian conflict. The method, which masquerades as a legitimate domain by simulating a browser window within the browser, makes it possible to mount convincing social engineering campaigns.


______________________________________________________________________________

(March 31, 2022)

Anonymous hacked Russian Thozis Corp, but denies attacks on Rosaviatsia

Anonymous continues to target Russian organizations and private foreign businesses that are still operating in the country. The popular collective claims to have hacked the Russian investment firm Thozis Corp, which is owned by the oligarch Zakhar Smushkin. The hacktivists have stolen thousands of internal emails and shared them with the data leak platform DDoSecrets.

 
______________________________________________________________________________

(March 31, 2022)

Russia seeking cyber targets in countries opposing their move - UK Intelligence Chief warns 

As the Russian aggression in Ukraine continues, Britain's intelligence chief has warned that Russia is finding targets for cyberattacks in the countries that oppose Russian military action. Jeremy Fleming, Director of the Government Communications Headquarters, highlighted that there were expectations that Russia would launch a major cyber attack as part of their military offensive. He made the remarks in a speech at the Australian National University in Canberra.


______________________________________________________________________________

(March 31, 2022)

Malicious update anchored worst cyberattack of Ukraine war

A malicious software command that immediately crippled tens of thousands of modems across Europe anchored the cyberattack on a satellite network used by Ukraine’s government and military just as Russia invaded, the satellite owner disclosed Wednesday.


______________________________________________________________________________

(March 30, 2022)

Did Anonymous carry out a cyberattack on Nestlé?

An odd spat is unfolding between the hacktivism group Anonymous and food & beverage giant Nestlé. A leak of internal company data has appeared, and an Anonymous-affiliated group has claimed responsibility for releasing it. But Nestlé says that the incident is not a cyber attack but an internal data leak.

Ref - CPO Magazine 

______________________________________________________________________________

(March 30, 2022)

Russian phishing attacks target NATO, European military

The Google Threat Analysis Group (TAG) says more and more threat actors are now using Russia's war in Ukraine to target Eastern European and NATO countries, including Ukraine, in phishing and malware attacks. The report's highlights are credential phishing attacks coordinated by a Russian-based threat group tracked as COLDRIVER against a NATO Centre of Excellence and Eastern European militaries.


______________________________________________________________________________

(March 30, 2022)


Viasat shares details on KA-SAT satellite service cyberattack

US satellite communications provider Viasat has shared an incident report regarding the cyberattack that affected its KA-SAT consumer-oriented satellite broadband service on February 24, the day Russia invaded Ukraine. The incident report comes after the KA-SAT satellite network was affected by a cyberattack that triggered satellite service outages in Central and Eastern Europe.


______________________________________________________________________________

(March 30, 2022)


Phishing campaign targets Russian govt dissidents with Cobalt Strike

A new spear-phishing campaign is taking place in Russia targeting dissenters with opposing views to those promoted by the state and national media about the war against Ukraine. The campaign targets government employees and public servants with emails warning of the software tools and online platforms that are forbidden in the country.


______________________________________________________________________________

(March 29, 2022)


Anonymous hacks two Russian industrial firms, leak 112GB of data for Ukraine

Anonymous has taken Operation OpRussia a step further by targeting MashOil and RostProekt, which happened to be giants in their respective industries. Anonymous has claimed responsibility for targeting MashOil and stealing a whopping 110 GB worth of its data. Further, the threat group claimed to target RostProekt over the weekend and leaked 2.4GB worth of files containing email data.

Ref - Hackread

______________________________________________________________________________

(March 29, 2022)


Personal data of 620 FSB officers published online

The Ukrainian Defense Ministry’s Directorate of Intelligence has published what it claims is the personal data of hundreds of Russian intelligence officers online. The data, which was published on Monday, contains the names, addresses and phone numbers of 620 individuals who Ukraine asserts to be officers of Russia’s Federal Security Service (FSB) involved in “criminal activities” in Europe.


______________________________________________________________________________

(March 29, 2022)


Oversight of the FBI cyber division over the Russia-Ukraine conflict

The FBI’s work to identify and disrupt cyber threats emanating from Russia against Ukraine, its allies, and the U.S. networks is an excellent example of how the FBI uses its unique authorities, capabilities, and partnerships as part of the global fight against the malicious cyber activity. When it comes to disrupting and countering Russian cyber activity, in particular, its work is building on the FBI’s decades of expertise in countering foreign intelligence and cyber threats in the United States.

Ref - FBI 

______________________________________________________________________________

(March 29, 2022)


Leaked hacker logs show weaknesses of Russia’s cyber proxy ecosystem

A series of documents leaked from Conti’s internal file management and company chat accounts has illustrated much about how the organization operates. Importantly, leaked files show how the blended criminal-political identity of the group has led to a schism among its employee base and the need to suspend many activities, at least for the time being.

 
______________________________________________________________________________

(March 29, 2022)


U.S. airport hit with cyberattack over Ukraine

The website of Bradley International Airport in Windsor Locks, Connecticut, was reportedly hit with a cyberattack Tuesday, according to the situational awareness update service CyberKnow. A translated message left by the hackers said that "when the supply of weapons to Ukraine stops, attacks on the information structure of your country will instantly stop," CyberKnow reported. "America, no one is afraid of you," the message added.

Ref - Newsweek

______________________________________________________________________________

(March 28, 2022)


Anonymous is working on a huge data dump that will blow Russia away

Anonymous claims that it is currently working on another data leak that could have a devastating impact on the Russian government. Anonymous has promised upcoming glamorous dumps, it also launched a new site, Anonymousleaks, to host future leaks. The “huge” data dump announced by the group will be available “within the next 1-2 weeks.” The group claims to have exfiltrated 1.22 terabytes from the target.


______________________________________________________________________________

(March 28, 2022)


While Twitter suspends Anonymous accounts, the group hacked VGTRK Russian Television and Radio

Anonymous claims that the @OpsAn0n account was suspended by Twitter, likely to prevent the spreading of data stolen from the Central Bank of Russia or information related to other attacks conducted by the collective. Anyway, data exfiltrated during the Anonymous #OpRussia operation, including the info stolen from the Central Bank of Russia, is available through the leak site DDoSsecrets. Anonymous NB65 group also claimed to have hacked All-Russia State Television and Radio Broadcasting Company (VGTRK), which is one of the accused to be a propaganda vector of Putin.


______________________________________________________________________________

(March 28, 2022)


Ukraine dismantles 5 disinformation bot farms, seizes 10,000 SIM cards

The Ukrainian Security Service (SSU) has announced that since the start of the war with Russia, it has discovered and shut down five bot farms with over 100,000 fake social media accounts spreading fake news. The network, which operated in Kharkiv, Cherkasy, Ternopil, and Zakarpattia, aimed to discourage Ukrainian citizens and instill panic by distributing false information about the Russian invasion and the status of the defenders.


______________________________________________________________________________

(March 28, 2022)


Hacked WordPress sites force visitors to DDoS Ukrainian targets

MalwareHunterTeam discovered a WordPress site compromised to use this script, targeting ten websites with Distributed Denial of Service (DDoS) attacks. These websites include Ukrainian government agencies, think tanks, recruitment sites for the International Legion of Defense of Ukraine, financial sites, and other pro-Ukrainian sites.


______________________________________________________________________________

(March 28, 2022)


GhostWriter APT targets state entities of Ukraine with Cobalt Strike Beacon

Ukraine CERT-UA uncovered a spear-phishing campaign conducted by Belarus-linked GhostWriter APT group targeting Ukrainian state entities with Cobalt Strike Beacon. The phishing messages use a RAR-archive named “Saboteurs.rar”, which contains RAR-archive “Saboteurs 21.03.rar.” This second archive contains SFX-archive “Saboteurs filercs.rar,” experts reported that the file name contains the right-to-left override (RTLO) character to mask the real extension.


______________________________________________________________________________

(March 28, 2022)


Triton malware still a threat to energy sector, FBI warns

Triton malware remains a threat to the global energy sector, according to an FBI warning. The new FBI warning [PDF] came a day after the US Department of Justice unsealed a pair of indictments that detail alleged Russian government efforts to use supply chain attacks and malware in an attempt to compromise and control critical infrastructure.

Ref - The Register 

______________________________________________________________________________

(March 28, 2022)


Secret world of the pro-Russia hacking group exposed in a leak

A Ukrainian researcher revealed the operations of Trickbot, one of the most powerful cybercriminal enterprises with its Conti ransomware, after the group defended Russia; chats range from hospital attack plans to hackers grousing about vacation


______________________________________________________________________________

(March 28, 2022)


‘Most severe’ cyberattack since Russian invasion crashes Ukraine internet provider

Victor Zhora, deputy head of the State Service for Special Communications and Information Protection, confirmed to Forbes that the government was investigating the attack. He said it’s not yet known whether Ukrtelecom - a telephone, internet and mobile provider - has been hit by a distributed denial of service (DDoS) attack or a deeper, more sophisticated intrusion.

Ref - Forbes 

______________________________________________________________________________

(March 28, 2022)


Data published on Ukraine DDoS attacks

Ukraine's telecoms infrastructure is under "constant scrutiny by hostile hacker groups" as DDoS attacks on the country's networks soar. The conclusion was drawn by coms provider and infraco Datagroup, which last week said it had resolved more than 350 DDoS attacks on Ukraine's telecom network during one month of war.


______________________________________________________________________________

(March 28, 2022)


Ukraine fallout expected to test companies’ hardened cyber defenses

Analysts at Moody’s, in a March note, warned that the conflict “is raising the risk of worldwide cyber-attacks against critical infrastructure assets, along with a possible further escalation and increased frequency of cyberattacks against private companies and other organizations”.


______________________________________________________________________________

(March 28, 2022)


Russia facing internet outages due to equipment shortage

Russia's RSPP Commission for Communications and IT, the country's largest entrepreneurship union, has warned of imminent large-scale service Internet service outages due to the lack of available telecom equipment. To raise awareness, the commission has compiled a document that reflects the practical challenges facing the industry in Russia at this time and also presents a set of proposals specifically crafted to alleviate them.


______________________________________________________________________________

(March 28, 2022)


86% of organizations believe they've faced a nation-state cyber-attack

Nearly nine in 10 (86%) organizations believe they have been targeted by a nation-state threat actor, according to a new study by Trellix and the Center for Strategic and International Studies (CSIS). Unsurprisingly, Russia and China were identified as the most likely suspects behind such attacks.


______________________________________________________________________________

(March 27, 2022)


Half a million cyber-warriors are fighting Russia: Ukrainian official

The army of cyberwarriors fighting for Ukraine is around half a million and can be divided into three groups. The first group is a volunteer community that is united into an IT Army. They provide cyber resilience and can provide some offensive operations. The second group consists of dozens of teams of cybersecurity professionals who help government structures resist cyberaggression. The third is the activist community around the globe that helps Ukraine resist attacks and they are solely responsible for their actions.

Ref - The Week 

______________________________________________________________________________

(March 26, 2022)


Russian cyberattacks 'attractive' to Putin - Experts

Cyberattacks are an "attractive" offensive tactic for Russian President Vladimir Putin amid his invasion of Ukraine because they fall "below the threshold of war." That's according to Snehal Antani, the founder of cybersecurity company Horizon3 who recently retired as the first chief technical officer for the Army's Joint Special Operations Command (JSOC).

Ref - Yahoo

______________________________________________________________________________
 
(March 26, 2022)


Elon Musk says 'hackers tried to hack Starlink internet system'

Amid the ongoing Russia-Ukraine war, Tesla chief Elon Musk said on Friday that since the start of the war in Ukraine, hackers have tried to hack into the global internet system. Musk said that his satellite internet constellation has resisted all the hacking and jamming attacks.


______________________________________________________________________________

(March 26, 2022)

Russia-Ukraine conflict: 3 major types of cyberattacks detected so far

There were three major types of cyberattacks detected so far in the conflict of Russia-Ukraine. Hermetic Wiper Malware attack, which corrupts each physical drive's Master Boot Record (MBR) which contains information on how file systems and partitions are organized. The distributed denial of service (DDoS) attacks, that results in the takedown of websites. And the Website defacement attacks, when a hacker is able to alter or erase information on a website.


______________________________________________________________________________

(March 26, 2022)


Kaspersky named first Russian company on security risk list

The U.S. placed internet-security provider AO Kaspersky Lab on a list of companies deemed a threat to national security, for the first time adding a Russian entity to a list dominated by Chinese telecommunications firms. The Federal Communications Commission on Friday also added China Telecom (Americas) Corp, and China Mobile International USA Inc. to the list. The FCC has been increasing its focus on Russian telecommunications since Russia invaded Ukraine in February.

Ref - LiveMint 

______________________________________________________________________________

(March 25, 2022)


Racoon Stealer malware suspends operations due to war in Ukraine

The cybercrime group behind the development of the Racoon Stealer password-stealing malware has suspended its operation after claiming that one of its developers died in the invasion of Ukraine. The threat actors behind the Racoon Stealer posted to Russian-speaking hacking forums that they are suspending their operation after one of their core developers was killed in the invasion of Ukraine.


______________________________________________________________________________

(March 25, 2022)


Threat of Russian cyberattack looms, but NATO expert says military escalation unlikely

Europe has seen the worst security crisis since World War II following Russian President Vladimir Putin’s deadly invasion into Ukraine last month, but security experts have warned that another threat is looming in the form of cyber warfare. The magnitude of Russia’s cyber capacity is fairly consequential and it’s coming.

Ref - Yahoo 

______________________________________________________________________________

(March 25, 2022)


University experts: Cyber war with Russia uncertain

Cybersecurity and national security experts at Kennesaw State University, Duquesne University and the Naval Postgraduate School say Russia may target private enterprise, supply chains or no one, and only time will tell.

 
______________________________________________________________________________

(March 25, 2022)


Cyber-attacks may be planned, carried out faster than a gunshot

Cyber-attacks may be planned and carried out faster than a gunshot, said mFilterIt, a fraud detection, and prevention firm. “We are living in such extraordinary times that a cyber-attack may be planned and carried out faster than a gunshot. And, in this environment, having a weak link can jeopardize a company’s or a country’s core infrastructure systems,’‘ said Amit Relan, Co-founder and Director of mFilterIt.

Ref - The Hindu 

______________________________________________________________________________

(March 25, 2022)

Seven ways Anonymous is trying to undermine Putin from ‘government website hacks

Hacking group Anonymous has been taking shots at Russian President Vladimir Putin since the invasion of Ukraine. The group has claimed credit for multiple hacks on Russian government databases and state TV channels, where they broadcasted pro-Ukraine content. the group has claimed credit for a variety of hacks on Russian government databases, websites, and other entities associated with Putin.

Ref - The Sun

______________________________________________________________________________

(March 25, 2022)

Russia hacked Ukrainian satellite communications, officials believe

Western intelligence agencies are investigating the hacking of Viasat, which provides communications through a network of satellites. It appears to have been hit by a sophisticated cyber-attack that wiped devices on the day the invasion began. It also affected other countries in Europe, although not the UK. Viasat told the BBC that it was replacing some customers' modems but its core network infrastructure and the satellite itself were not damaged.

Ref - BBC 

______________________________________________________________________________

(March 24, 2022)


TTPs of indicted state-sponsored Russian cyber actors targeting the energy sector

This joint Cybersecurity Advisory (CSA)—coauthored by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Energy (DOE)—provides information on multiple intrusion campaigns conducted by state-sponsored Russian cyber actors from 2011 to 2018 and targeted U.S. and international Energy Sector organizations.

Ref - CISA

______________________________________________________________________________

(March 24, 2022)

Russian military behind hack of satellite communication devices in Ukraine at war’s outset, U.S. officials say

U.S. intelligence analysts have concluded that Russian military spy hackers were behind a cyberattack on a satellite broadband service that disrupted Ukraine’s military communications at the start of the war last month, according to U.S. officials familiar with the matter. The U.S. government, however, has not announced its conclusion publicly. 


______________________________________________________________________________

(March 24, 2022)


Researchers tie Ukraine cyber intrusion attempt to suspected Chinese threat actor ‘Scarab’

CERT-UA released an alert on Tuesday about an attempted intrusion by a threat actor they tagged as UAC-0026 and cybersecurity firm SentinelOne confirmed on Thursday that the culprit is ‘Scarab,’ a group that was first identified in 2015. “The government team for responding to computer emergencies in Ukraine, CERT-UA, found the RAR-archive, ‘On the preservation of video recordings of the criminal actions of the army of the Russian Federation.rar,’ which contains the EXE-file of the same name,” CERT-UA explained.


______________________________________________________________________________

(March 24, 2022)


Russia-Ukraine war: Cyberattacks will only increase, says ex-NSA chief

Western businesses are likely to become cyber targets in an economic war with Russia in an unprecedented way in the coming weeks, former National Security Agency and US Cyber Command Chief Admiral Mike Rogers said in an interview. The former NSA director started by saying that in the cyber conflicts between Russia, Ukraine, and others: “There has been more going on than what has been actively reported."


______________________________________________________________________________

(March 24, 2022)


Ukraine’s battle to protect the internet

Volodymyr Lutchenko, the chief technology officer at Kyivstar, Ukraine’s biggest broadband and mobile carrier, said that his employees have been working tirelessly to keep networks operating in spite of the Russian assault. From an office in western Ukraine, he explained that there are two causes of network outages at the moment — power cuts and destruction of telecoms infrastructure at the hands of Russian forces.


______________________________________________________________________________

(March 24, 2022)


‘Cyber elves’ fighting Russian trolls on Facebook

Tens of thousands of volunteers in Europe are helping Ukraine by battling Russian trolls on Facebook. They call themselves "elves" and their goal is to expose Kremlin propaganda and disinformation. Disinformation about Russia's invasion of Ukraine is so prevalent, it has overtaken COVID and masks.

Ref - USA Today 

______________________________________________________________________________

(March 24, 2022)


Hackers attacked satellite terminals through management network, Viasat officials say

The Viasat officials said that the attack did not affect users of the KA-SAT network who bought their broadband directly from Viasat, only users inherited as part of the Eutelsat deal. Under the transition agreement governing the KA-SAT acquisition, the KA-SAT networks had continued to be managed by Skylogic SPA, an Italian subsidiary of Eutelsat, along with other Eutelsat networks, Viasat officials said. The first official contended that the attack would not have succeeded on the global network directly managed by Viasat.


______________________________________________________________________________

(March 24, 2022)

Could Russia launch a cyberattack on the US power grid?

A highly disturbing and realistic possibility — one, in fact, that has been a headache for years — has moved up a notch amid the Russia-sparked war in Ukraine. Russia could launch a devastating attack on the U.S. power grid. The country has inflicted malware on America in the past and might not be particularly concerned about the ramifications.


______________________________________________________________________________

(March 24, 2022)

Mustang Panda hacking group takes advantage of Ukraine crisis in new attacks

Researchers have exposed a Mustang Panda campaign that is taking advantage of the Russia-Ukraine conflict to spread new malware. On March 23, researchers from ESET said that Mustang Panda, a Chinese cyberespionage group also tracked as TA416, RedDelta, and Bronze President has been spreading a new Korplug/PlugX Remote Access Trojan (RAT) variant. 

Ref - ZDNet

______________________________________________________________________________

(March 24, 2022)

The fog of cyberwar

With Ukraine fending off Russia's invasion, every new hack — like the recent exploits of the Lapsus$ group — ends up being viewed not only on its own terms but through the lens of that conflict. Each time a new incident comes to light, security leaders ask themselves: "Is it Russia? Is it someone who wants us to think it's Russia? Is it just somebody who thinks we might be more vulnerable because we're so busy dealing with Russia?"

Ref - Axios

______________________________________________________________________________

(March 24, 2022)

Inside Ukraine’s online defense: the battle against Moscow’s cyberattacks

A month into the Kremlin’s war, Ukrainian officials have taken solace that critical networks have withstood weeks of cyber assaults, but as one official warned, Russia’s vaster resources meant it could steadily wear down the online resistance. This account of the first phase of Russia’s cyberwar on Ukraine is based on interviews with Ukrainian and Western officials with direct knowledge of the events, many of which have not been previously reported.


______________________________________________________________________________

(March 24, 2022)

Practical steps for responding to the CISA warning on Russian cyberattacks

All organizations, public and private should stay vigilant and prepare for possible intrusions. To do this, security and business leaders alike should review and heed the advice in CISA's Shields Up, which offers guidance to improve overall hygiene and defenses, detect and respond to potential intrusions, and maximize organizational resilience.

Ref - CSO Online 

______________________________________________________________________________

(March 24, 2022)


Anonymous claims to have hacked the Central Bank of Russia

Anonymous continues to target Russian government organizations and private businesses, now it is claiming to have hacked the Central Bank of Russia. The popular hacker collective claims to have compromised the systems of the Central Bank of Russia and stole 35,000 files, it announced that will leak it in 48 hours.


______________________________________________________________________________

(March 23, 2022)


Russia bans Google News for "unreliable" info on the war in Ukraine

Roskomnadzor, Russia's telecommunications regulator, has banned Alphabet's news aggregator service Google News and blocked access to the news.google.com domain for providing access to "unreliable information" on the ongoing war in Ukraine. The mentioned U.S. Internet news resource provided access to numerous publications and materials containing unreliable, publicly significant information about the course of the special military operation in Ukraine.


______________________________________________________________________________

(March 23, 2022)


Ukrainian enterprises hit with the DoubleZero wiper

“On March 17, 2022, the government team responding to computer emergencies in Ukraine CERT-UA discovered several ZIP archives, one of which was called “Virus … extremely dangerous !!!. Zip”. ” reads the advisory published by CERT-UA. “As a result of the analysis, the identified programs are classified as DoubleZero – a malicious destructor program developed using the C # programming language.”


______________________________________________________________________________

(March 23, 2022)


Hackers are targeting European refugee charities: Ukrainian official

Hackers are targeting European charity groups working to help Ukrainian refugees fleeing the country following Russia's invasion, a senior Ukrainian cybersecurity official said on Wednesday. Victor Zhora, the deputy chief of Ukraine's State Service of Special Communications and Information Protection, did not provide much further detail. His comments follow a report published earlier this month that alleged that unidentified hackers were trying to disrupt European government personnel involved in managing the massive flow of refugees out of the country. 

Ref - Reuters 

______________________________________________________________________________

(March 23, 2022)


The three Russian cyberattacks the West most fears

Ukraine has remained relatively untroubled by Russian cyber-offensives but experts now fear that Russia may go on a cyber-offensive against Ukraine's allies. The recent hacks that experts most fear, include the BlackEnergy attack (targeted critical infrastructure attack), NotPetya attack (uncontrollable destruction), and Colonial Pipeline attack.

Ref - BBC

______________________________________________________________________________

(March 23, 2022)

A Mysterious Satellite Hack Has Victims Far Beyond Ukraine

The Viasat hack is arguably the largest publicly known cyberattack to take place since Russia invaded Ukraine, and it stands out for its impact beyond Ukraine’s borders. Almost a month after the attack, the disruptions continue. Thousands still remain offline in Europe—around 2,000 wind turbines are still disconnected in Germany—and companies are racing to replace broken modems or fix connections with updates. Multiple intelligence agencies, including those in the US and Europe, are also investigating the attack. 

Ref - Wired 

______________________________________________________________________________

(March 23, 2022)


Russia wants cyber treaty 'Before It's Too Late,' US hopes world rejects it

A senior State Department official has told that the United States is calling on the world to reject an appeal by Russia's top cyber diplomat to engage in efforts to establish a global treaty to avoid an all-out war in the digital realm. The senior Russian diplomat Andrey Krutskikh warned that "a cyberattack, be it accidental or intended, including [one] perpetrated under a false flag, can easily trigger an escalation between states, leading to a full-scale confrontation."

Ref - Newsweek 

______________________________________________________________________________

(March 23, 2022)


Ukraine conflict presents a minefield for Anonymous and hacktivists

The Russian invasion of Ukraine has sparked a surge of volunteer hackers, or hacktivists, battling on the digital frontline with Moscow. Groups such as Anonymous, Squad303, and Cyber Partisan have carried out several cyberattacks against Russian targets over the past few weeks. But these highly publicized attacks against Russian sites also pose a danger.

Ref - France24

______________________________________________________________________________

(March 23, 2022)


Hackers attack Croatian Daily, post Kremlin propaganda

Croatian police are probing Tuesday’s hacking of the daily Slobodna Dalmacija website by an unknown assailant. The paper reported that “a couple of older articles in Slobodna Dalmacija were replaced with articles promoting Russian propaganda in the war with Ukraine”. Around ten articles were replaced, it wrote. 


______________________________________________________________________________

(March 23, 2022)


Cyberattacks from Chinese IPs surge during Ukraine invasion

Check Point Research (CPR), the research wing of the cybersecurity software firm Check Point, has observed an increase in cyberattacks aimed at NATO countries. Examining the trend before and after Russia’s invasion of Ukraine, it was found that cyberattacks from Chinese IP addresses jumped by 116 percent on NATO countries and 72 percent worldwide last week, in comparison to the figure before the conflict.


______________________________________________________________________________

(March 23, 2022)


Hacktivists, new and veteran, target Russia with one of cyber’s oldest tools

Shane Huntley, the head of Google’s Threat Analysis Group which tracks hacking trends, said that DDoS attacks are appealing to novice hackers because widely available programs make them easy to deploy. They can also make a visible, immediate impact.

Ref - NBC News

______________________________________________________________________________

(March 23, 2022)


Ukrainian coders are splitting their time between work and cyber-warfare

Hordes of Ukrainian coders are splitting their time between doing their day jobs and fighting a cyberwar with Russia. Ukraine is one of the biggest software development hubs in Eastern Europe and its coders are world-renowned. The cyberwar is reportedly a two-way battle. In the first three days following the invasion, online attacks against Ukrainian military and governmental sectors increased by 196%, according to Check Point Research.

Ref - CNBC 

______________________________________________________________________________

(March 22, 2022)


Anonymous hacked Nestlè and leaked 10 GB of sensitive data

The popular Anonymous hacktivist collective announced to have hacked Nestlè and leaked 10 GB of sensitive data because the food and beverage giant continued to operate in Russia. The group leaked a sample of data containing more than 50K Nestlé business customers. Nestlé declared that it has decided to continue to operate in Russia because it will not profit from its operations there.

 
______________________________________________________________________________

(March 22, 2022)


The U.K. echoes Biden's warning on Russian cyberattacks

The United Kingdom’s top cyber authority on Tuesday backed the Biden administration’s call for vigilance and beefed up security against potential Russian digital attacks as Moscow’s invasion of Ukraine grinds to a stalemate. “In heightened periods of international tension all organizations should be vigilant to cyber risks, and for several months the NCSC has been advising organizations to bolster their cyber security,” the National Cyber Security Centre (NCSC) said in a statement.


______________________________________________________________________________

(March 22, 2022)


FBI sees growing Russian hacker interest in US energy firms

An FBI advisory obtained by The Associated Press on Tuesday says Russian hackers have scanned at least five energy companies for vulnerabilities and at least 18 other companies in sectors including the defense industrial base and financial services. The advisory does not identify any of the companies.


______________________________________________________________________________

(March 22, 2022)

Cyber expert lays out potential biggest targets if Russia retaliates against the US

"If they [hackers] are weaponized by a nation-state, you know, they've got the resources and they've got the time," Brent Bigelow, who has been a cybersecurity expert in the Charlotte area for 35 years, said. Since Russia invaded Ukraine, cyberattacks in the U.S. are up by roughly 80%, Bigelow said. He added Russian hackers are likely to go for financial institutions like banks as one of their first targets.

Ref - WCNC 

______________________________________________________________________________

(March 22, 2022)

AI experts warn of potential cyberwar facing the banking sector

U.S. authorities have cautioned banks about possible cyberattacks following Russia’s recent invasion of Ukraine, but experts say financial institutions also face particular risks in a more murky area of their business—the now ubiquitous artificial-intelligence models that handle everything from lending to trading.

 
______________________________________________________________________________

(March 22, 2022)

Ukraine issues alert amid rising cyberattacks by Russia

CERT-UA, a government team build to respond to computer emergencies in Ukraine, recently released a report informing about a cyberattack where phishing email campaigns were using the subject of the UKR.NET service and QR codes to steal Ukrainian data, found evidence indicating towards the hacking group APT28.

Ref - India Today 

______________________________________________________________________________

(March 22, 2022)

White House shares checklist to counter Russian cyberattacks

The White House is urging U.S. organizations to shore up their cybersecurity defenses after new intelligence suggests that Russia is preparing to conduct cyberattacks in the near future. With the U.S. imposing strict sanctions against Russia and aiding Ukraine in the war, the White House is expecting the Kremlin to retaliate with cyberattacks against critical infrastructure and U.S. interests.


______________________________________________________________________________

(March 22, 2022)


Experts say Russia’s war on Ukraine is accelerating the ‘splinternet

Russia’s war on Ukraine is bringing on the arrival of the “splinternet.” The splinternet refers to the splintering of cyberspace into disparate realms controlled by autonomous political blocs or any other controlling power—such as tech or e-commerce companies, or countries with diverging national interests tied to nationalism or religion.

Ref - Fortune 

______________________________________________________________________________

(March 22, 2022)


Anonymous hackers tell companies still operating in Russia to 'pull out’

International hacking collective Anonymous has warned Western companies who are continuing to operate in Russia to pull out or risk facing cyberattacks in light of the invasion of Ukraine. Anonymous' official Twitter account posted yesterday that companies had 48 hours to 'pull out’ of Russia or face becoming a target of further attacks.

 
______________________________________________________________________________

(March 22, 2022)


Top Russian meat producer hit with Windows BitLocker encryption attack

Moscow-based meat producer and distributor Miratorg Agribusiness Holding has suffered a major cyberattack that encrypted its IT systems, according to a report from Rosselkhoznadzor - the Russian federal veterinary and phytosanitary supervision service. The announcement notes that the attackers leveraged the Windows BitLocker feature to encrypt files, essentially performing a ransomware attack.


______________________________________________________________________________

(March 21, 2022)


While Russian tanks attack, Ukrainian supporters hack back

The Ukrainian government began recruiting local tech specialists for its so-called “cyber forces” unit even before the latest Russian invasion. People online — some from Ukraine and some from abroad — are all contributing to a radically decentralized cyberwar landscape, where even playing an online game can be contributing to the digital fight against the Russian invasion. 


______________________________________________________________________________

(March 21, 2022)

Ukraine hacktivism fights threaten open-source software

There's a new battlefront in the raging debate over whether civilian technologists should play any role in punishing Russia for invading Ukraine. A volunteer who maintains an immensely popular open-source software tool updated the tool to wipe data from computers in Russia and its ally Belarus, Joseph Cox reports for Motherboard.


______________________________________________________________________________

(March 21, 2022)


From Instagram to Paypal, Russia's internet is being dismantled as a digital iron curtain descends

A digital iron curtain is falling on Russia — the equivalent of the political boundary dividing Europe during the Cold War. On February 23, the night before the invasion, Russia's internet saw a sharp spike in latency, or the amount of time it takes for a data packet to travel from one designated point to another. The spike points to congestion, which suggests the Russian state was either censoring online content or deliberately slowing the internet to restrict access to news media.

Ref - ABC 

______________________________________________________________________________

(March 21, 2022)


Biden warns business leaders to prepare for Russian cyberattacks

President Joe Biden on Monday issued an urgent warning to American business leaders, telling them to strengthen their companies' cyber defenses immediately. Speaking at the Business Roundtable Quarterly Meeting in Washington, Biden said Russian President Vladimir Putin is likely to use cyber attacks as a form of retaliation against the United States for its actions to counter Russia's incursion on Ukraine.

Ref - CNN
 
______________________________________________________________________________

(March 21, 2022)


Russia’s cyber warfare front goes missing in Ukraine

Despite being one of the world’s foremost offensive cyber powers, the Russian invasion of Ukraine has, in the words of former UK National Cyber Security Center head Ciaran Martin, been “conventional in its brutality”. And that has implications for investment in defense by Western governments.

Ref - Verdict 

______________________________________________________________________________

(March 21, 2022)


Ukraine warns of InvisiMole attacks tied to state-sponsored Russian hackers

Ukrainian security officials have warned of ongoing attacks by InvisiMole, a hacking group with ties to the Russian advanced persistent threat (APT) group Gamaredon. Last week, the Computer Emergency Response Team for Ukraine (CERT-UA) said that the department has been advised of new phishing campaigns taking place against Ukrainian organizations that spread the LoadEdge backdoor. 

Ref - ZDNet 

______________________________________________________________________________

(March 21, 2022)


Russian invasion of Ukraine stirs up ‘cyberchaos’ of information warfare

The ongoing information warfare amid Russia’s invasion of Ukraine is in a state of “cyberchaos,” according to Keio University Prof. Motohiro Tsuchiya, who specializes in international relations and cybersecurity. The latest invasion is the first full-scale war since social media has become widespread. As anyone has become able to transmit information, a massive amount of accurate information and misinformation has been in circulation.

 
______________________________________________________________________________

(March 21, 2022)


Russian cyberattacks are struggling to impact Ukraine’s networks

Over 400,000 people have volunteered to help the Ukrainian government, using digital means to disrupt Russian government and military targets, according to a Ukrainian cybersecurity official. Although cyberattacks within Ukraine have had mixed success, there have been significant attacks on other targets. US, French and Ukrainian intelligence agencies are investigating an apparent cyberattack against ViaSat Inc, according to a report from Reuters.

Ref - The Star 

______________________________________________________________________________

(March 20, 2022)


More Conti ransomware source code leaked on Twitter out of revenge

A Ukrainian security researcher has leaked newer malware source code from the Conti ransomware operation in revenge for the cybercriminals siding with Russia on the invasion of Ukraine. Conti Leaks uploaded the source code for Conti version 3 to VirusTotal and posted a link on Twitter. While the archive is password-protected, the password should be easily determined from subsequent tweets.

 
______________________________________________________________________________

(March 20, 2022)


Anonymous: How hackers are trying to undermine Putin

Of all the cyber-attacks carried out since the Ukraine conflict started, an Anonymous hack on Russian TV networks stands out. The hack was captured in a short video clip which shows normal programming interrupted with images of bombs exploding in Ukraine and soldiers talking about the horrors of the conflict. One of the smaller groups of Anonymous hackers said that they were responsible and that they took over TV services for 12 minutes. Other additional sub-groups, including Squad 303, have been taking part in the Ukraine-Russia conflict.

Ref - BBC 

______________________________________________________________________________

(March 20, 2022)


The cyber warfare predicted in Ukraine may be yet to come

There are several factors that would explain why Moscow’s proven cyber capabilities took a back seat in the overall strategy. For one, it seems the Kremlin kept battle-planning to a small group that may have excluded the Russian security services’ cyber personnel. Moreover, Moscow might have a plan to keep networks operational for their own use. If the Kremlin thought Ukrainians would fold in the face of a lightning strike on the capital, then they would have wanted to maintain critical infrastructure services for when they moved in.


______________________________________________________________________________

(March 20, 2022)


Anonymous leaks data stolen from Russian oil pipeline company Transneft

Anonymous collective claims it has hacked Omega Company, which is the in-house R&D unit of Transneft, the Russia-based state-controlled oil pipeline company. The data leaked as part of Transneft’s Omega Company hack contain the email accounts data of company employees. The stolen data includes invoices, equipment technical configurations, and product shipment information.


______________________________________________________________________________

(March 19, 2022)


Anonymous has unleashed a successful cyber war to undermine Putin’s Ukraine invasion

The hacktivist collective has claimed responsibility for disabling government, corporate, and news websites. Anonymous has claimed that it successfully infiltrated Russian state TV to show citizens the devastation of Putin's invasion of Ukraine. It also leaked emails and files from government agency Roskomnadzor, responsible for censoring Russian media.

Ref - Fortune

______________________________________________________________________________

(March 18, 2022)


Cyberattack targeted 21 natural gas producers on the eve of the Russian invasion of Ukraine

A new report says that hackers executed a major cyber attack campaign against multiple natural gas producers in the United States ahead of Russia’s invasion of Ukraine. Bloomberg News reported that the cyberattacks targeted at least 21 companies involved in the production, exportation, and distribution of liquified natural gas. The cyberattack targeted major energy companies, including Chevron, Cheniere Energy, and Kinder Morgan.

Ref - CPO Magazine 

______________________________________________________________________________

(March 18, 2022)


This game crowdsources cyberattacks against Russian websites

A Lviv-based team of Ukrainian software engineers have developed an online game called “Play for Ukraine” that crowdsources and gamifies participation in Dedicated Denial of Service (DDOS) attacks against selected Russian government and media websites.

Ref - Fast Company 

______________________________________________________________________________

(March 18, 2022)


Britain, U.S. agencies warn of satellite communications risks after Ukraine hack

Britain and the United States have warned organizations of the risks associated with using satellite communications following a cyberattack on satellite internet modems as Russia invaded Ukraine.

Ref - Reuters

______________________________________________________________________________

(March 18, 2022)


Russian cyberattacks are struggling to impact Ukraine’s networks

Russian cyberattacks have so far struggled to successfully target Ukraine’s critical national infrastructure, according to government officials. While they are aware of Russian intent to disrupt or infiltrate Ukrainian systems, according to the officials, they have continued to function and Ukraine has mounted a strong defense.


______________________________________________________________________________

(March 18, 2022)


Cyber attackers tap cloud-native technologies in Russia-Ukraine war

Aqua said it gathered data from public repositories that contain code and tools for targeting cyber-aggression on both sides of the conflict. Then it analyzed container images in Docker Hub and popular code libraries and software packages (including PyPI, NPM, Ruby), searching for names and text labels that called for action against either side. Of the public sources, about 40% of the packages were denial-of-service (DoS) activity aimed at online services.

Ref - Venafi

______________________________________________________________________________

(March 18, 2022)


Google: Chinese state hackers target Ukraine’s government

Google's Threat Analysis Group (TAG) says the Chinese People's Liberation Army (PLA) and other Chinese intelligence agencies are trying to get more info on the ongoing Russian war in Ukraine. Google TAG Security Engineer Billy Leonard says Google notified Ukrainian government organizations targeted by a Chinese-sponsored hacking group. 


______________________________________________________________________________

(March 17, 2022)


Ukraine war: Financial sector 'on high alert' for cyberattacks, CrowdStrike CEO says

“People are looking for potential denial of service or other retaliatory intrusions that could disrupt the financial sector, markets, et cetera,” CEO of CrowdStrike George Kurtz said. “So everyone is on high alert. The government came out with a ‘shields up’ message.”

Ref - Yahoo

______________________________________________________________________________

(March 17, 2022)


Pro-Ukraine ‘Protestware’ pushes antiwar ads, geo-targeted malware

The upstart tracking effort is being crowdsourced via Telegram, but the output of the Russian research group is centralized in a Google Spreadsheet that is open to the public. Most of the GitHub code repositories tracked by this group include relatively harmless components that will either display a simple message in support of Ukraine, or show statistics about the war in Ukraine — such as casualty numbers — and links to more information on the Deep Web.


______________________________________________________________________________
 
(March 17, 2022)


Russia gets triggered by Ukraine joining NATO cyberdefense hub

Russia's ambassador to Estonia today compared Ukraine's participation in NATO's Cooperative Cyber Defence Centre of Excellence (CCDCOE) intel-sharing cyberdefense hub to an attempt at blackmail. Although being accepted as a contributing participant, this does not make Ukraine a NATO member, but it will most likely tighten collaboration and will also allow it to gain access to NATO members' cyber-expertise and share its own.


______________________________________________________________________________

(March 17, 2022)


Phishers Using Ukraine Invasion to Solicit Cryptocurrency

Cyber-criminals are impersonating legitimate aid organizations to steal financial donations intended for the people of Ukraine, according to new research by managed detection and response provider, Expel. Analysis of attack vectors and incident trends performed by the company’s security operations center (SOC) for Expel’s February Attack Vectors Threat Report found multiple phishing emails referencing the invasion of Ukraine to target cryptocurrency.


______________________________________________________________________________

(March 17, 2022)


Russian government sites facing unprecedented cyberattacks - Report

Russian government websites are facing unprecedented cyberattacks and technical efforts are being made to filter foreign web traffic, the TASS news agency cited the digital ministry as saying on Thursday. The Russian ministry said that while the strength of previous distributed denial-of-service attacks reached 500GB during peak moments, now it has climbed to 1TB.

Ref - Reuters 

______________________________________________________________________________

(March 17, 2022)


Pro-Ukrainian hacktivists are taking down Russian websites

The pro-Ukrainian hackers hope to shape the outcome of the economic and propaganda battle through a series of cyberattacks targeting the websites of Russian government agencies, financial institutions, media, and businesses. So far, hacktivist groups like Anonymous and a volunteer “IT army” of thousands organized by Ukraine have had modest success downing and defacing Russian websites.

Ref - Quartz 

______________________________________________________________________________

(March 17, 2022)

Europe warns of aircraft GPS outages tied to Russian invasion

The European Union Aviation Safety Agency (EASA), EU's air transport safety and environmental protection regulator, warned today of intermittent outages affecting Global Navigation Satellite Systems (GNSS) linked to the Russian invasion of Ukraine. These GNSS outages can lead to navigation and surveillance degradation due to jamming and/or possible spoofing issues that have intensified around Ukraine.


______________________________________________________________________________

(March 17, 2022)


Ukraine Secret Service arrests hacker helping Russian invaders

The Security Service of Ukraine (SBU) said it has detained a "hacker" who offered technical assistance to the invading Russian troops by providing mobile communication services inside the Ukrainian territory. The anonymous suspect is said to have broadcasted text messages to Ukrainian officials, including security officers and civil servants, proposing that they surrender and take the side of Russia. 


______________________________________________________________________________

(March 17, 2022)


Famous npm package deletes files to protest Ukraine war

The developer behind the popular npm package 'node-ipc' released sabotaged versions of the library in protest of the ongoing Russo-Ukrainian War. Newer versions of the 'node-ipc' package began deleting all data and overwriting all files on developer's machines, in addition to creating new text files with "peace" messages.


______________________________________________________________________________

(March 17, 2022)


Hackers built a site that lets anyone text random Russians about the war in Ukraine

For almost two weeks, people have been using a website set up by a hacking collective to message randomly selected Russian people about their government's invasion of Ukraine. The website's creators are a Polish hacktivist group called Squad303, who are connected to the larger Anonymous hacking collective and launched the tool on March 6.

Ref - Insider 

______________________________________________________________________________

(March 16, 2022)


Major Ukrainian internet provider Triolan suffers severe cyberattacks and infrastructure destruction

Major Ukrainian internet service provider Triolan experienced cyber-attacks causing severe internet outages during the Russian invasion of Ukraine. The Internet provider reported a major outage coinciding with the start of the Russian invasion on February 24 and again on March 9.

Ref - CPO Magazine 

______________________________________________________________________________

(March 16, 2022)


Facebook removes deepfake of Ukrainian President Zelenskyy

Facebook has removed a deepfake video of Ukrainian President Volodymyr Zelenskyy spreading across the social network and asking Ukrainian troops lay down their arms and surrender. The altered video was first shared on the compromised website of Ukraine 24 after a Wednesday breach, according to DailyDot, and it spread to other compromised news sites, including Segodnya.


______________________________________________________________________________

(March 16, 2022)

Cyber conflict in Ukraine is growing more complex by the day

As Russia’s war in Ukraine settles into its third week, a clearer picture is emerging of the cyber conflict there. That conflict has turned out to be immensely complex even as the hacks associated with it are less consequential or damaging than many cyber watchers predicted. The number of players has turned out to be far broader than just hackers employed by the Russian and Ukrainian governments.


______________________________________________________________________________

(March 16, 2022)


Anonymous declared a ‘cyber war’ against Russia. Here are the results

Anonymous has proven to be a very capable group that has penetrated some high-value targets, records, and databases in the Russian Federation. Of 100 Russian databases that were analyzed, 92 had been compromised, said Fowler. They belonged to retailers, Russian internet providers, and intergovernmental websites, including the Commonwealth of Independent States, or CIS, an organization made up of Russia and other former Soviet nations that was created in 1991 following the fall of the Soviet Union.

Ref - CNBC

______________________________________________________________________________

(March 16, 2022)


What is the IT Army of Ukraine and how is it carrying cyber warfare against Russia?

After Ukrainian vice president Mykhailo Fedorov called for support from like-minded tech-savvy people from around the world, an army of three lakh strong rallied in front of their computer screens. Even though Russia has some of the best hackers in the world, it’s Ukraine’s international army of volunteer hackers that has made futuristic cyber warfare an important tool in the country’s defense.

Ref - Firstpost

______________________________________________________________________________

(March 16, 2022)


Desperate Russia 'hacks Ukraine TV and broadcasts fake Zelensky surrender message'

Russia hacked a Ukraine TV channel and broadcast a fake statement claiming to be from president Volodymyr Zelensky calling on people to surrender and put down their arms. The cyberattack happened on Ukraine 24's webstream and is believed to have taken place today, and reportedly was a statement address claiming to be from Zelensky.

Ref - Mirror 

______________________________________________________________________________

(March 15, 2022)


Anonymous cripples Russian Federal Security Service (FSB) & other top sites

Anonymous hacktivists collective are claiming to have targeted top Russian government websites in a series of DDoS attacks. As a result, the official website of the Federal Security Service (aka FSB, the principal security agency of Russia), Stock Exchange, Analytical Center for the Government of the Russian Federation, and Ministry of Sport of the Russian Federation have been forced to go offline.

Ref - Hackread 

______________________________________________________________________________

(March 15, 2022)


Anonymous hacks Russian firm running Ukrainian nuclear plant

Hackers from the anonymous group hacked the site of the Russian state corporation for nuclear energy Rosatom on Tuesday. The corp is allegedly running Zaporizhzhya, a Ukrainian nuclear power plant seized by Russia. Anonymous changed the interface on the site and made it otherwise inaccessible. They also claimed to have gained access to gigabytes of data, which they plan to leak to the public.


______________________________________________________________________________

(March 15, 2022)


Russian state-sponsored actors exploiting default MFA Protocols and “PrintNightmare” vulnerability

The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) to warn organizations that Russian state-sponsored cyber actors have gained network access through the exploitation of default MFA protocols and a known vulnerability.

Ref - CISA
 
______________________________________________________________________________

(March 15, 2022)


HackerOne apologizes to Ukrainian hackers for mistakenly blocking payouts

Today, Chris Evans, the CISO of bug bounty platform HackerOne, apologized to Ukrainian hackers after the company erroneously blocked their bug bounty payouts following sanctions imposed on Russia and Belarus in the wake of Ukraine's invasion. The bounty hunters were informed of this in emails notifying them that all transactions to HackerOne accounts from Ukraine, Russia, or Belarus have been paused.


______________________________________________________________________________

(March 15, 2022)


Banks on alert for Russian reprisal cyberattacks on SWIFT

Big banks fear that SWIFT faces a growing threat of Russian cyberattacks after seven of the country’s lenders were kicked off the global payments messaging system over the weekend. VTB, Russia’s second-biggest bank, and Promsvyazbank, which finances Russia’s war machine, were among the lenders removed on Saturday from SWIFT as part of the West’s sanctions campaign against Moscow in response to its invasion of Ukraine.

Ref - ARS Technica 

______________________________________________________________________________

(March 15, 2022)


Crypto becomes the battleground in the Ukraine war

The Australian blockchain expert who led the OECD’s blockchain policy center has warned Russian cyber warfare groups are poised to ramp up crypto-ransomware attacks to fund the war, while Australians are rushing to donate millions in digital currencies to help Ukraine’s defense.

Ref - AFR 

______________________________________________________________________________


(March 15, 2022)


How malware is being used amid the Russia-Ukraine conflict

Several reports have shown how malware has been deployed to target government organizations in Ukraine, gaining illegal control over their systems, destroying them, and making them inoperable. It cannot be confirmed if these attacks were originated in Russia, but several research reports suggest that these attacks are state-backed cyberattacks. The latest is CaddyWiper.


______________________________________________________________________________

(March 15, 2022)

How cloud services become weapons in the Russia-Ukraine cyber conflict

According to new research conducted by Aqua Security's Team Nautilus, cloud technologies now play a role in the digital side of the conflict. Team Nautilus searched for names, guides, and tools promoted for use in cyberattacks by either side. In total, roughly 40% of these public repositories were "related to denial-of-service activity aimed to disrupt the network traffic of online services," according to the researchers.

Ref - ZDNet 

______________________________________________________________________________

(March 15, 2022)


Cyberattacks surrounding Ukraine crisis reach all-time high — Israeli report

A study by the company’s research division, Check Point Research, says cyberattacks on government and military sectors globally were up 21% over the past week, compared to the period before Russia’s invasion of Ukraine on February 24, and 19% higher than the first two weeks of the war. The global average of cyber attacks on government organizations alone was 14% higher, the study says.

 
______________________________________________________________________________

(March 15, 2022)

Germany warns against using Kaspersky citing ‘considerable’ cyber risk after Russia’s invasion

The German Federal Office for Information Security (BSI) warned organizations against using Kaspersky antivirus software over fears it could be exploited for cyber-espionage or launching cyberattacks amid Russia’s ongoing war in Ukraine.


______________________________________________________________________________

(March 15, 2022)

Anonymous claims successful cyberattack on Russian government websites including the FSB

Anonymous claims they have taken action against Russia once again by targeting their government websites in another attack against President Putin and his invasion of Ukraine. The group of hacktivists took to Twitter to announce the websites they claim to have successfully brought down, including FSB, the Russian intelligence service.

Ref - Dailymail
 
______________________________________________________________________________

(March 15, 2022)


Russia's invasion of Ukraine tears open a political rift between cybercriminals

Cybercriminals are taking sides over Russia's deadly invasion of Ukraine, putting either the West or Moscow in their sights, according to Accenture. The consultancy giant's Cyber Threat Intelligence team, which tracks illicit dark-web activity, said in a report that this is the first time it has witnessed "financially motivated threat actors divided along with ideological factions."

Ref - The Register 

______________________________________________________________________________

(March 15, 2022)


Russia is nearly isolated online. What does that mean for the internet’s future?

Russia is three weeks into a test that the internet has never seen before: A major economic and global power is nearly isolated online after international sanctions cut off many services from abroad and the Russian government clamped down harder on online speech and access inside its borders. 

Ref - NBC News
 
______________________________________________________________________________

(March 14, 2022)

Mozilla Firefox removes Russian search providers over misinformation concerns

Mozilla has removed the Yandex Search, Mail.ru, and OK.ru default search providers from the Firefox browser over reports of state-sponsored content favored in search results. These sites are three of the most popular websites in Russia, used by over a hundred million users per month.


______________________________________________________________________________

(March 14, 2022)

Fake antivirus updates used to deploy Cobalt Strike in Ukraine

Ukraine's Computer Emergency Response Team is warning that threat actors are distributing fake Windows antivirus updates that install Cobalt Strike and other malware. The phishing emails impersonate Ukrainian government agencies offering ways to increase network security and advise recipients to download "critical security updates," which come in the form of a 60 MB file named "BitdefenderWindowsUpdatePackage.exe."


______________________________________________________________________________

(March 14, 2022)

New CaddyWiper data wiping malware hits Ukrainian networks

Newly discovered data-destroying malware was observed in attacks targeting Ukrainian organizations and deleting data across systems on compromised networks. This new malware erases user data and partition information from attached drives. ESET telemetry shows that it was seen on a few dozen systems in a limited number of organizations.


______________________________________________________________________________

(March 14, 2022)

How hackers in Belarus are complicating Putin’s Ukraine invasion

As Russian troops prepared to enter Ukraine from Belarus, the hackers decided to target one of Putin’s key networks. The railway attacks, which reportedly ruined digital reservations and scheduling and possibly hobbled Russian troops’ ability to move through the country, was the work of the Cyber Partisans, a group of tech industry veterans from Belarus trying to tear down the country’s regime from their keyboards. 


______________________________________________________________________________

(March 14, 2022)


Political fallout in cybercrime circles upping the threat to Western targets

The Russian war on Ukraine’s impact on the cybercrime underground is starting to become clearer, with the fallout having significant implications for cyberattack targeting and an increased threat to Western nations’ critical infrastructure, according to new research.


______________________________________________________________________________

(March 14, 2022)


Hackers target German branch of Russian oil giant Rosneft

The German subsidiary of Russian energy giant Rosneft has been hit by a cyberattack, the Federal Office for Information Security (BSI) said on Monday, with the hacker group Anonymous claiming responsibility. Anonymous had published a statement on Friday claiming responsibility for the attack and saying it had captured 20 terabytes of data.

Ref - The Local

______________________________________________________________________________

(March 14, 2022)


For the first time in history, anyone can join a war

“For the first time in history anyone can join a war,” said Lotem Finkelstein, head of threat intelligence at Check Point Software. “We’re seeing the entire cyber community involved, where many groups and individuals have taken a side, either Russia or Ukraine.” The number of cyberattacks being waged by — and on behalf of — both countries since the outbreak of the war is “staggering,” according to the research arm of Check Point Software Technologies.

Ref - CNBC 

______________________________________________________________________________

(March 14, 2022)


US spy agency probes sabotage of satellite internet

Analysts for the US National Security Agency, French government cyber security organization ANSSI, and Ukrainian intelligence are assessing whether the remote sabotage of a satellite internet provider's service was the work of Russian-state backed hackers preparing the battlefield by attempting to sever communications. The digital blitz on the satellite service began on February 24 between 5 am and 9 am, just as Russian forces started going in and firing missiles, striking major Ukrainian cities including the capital, Kyiv.

Ref - IT News

______________________________________________________________________________

(March 14, 2022)


Ukraine war censorship exposes Vladimir Putin's leaky internet controls

Long before waging war on Ukraine, President Vladimir Putin was working to make Russia's internet a powerful tool of surveillance and social control akin to China's so-called Great Firewall. So when Western tech companies began cutting ties with Russia following its invasion, Russian investigative journalist Andrei Soldatov was alarmed. He'd spent years exposing Russian censorship and feared that well-intentioned efforts to aid Ukraine would instead help Putin isolate Russians from the free flow of information, aiding the Kremlin's propaganda war.


______________________________________________________________________________

(March 13, 2022)

How the Kremlin attempts to control you through social media

It was little wonder that some 420,000 users clicked ‘like' when Britney Spears uploaded her latest gym photos onto Instagram. However, implanted within the comments thread was malware known as ‘Turla’ which directed users onto other sites, whereby victims would be further tracked and device command and control credentials hijacked.

Ref - Express

______________________________________________________________________________

(March 13, 2022)


Ukraine: Spam website set up to show millions of Russians truth about conflict

A Norwegian computer expert has created a website that allows anyone to send an email about the war in Ukraine to up to 150 Russian email addresses at a time. The spam email with the subject line 'Ya vam ne vrag' – meaning I am not your enemy – implores the Russian people to reject the war and seek out the truth about Russia’s invasion by getting their news from non-state run media services.

Ref - Express 

______________________________________________________________________________

(March 13, 2022)


Russia to launch 'hybrid warfare' against UK this week with wave of cyber attacks

Instructions by the Russian Ministry of Digital Development, leaked by Russian firms, tell "owners of telecommunication services on the internet" to switch to using domestic DNS servers, remove foreign JavaScript code and migrate all public resources to .Ru domain by March 15. The orders came to light at the same time as a Russian spy ship, Yantar, left her home port of Severomorsk, in Murmansk.

Ref - Express 

______________________________________________________________________________

(March 12, 2022)


Why Russia's cyber offensive against Ukraine has been limited so far?

There have been several hacks of Ukrainian organizations, but no reports yet of the sort of high-impact cyberattacks on transportation or electric infrastructure that some feared. The possible explanations for this, analysts say, range from disorganization in Russian military planning to hardened Ukrainian defenses to the fact that bombs and bullets take precedence over hacking in wartime.

Ref - CNN 

______________________________________________________________________________

(March 12, 2022)


Russian hacking have you worried? It should

Alex Lam, chief strategy and business development officer at TechDemocracy, told Curran that "No industry is immune from cyber-attacks, and considering the current situation financial and banking sectors, Healthcare, telecom, and energy sectors are more vulnerable than others."

Ref - The Street 

______________________________________________________________________________

(March 12, 2022)


Is Russia really about to cut itself off from the internet?

The sanctions imposed on Russia have not only directly hit its economy (and by extension the global economy), but are now also threatening Russian citizens’ access to the internet. It’s expected the nation will limit its reliance on the global internet very soon. Although a complete disconnection isn’t yet confirmed, even a partial disconnection would be a difficult task. And the repercussions of Russia’s growing digital isolation for its citizens will be immense.

Ref - Econotimes 

______________________________________________________________________________

(March 11, 2022)

DuckDuckGo down-ranks sites spreading Russian propaganda

The DuckDuckGo web search engine is now demoting websites known to spread Russian propaganda following Russia's invasion of Ukraine, according to the company's founder and CEO, Gabriel Weinberg. Besides demoting disinformation-linked sites in results, the search engine is now also started displaying information boxes at the top of the page to help users find accurate information "for rapidly unfolding topics."


______________________________________________________________________________

(March 11, 2022)


Anonymous hacks Russian media censoring agency Roskomnadzor

The international hacktivists collective Anonymous has struck again and this time the group is claiming to have hacked Roskomnadzor (aka Federal Service for Supervision of Communications, Information Technology and Mass Media), a major Russian federal agency. The group also claims to have stolen over 360,000 files.

Ref - Hackread 

______________________________________________________________________________

(March 11, 2022)


Russian defense firm Rostec shuts down website after DDoS attack

Rostec, a Russian state-owned aerospace and defense conglomerate, said its website was taken down today following what it described as a "cyberattack." The state defense company says its website has been under constant siege since late February when Russia invaded its neighbor Ukraine without provocation.


______________________________________________________________________________

(March 11, 2022)

Report: Recent 10x increase in cyberattacks on Ukraine

Bill Woodcock is executive director at Packet Clearing House, a nonprofit based in San Francisco. Woodcock said the spike in blocked DNS queries coming out of Ukraine clearly shows an increase in phishing and malware attacks against Ukrainians.


______________________________________________________________________________

(March 11, 2022)


Irish interests could be hit by ‘scorched earth’ Russian cyber-attacks

Russia is very likely to launch a “scorched earth” series of cyber-attacks which will leave State and commercial interests in Ireland vulnerable to significant damage, gardaí and private sector cyber-security experts believe.


______________________________________________________________________________

(March 11, 2022)

In Ukraine, hacktivists fight back with data leaks

The latest major leak happened on March 10th, when Distributed Denial of Secrets published more than 800GB of leaked data from Roskomnadzor: the Federal Service for Supervision of Communications, Information Technology, and Mass Media, or Russia’s primary censorship agency.

Ref - The Verge
 
______________________________________________________________________________

(March 11, 2022)

China says U.S. addresses used its computers to launch cyberattacks on Russia, Ukraine

China has experienced continuous cyberattacks since February in which internet addresses in the United States have been used to seize control of Chinese computers to target Belarus, Russia, and Ukraine, Chinese state news agency Xinhua said on Friday.

Ref - Reuters 

______________________________________________________________________________

(March 11, 2022)

Ukrainian ethical hackers targeted by Russian malware attacks

Cybercriminals are preying on ethical hackers supporting the IT Army of Ukraine by deceiving them into downloading information-stealing malware. Opportunistic cybercriminals are posing as genuine representatives of the IT Army of Ukraine and pretending to provide them with tools to deliver distributed denial of service attacks (DDoS) that ultimately turn out to be malware, according to researchers at Cisco Talos. One of the tools that threat actors are mimicking is a DDoS tool called the “Liberator.”

Ref - Cisco Talos 

______________________________________________________________________________

(March 11, 2022)

Prepare for third-party cyberattacks in the wake of the Russia-Ukraine conflict

Third-party risk management professionals suggest organizations take five actions to stay vigilant against potential ransomware attacks originating from Russia in retaliation for imposing the sanctions. This includes having an inventory of all suppliers, building a comprehensive profile for every supplier, identifying technology concentration risk, assessing suppliers for business resilience and continuity plans, and continuously monitoring for potential cyberattacks.

Ref - SC Magazine 

______________________________________________________________________________

(March 11, 2022)


‘We are not ready’: a cyber expert on US vulnerability to a Russian attack

While the Biden administration has reportedly played out potential responses to cyber warfare, some experts have argued that the US is not well prepared for a significant cyber-attack. Russia has used its very formidable cyber skills against the US and other countries in the past – in the form of SolarWinds, the Colonial Pipeline hack, and scores of ransomware attacks in every industry in the United States.

Ref - The Guardian 

______________________________________________________________________________

(March 10, 2022)

Tips for financials and technology companies to defend against Russian hackers

The Russian government could make a stronger case for targeting financials and technology companies, drawing a connection to the sanctions on Russian banks and American tech firms pulling out of Russia. Furthermore, they have proven in the past with attacks on SolarWinds and Kaseya that they can breach and exploit American enterprises. There are key steps that can be taken to reduce overall risk along the spectrum from breach to an adversary reaching the most sensitive crown jewels.


______________________________________________________________________________

(March 10, 2022)

Zhadnost botnet responsible for Ukraine DDoS attacks

SSC discovered a botnet of more than 3,000 unique IP addresses, across multiple countries and continents, that were the source of the DDoS attacks which consisted of HTTP floods and DNS amplification. SSC has named this botnet “Zhadnost” – Russian for “Greed.” Most Zhadnost bots are routers, the majority of them MikroTik, with misconfigured DNS recursion settings and other known vulnerabilities.


______________________________________________________________________________

(March 10, 2022)

Russia creates its own TLS certificate authority to bypass sanctions

Russia has created its own trusted TLS certificate authority (CA) to solve website access problems that have been piling up after sanctions prevent certificate renewals. The sanctions imposed by western companies and governments are preventing Russian sites from renewing existing TLS certificates, causing browsers to block access to sites with expired certificates.


______________________________________________________________________________

(March 10, 2022)

Russia may use ransomware payouts to avoid sanctions

The Financial Crimes Enforcement Network (FinCEN) issued a FinCEN Alert (PDF) on Wednesday advised all financial institutions to remain vigilant against potential efforts to evade the expansive sanctions and other U.S.-imposed restrictions related to the current conflict. One way this may be done is to move cryptocurrency funds through ransomware payments collected after Russian state-sponsored actors carry out cyberattacks.

Ref - Threatpost 

______________________________________________________________________________

(March 10, 2022)


Big jump in cyber attacks since the start of the Russian invasion

A cyber security conference in Dublin has heard that there has been a 25% jump in cyber attacks around the world in the last two weeks. A wave of online disruption has accompanied the invasion of Ukraine by Russia and Irish businesses are being encouraged to boost their cyber defenses.

Ref - RTE 

______________________________________________________________________________

(March 10, 2022)


Ireland faces increased cyberattack threat – Foreign Affairs Minister

Ireland is facing an increased threat from cyberattacks since the invasion of Ukraine, the Foreign Affairs Minister has warned. His appearance comes amid the backdrop of the war in Ukraine, with Ireland poised to potentially take in tens of thousands of refugees.

Ref - The Standard 

______________________________________________________________________________

(March 10, 2022)

As Russia invaded, hackers broke into a Ukrainian internet provider

In the last 24 hours, with Russia continuing its heavy bombardment across Ukraine, parts of the country have seen severe internet outages. One cause appears to be a cyberattack on telecoms provider Triolan, which serves a substantial number of users across the country.

Ref - Forbes 

______________________________________________________________________________

(March 10, 2022)


Malware Posing as Russia DDoS Tool Bites Pro-Ukraine Hackers

In a Wednesday threat advisory, Cisco Talos described a campaign it’s observed in which a threat actor was offering a supposed distributed denial-of-service (DDoS) tool on Telegram, that’s purportedly meant to pummel Russian websites. In truth, the file is actually the Phoenix infostealer that’s after credentials and cryptocurrency info, according to researchers.


______________________________________________________________________________

(March 10, 2022)

War in Ukraine: What type of cyber attacks can we expect next?

Many analysts expected more disruption and retaliatory attacks orchestrated by Russian-backed hackers, both aimed at Ukrainian targets and targets in countries sympathetic to and supporting Ukraine. Part of the reason that they didn’t materialize so far may be the preparatory work done by Ukrainian cyber defenders and US experts in the last seven years. But there’s also the possibility that Russia has yet to employ all of its cyberattack capabilities and trigger more attacks.


______________________________________________________________________________

(March 10, 2022)

Flash survey shows companies already feeling the impact from the Russia-Ukraine conflict

Strategic Treasurer released the results of a flash survey on the treasury-related impacts of Russia’s brutal attacks on Ukraine. Two out of five respondents reported that their companies had been impacted by the conflict at that time, with 17% having already experienced an increase in cyber threats in just a few days since the invasion began.

Ref - Yahoo 

______________________________________________________________________________

(March 10, 2022)

Cybercriminals are posing as Ukraine fundraisers to steal cryptocurrency

Ukraine announced last week it would send free tokens of a new government-sponsored cryptocurrency as an incentive to donors. It ultimately scrapped the plans, but not before a group pretending to represent the country took advantage of the confusion to set up a token called “Peaceful World.” The con had some success, said Tom Robinson co-founder and chief scientist at Elliptic, a cryptocurrency compliance company. The value of the coin skyrocketed to $180 million within a week.

Ref - CyberScoop 

______________________________________________________________________________

(March 9, 2022)

‘Catastrophic’ cyberwar between Ukraine and Russia hasn’t happened (yet), experts say

While the cyberattacks by Russia during the Ukraine Conflict have been “significant and unprecedented”, according to Aaron Turner of California cybersecurity firm Vectra, they have “not yet been catastrophic”. That is largely because no international power yet wants to be the one to cast the first stone in a cyber third world war, he said.


______________________________________________________________________________

(March 9, 2022)

Energy and Telco sectors at a heightened risk of Russian cyberattacks

“The first extension of the geopolitical conflict in Ukraine is already occurring in the digital sphere”, pointed out Alex Romero, COO of Constella Intelligence. In the eye of the hurricane, the energy, financial services, and telecommunications sectors are the three industries most exposed to Russian cyberattacks. Companies in these sectors store, manage, and transfer massive volumes of personal data.


______________________________________________________________________________

(March 9, 2022)

Russian government sites hacked in supply chain attack

Russia says some of its federal agencies' websites were compromised in a supply chain attack on Tuesday after unknown attackers hacked the stats widget used to track the number of visitors by multiple government agencies. The list of sites impacted in the attack includes the websites of the Energy Ministry, the Federal State Statistics Service, the Federal Penitentiary Service, the Federal Bailiff Service, the Federal Antimonopoly Service, the Culture Ministry, and other Russian state agencies.


______________________________________________________________________________

(March 9, 2022)

China-aligned APT renews cyberattack on European diplomats, as war rages

Proofpoint cybersecurity researchers have identified ramped-up activities by China-aligned APT (advanced persistent threat) actor TA416, targeting European diplomatic entities as the war between Russia and Ukraine intensifies. TA416 (aka RedDelta ) is known to have been targeting Europe for several years using web bugs to profile target accounts.

Ref - CSO Online 
______________________________________________________________________________

(March 9, 2022)

Charity scams target people's generosity amid Russia-Ukraine conflict

Beware of scams from "humanitarian aid organizations" seeking donations to help people affected by the Ukraine war or requests from "businessmen" to help them relocate out of Ukraine. Less than 1 percent of the charity scam and malware spam attacks have reached Singapore. In contrast, 25 percent of the attacks from one charity scam targeted people in Britain while 23 percent of the survey scams hit users in South Korea.


______________________________________________________________________________

(March 9, 2022)

Government agencies in Ukraine targeted in cyber-attacks deploying MicroBackdoor malware

A cyber-attack campaign targeting Ukrainian government agencies with MicroBackdoor malware has been confirmed by the country’s Computer Emergency Response Team (CERT-UA). In a statement released on March 7, CERT-UA confirmed that government organizations have been the target of several malicious attacks. According to intelligence gathered by the agency, phishing emails containing a file named ‘dovidka.zip’, which contains a contextual help file (Microsoft Compiled HTML Help) ‘dovidka.chm’.

Ref - Portswigger 

______________________________________________________________________________

(March 9, 2022)

Cyberattacks don’t appear to have increased in Ukraine war, EU says

In the days leading up to Russia’s invasion, denial of service attacks and wiper malware targeted a number of Ukrainian government websites and services, Ukrainian officials said. But since then, apart from a potentially related possible cyberattack on a satellite internet provider operating in Eastern Europe, Mr. O and other officials said they haven’t so far seen an unusually large number of incidents targeting Ukraine or other Western targets.


______________________________________________________________________________

(March 8, 2022)

New RURansom wiper targets Russia

A new (possible) ransomware variant, dubbed as “RURansom” by its developer, has been observed targeting Russia. Different versions of this malware were detected between February 26 and March 2, 2022. Aside from RURansom, the developer appears to have been working on another “wiper” dubbed as “dnWipe.” Its payload is executed every Tuesday.


______________________________________________________________________________

(March 8, 2022)

Google: Russian hackers target Ukrainians, European allies via phishing attacks

Google's Threat Analysis Group (TAG) said it took down two Blogspot domains that were used by the nation-state group FancyBear (aka APT28) – which is attributed to Russia's GRU military intelligence – as a landing page for its social engineering attacks. The disclosure comes close on the heels of an advisory from the Ukraine’s CERT-UA, warning of phishing campaigns targeting Ukr.net users that involve sending messages from compromised accounts containing links to attacker-controlled credential harvesting pages.


______________________________________________________________________________

(March 8, 2022)

Three sectors most critical to national security are at elevated risk from Russian cyberattacks

Of the 16 business sectors that the US has designated as being critical to security and public health, three are at elevated risk of causing significant economic damage in the event of a successful attack: energy, financial services, and transportation. Up to a third of daily payments could be interrupted as a result of a successful attack on one of the largest US banks.


______________________________________________________________________________

(March 8, 2022)

The secret US mission to bolster Ukraine’s cyber-defenses ahead of the invasion

The US had been helping Ukraine bolster its cyber defenses for years, ever since an infamous 2015 attack on its power grid left part of Kyiv without electricity for hours. But this surge of US personnel in October and November was different: it was in preparation for an impending war. People familiar with the operation described an urgency in the hunt for hidden malware, the kind which Russia could have planted, then left dormant in preparation to launch a devastating cyberattack alongside a more conventional ground invasion.


______________________________________________________________________________

(March 8, 2022)

Worldwide threats hearing highlights U.S. cyber concerns of Russia-Ukraine conflict

National security officials warned that cyberattacks on Ukraine may one-day spillover. Russia has conducted multiple cyberattacks on Ukraine during its ongoing invasion of the smaller, neighboring nation—and cyber disruptions associated with this conflict could potentially impact other countries down the line, senior U.S. national security officials confirmed on Tuesday.  

Ref - Nextgov

______________________________________________________________________________

(March 8, 2022)

After declaring support for Russian invasion, Conti ransomware gang hit with data leak

Only days after making a public pledge of support for the Russian government as it invades Ukraine, the Conti ransomware group has experienced a data leak of tens of thousands of its internal chat messages. The data leak is courtesy of a Ukrainian security researcher and is apparently a considerable chunk of the Conti ransomware gang’s internal communications. The breach provides the public with evidence of numerous criminal operations and the researcher has said that there is “more to come.”

Ref - CPO Magazine 

______________________________________________________________________________

(March 8, 2022)

Ukraine and US targeted by cybersecurity attacks in run-up to Russian invasion

On Monday, Google said it had uncovered widespread phishing attacks targeting Ukrainian officials and Polish military. Security outfit Resecurity Inc also shared evidence of a coordinated hacking campaign targeting US firms that supply natural gas (a commodity that has become critical as Western sanctions bite down on Russian energy exports). In both cases, attacks could be linked to groups associated with Russia and its allies.

Ref - The Verge

______________________________________________________________________________

(March 8, 2022)

Russian, Belarusian hackers target Ukraine in phishing, Google says

Alphabet Inc's Google said it has seen Russian hackers well-known to law enforcement, including FancyBear, engaging in espionage, phishing campaigns, and other attacks targeting Ukraine and its European allies in recent weeks. Google's Threat Analysis Group said in a blog post on Monday that over the past two weeks Russian hacking unit FancyBear, also known as APT28, has been sending phishing emails to Ukrainian media company UkrNet.


______________________________________________________________________________

(March 8, 2022)

Concerns raised over bug disclosure program aimed at tackling Russia’s ‘propaganda machine’

Ethical hackers are being invited to unearth critical vulnerabilities in the digital infrastructure of both the Ukrainian and Russian governments. HackenProof, the Estonia-based bug bounty platform, said bugs reported in a vulnerability disclosure program (VDP) focused on Ukrainian assets will be sent to the Ukrainian authorities for remediation in order to bolster the nation against cyber-aggression from Russia or elsewhere.

Ref - Portswigger 

______________________________________________________________________________

(March 7, 2022)

TA416 increases operational tempo against European governments as conflict in Ukraine escalates

The China-aligned APT actor TA416 group is targeting European diplomatic entities, including an individual involved in refugee and migrant services. Notably, this activity aligned with the escalation of tensions between Russia, Ukraine, and, by extension, NATO member states in Europe.

Ref - Proofpoint 

______________________________________________________________________________

(March 7, 2022)

The Russia-Ukraine crisis shakes up the cybercriminal ecosystem

Nation-state activity could be disguised behind the image of hacktivist-style activity, so some newborn hacktivism groups could be actually part of a nation-state false flag operations. Blueliv analysts keep monitoring all analyzed groups and clusters of activities, including those from Russian Side (UNC1151/Ghostwriter/TA445, The Red Bandits and Conti Team) and Ukrainian side (IT Army of Ukraine, Anonymous, Belarusian Cyber Partisans, AgainstTheWest (ATW) and
Network Battalion 65? (NB65)).

Ref - Blueliv

______________________________________________________________________________

(March 7, 2022)

‘Extremely destructive’ Russian cyberattacks could cost U.S. billions of dollars

As Russia’s invasion of Ukraine escalates tensions with the U.S. and its allies, economists at Goldman Sachs are warning either side could resort to malicious cyber activity targeting companies and critical infrastructure as a means to inflict significant economic damage while avoiding direct military conflict, though there are indications that the U.S. may have an economic upper hand that helps deter risk.

Ref - Forbes 

______________________________________________________________________________

(March 7, 2022)

Ukraine: We’ve repelled ‘nonstop’ DDoS attacks from Russia

A Ukraine agency said Saturday that government websites have been hit continuously with distributed denial-of-service (DDoS) attacks, which the agency attributed to “Russian hackers,” since Russia’s invasion on February 24.

Ref - Venture Beat 

______________________________________________________________________________

(March 7, 2022)

What Google, Amazon, and Microsoft revealed about Ukraine’s cyber situation

With limited information coming out of Ukraine about cyberattacks hitting the country, findings from tech giants Google, Amazon, and Microsoft disclosed in recent days have provided a window into the cyber conditions in Ukraine as Russia’s brutal assault continues. All three companies have said they are providing cybersecurity support to Ukraine, whose government said on Saturday that it has been seeing “nonstop” DDoS attacks by “Russian hackers” since Russia’s invasion on February 24.

Ref - Venture Beat 

______________________________________________________________________________

(March 7, 2022)

US, Spain join forces in cyberwarfare amid Russia-Ukraine war

U.S. Deputy Secretary of State Wendy Sherman said on Monday that this is a critical moment for the U.S. and its allies to strengthen its cyber defenses and assist countries like Ukraine that have fallen victims to Russian aggression including cyberattacks. Sherman also emphasized that the U.S. and its allies need to invest in building technological capacities that can withstand cyberattacks that are undermining national security and critical infrastructure.

Ref - The Hill 

______________________________________________________________________________

(March 7, 2022)

Russian TV channels with Ukraine footage hacked in ‘biggest op ever seen’

Anonymous hacked streaming services and TV news channels in Russia to broadcast footage of the country’s war with Ukraine. The hacking group posted that it was involved in the “biggest Anonymous op ever seen” of hacking Russian news channels like Russia 24, Channel One, and Moscow 24, including streaming sites, to show footage of Russia’s actions in Ukraine as the invasion entered the 12th day.

Ref - Independent 

______________________________________________________________________________

(March 7, 2022)

Ukrainian CERT warns citizens of phishing attacks using compromised accounts

Ukraine's CERT-UA warned of new phishing attacks aimed at its citizens by leveraging compromised email accounts belonging to three different Indian entities with the goal of compromising their inboxes and stealing sensitive information. The agency cautioned that the emails arrive with the subject line "?????" (meaning "Attention") and claim to be from a domestic email service called Ukr.net, when in actuality, the email address of the sender is "muthuprakash.b@tvsrubber[.]com."


______________________________________________________________________________

(March 7, 2022)

Hacker group Anonymous claims they interrupted Russian TV

The international hackers collective, Anonymous, claimed to have hacked into Russian state TV to share the harrowing footage coming out of Ukraine. In a tweet shared on Monday, the hackers alleged they had hacked into the Russian streaming services Wink and Ivi, along with the TV channels Russia 24, Channel One, and Moscow 24, to show what life is like 12 days into Vladimir Putin’s invasion.


______________________________________________________________________________

(March 7, 2022)

Putin’s invasion of Ukraine didn’t rely on cyberwarfare.

When Russia began to mass troops along Ukraine’s borders, analysts predicted that cyber operations would be critical to Putin’s military strategy. Despite these predictions, the expected “shock and awe” Russian cyber campaign in preparation of the invasion of Ukraine never emerged. Moreover, while the conflict will undoubtedly evolve, cyber operations don’t appear to be playing a decisive role on the battlefield.


______________________________________________________________________________

(March 7, 2022)

War in Ukraine highlights vulnerability of critical energy infrastructure

Attacks on energy systems can happen at every stage of the supply chain, according to a 2020 report by management consultancy McKinsey. Electricity is often generated in aging infrastructure that was not designed with cybersecurity in mind. Transmission and distribution lines may have physical security weaknesses that allow access to grid control systems. Even in homes, the rise of smart meters and electric vehicles could open up vulnerabilities for disrupted services.


______________________________________________________________________________

(March 7, 2022)

How the tech community has rallied to Ukraine’s cyber-defense

For the first time since its inception, the EU rapid cyber response team, with capabilities to detect and respond to a variety of threats, and headed by Lithuania, was deployed to help defend against cyber-attacks targeting Ukraine. The Romanian national cybersecurity agency and a cybersecurity company called Bitdefender launched a public-private partnership to provide pro bono technical support and threat intelligence to Ukraine’s government, businesses and citizens for “as long as it is necessary”.


______________________________________________________________________________

(March 7, 2022)

What Russia’s ongoing cyberattacks in Ukraine suggest about the future of cyber warfare

It’s easy to understand why Ukraine is an appealing target for testing cyberwar capabilities. The country has a similar infrastructure to that found in Western Europe and North America. But unlike the United States, the United Kingdom, and the European Union (EU), Ukraine has more limited resources to counter-attack. The larger point here is that there’s little chance that cyberattacks will be limited to Ukraine.


______________________________________________________________________________

(March 6, 2022)

Charities and NGOs providing support in Ukraine hit by malware

Charities and non-governmental organizations (NGOs) that are providing support in Ukraine in recent weeks are being targeted by malware attacks aiming to disrupt their operations. The news was reported by Amazon that associates the attacks with state-sponsored hackers and confirmed that it is helping customers impacted by the attacks to adopt security best practices.


______________________________________________________________________________

(March 5, 2022)

Ukrainian websites under 'nonstop' attack, says cyber watchdog

Ukrainian websites have been under nonstop attack from Russian hackers since the Kremlin launched an invasion of the country last month, Ukraine's State Service of Special Communications and Information Protection said on Saturday. The agency said that sites belonging to the presidency, parliament, the cabinet, the ministry of defense, and the ministry of internal affairs were among those hit by DDoS. DDoS attacks work by directing a firehose of traffic towards targeted servers in a bid to knock them offline.

Ref - Reuters 

______________________________________________________________________________

(March 5, 2022)

Hackers stoke pandemonium amid Russia’s war in Ukraine

Protests against Russia’s war of choice with Ukraine have been held around the world, including in 48 Russian cities. The global community has raised millions of dollars for Ukraine through cryptocurrency donations, and private companies from Shell and BP to Apple have temporarily or permanently pulled out of the Russian market. Amidst the havoc, hacktivists are joining the cacophony in an attempt to make a statement and advance their cause.

Ref - ARS Technica 

______________________________________________________________________________

(March 5, 2022)

Russia shares list of 17,000 IPs allegedly DDoSing Russian organizations


The Russian government shared a list of 17,576 IP addresses allegedly used to launch distributed denial-of-service (DDoS) attacks targeting Russian organizations and their networks. The list was shared by the National Coordination Center for Computer Incidents (NKTsKI), an organization created by Russia's Federal Security Service (FSB), together with guidance to defend against the attacks and a second list containing attackers' referrer domain information.


______________________________________________________________________________

(March 5, 2022)


Ukraine digital army brews cyberattacks, intel and infowar

Formed in a fury to counter Russia's blitzkrieg attack, Ukraine's hundreds-strong volunteer “hacker” corps is much more than a paramilitary cyberattack force in Europe's first major war of the internet age. It is crucial to information combat and to crowdsourcing intelligence.


______________________________________________________________________________

(March 5, 2022)


Thousands without Internet after a massive cyberattack in Europe: Report

Thousands of internet users across Europe have been thrown offline after what sources said Friday was a likely cyberattack at the beginning of Russia's offensive in Ukraine.
According to Orange, nearly 9,000 subscribers of a satellite internet service provided by its subsidiary Nordnet in France are without internet following a "cyber event" on February 24 at Viasat, a US satellite operator of which it is a client.

Ref - NDTV 

______________________________________________________________________________

(March 4, 2022)


Amazon: Charities, aid organizations in Ukraine attacked with malware

Charities and non-governmental organizations (NGOs) providing support in Ukraine are targeted in malware attacks aiming to disrupt their operations and relief efforts seeking to assist those affected by Russia's war. Amazon did not name the organizations targeted in these attacks in a blog post published on Friday.


______________________________________________________________________________

(March 4, 2022)

Russia blocks access to Facebook, Twitter, foreign news outlets

Russia has blocked access to the Facebook social network after Meta, Facebook's parent company, deactivated or restricted access to accounts belonging pro-Kremlin media outlets and news agencies, including RIA Novosti, Sputnik, and Russia Today.


______________________________________________________________________________

(March 4, 2022)


Ukraine cyber official: We only attack military targets

A top Ukrainian cybersecurity official said Friday a volunteer army of hundreds of hackers enlisted to fight Russia in cyberspace is attacking only what it deems military targets, prioritizing government services including the financial sector, Kremlin-controlled media and railways.


______________________________________________________________________________

(March 4, 2022)


Elon Musk warns of possible targeted attacks on Starlink in Ukraine

As per a tweet posted by Musk, there’s a high probability of the Starlink satellite internet service being targeted. It is worth noting that internet connectivity in Ukraine plunged by 20% on 26 February, as per a report from Reuters. In his warning message on Twitter, Elon Musk wrote that since Starlink is now the only non-Russian communication system currently active in Ukraine, the probability of it being targeted is considerably high.

Ref - HackRead 

______________________________________________________________________________

(March 4, 2022)


Ukraine to join NATO intel-sharing cyberdefense hub

While Ukraine is yet to become a member of the North Atlantic Treaty Organization (NATO), the country has been accepted as a contributing participant to the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE). Although this does not make Ukraine a NATO member, it will likely tighten collaboration and allow it to gain access to NATO member nations' cyber-expertise and share its own.


______________________________________________________________________________

(March 4, 2022)


Volunteer hackers converge on Ukraine conflict with no one in charge

The war in Ukraine has provoked an onslaught of cyberattacks by apparent volunteers unlike any that security researchers have seen in previous conflicts, creating widespread disruption, confusion and chaos that researchers fear could provoke more serious attacks by nation-state hackers, escalate the war on the ground or harm civilians.


______________________________________________________________________________

(March 4, 2022)


Ukraine says it is fighting first 'hybrid war'

Ukraine's cyber-security authority says it is fighting a war in the digital realm, as well as on the ground. The ministry says it is facing constant cyber-attacks against its government and infrastructure networks, with individual officials now being targeted. It claimed that its cyber-defenses are repelling most attacks. But it added that the cyber-conflict with Russia was unprecedented, describing it as a "hybrid war".

Ref - Yahoo 

______________________________________________________________________________

(March 4, 2022)


Ukraine war sparks revival of hacktivism

Researchers at threat intelligence group Flashpoint said they have tracked close to 50 hacking groups that had now joined the latest cyber efforts, with the majority supporting Ukraine and several financially motivated criminal groups, such as the Conti ransomware group, declaring allegiance to Russia. But these cyber guerrilla warfare efforts could escalate into uncharted territory, experts warn, and pro-Ukrainian attacks risk sparking more heavy-handed retaliation from Russia.


______________________________________________________________________________

(March 4, 2022)


Get ready for Russia's cyber retaliation

The United States is ramping up sanctions against Russia over its invasion of Ukraine, and Moscow has promised retaliation. One key threat is the potential spillover from Russian cyber operations in Ukraine. Disruption to U.S. supply chains is a second threat. Finally, Russian cyber activity can target critical infrastructure with low-cost, low-sophistication methods that are indistinguishable from criminal activity.

Ref - The Hill 

______________________________________________________________________________

(March 4, 2022)


'Ticking time bomb': Russian ransomware attacks are coming

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency has increased monitoring of ransomware targeting businesses. Jen Easterly, who heads CISA, says the nation should brace for “an uptick in ransomware.” Small businesses are most vulnerable to the expected wave of ransomware attacks. Cybersecurity professionals are urging them to take immediate steps to defend themselves.

Ref - USA Today
 
______________________________________________________________________________

(March 3, 2022)


Telecoms blackout reported in northeastern Ukraine, first major outage so far

The first major regional telecommunications blackout in Ukraine, since Russia’s invasion of the country a week ago, was reported Thursday. At 8:23 p.m. in Ukraine, Eastern European Standard Time, internet service tracker NetBlocks tweeted that it has confirmed that a telecommunications blackout has just been registered throughout Sumy Oblast in northeastern Ukraine.

Ref - VentureBeat 

______________________________________________________________________________

(March 3, 2022)


Ukraine: Cyberwar creates chaos, 'it won't win the war'

Experts have detected three main types of cyber tactics utilized so far in the Russia-Ukraine conflict: wipers, DDoS attacks (distributed denial of service) and defacement. All three essentially do the same thing: They stop people from accessing information — but in different ways. However, these cyber tactics will not determine the war. According to expert Thorsten Holz “The cyberattacks create chaos, but we really should not overestimate the threat at this time.”


______________________________________________________________________________

(March 3, 2022)


Russia releases list of IPs, Domains attacking its infrastructure with DDoS attacks

As the ongoing Russia-Ukraine conflict continues to escalate, the Russian government on Thursday released a massive list containing 17,576 IP addresses and 166 domains that it said are behind a series of distributed denial-of-service (DDoS) attacks aimed at its domestic infrastructure.


______________________________________________________________________________

(March 3, 2022)


Monitoring cyberthreats tied to the Russia-Ukraine conflict

Vedere Labs, Forescout’s threat intelligence and research team, is closely monitoring the evolution of cyber activities connected to the Russian-Ukrainian conflict. This includes analysis of the use of data wiper malware variants including WhisperGate and HermeticWiper as well as a new malware called Cyclops Blink. There have been several DDoS attacks and website defacements targeting Ukrainian organizations, as well as a website clone used to spread malware. Several groups have also declared support for either side in the conflict.

Ref - Forescout 

______________________________________________________________________________

(March 3, 2022)


Ukraine says local govt sites hacked to push fake capitulation news

The Security Service of Ukraine (SSU) said today "enemy" hackers are using compromised local government and regional authorities' websites to push rumors that Ukraine surrendered and signed a peace treaty with Russia. SSU revealed this in a tweet further distributed by Ukraine's State Service for Special Communication and Information Protection (SSSCIP) to Ukrainian Twitter users.


______________________________________________________________________________

(March 3, 2022)


Avast released a free decryptor for the HermeticRansom that hit Ukraine

Avast has released a free decryptor for the HermeticRansom ransomware employed in targeted attacks against Ukrainian systems since February 23. The security firms aim at helping Ukrainian victims in recovering their files for free.


______________________________________________________________________________

(March 3, 2022)


Hacktivists, cybercriminals switch to Telegram after Russian invasion

According to a report from Check Point, the number of Telegram groups has increased sixfold since February 24. The following three categories are the main ones gaining in popularity: 1) Volunteering hackers who engage in DDoS and other kinds of cyberattacks against Russian entities; 2) Fundraising groups that accept cryptocurrency donations allegedly for Ukrainian support; 3) Various “news feeds” that promise to offer reliable reports from the front-line.


______________________________________________________________________________

(March 3, 2022)

Ukraine cyber group plans to strike at Russia's critical infrastructure

A Ukrainian cyber guerrilla warfare group is planning to strike back against Russia, targeting the country’s critical infrastructure amid the Russian invasion of Ukraine. Ukraine’s Defense Ministry asked the group, led by cybersecurity expert Yegor Aushev, to use its cyber capabilities to disrupt railways and electrical grids and stanch the flow of weapons flowing from Russia, according to Reuters.

Ref - The Hill
  
______________________________________________________________________________

(March 3, 2022)

Russia-Ukraine war: Two factors that may increase the risk of cyberattacks

According to experts, there are two major factors that further increase the risk of cyberattacks. One is the kind of lack of an off-ramp in the actual physical conflict. And two is the use of surrogates or a kind of almost crowdsourcing, which kind of extends the scope of the conflict. In a way, the tremendous spate of ransomware attacks that the world has experienced over the last couple of years, the silver lining in that is it has raised the level of security on the part of many companies a bit.

Ref - Yahoo 

______________________________________________________________________________

(March 3, 2022)

How the cyberwar is being fought in the Russia-Ukraine conflict

Following the failure of diplomatic discussions between Russia and the West aimed at preventing a Russian invasion of Ukraine, Hackers carried out defacement attacks against dozens of Ukrainian official websites in January 2022, including the Ministry of Foreign Affairs, the Ministry of Education, and others. Although Ukraine has not formally accused Russia of the attacks, the European Union's chief diplomat, Josep Borrell, has implied that Russia is to blame.

Ref - Indiatimes 

______________________________________________________________________________

(March 3, 2022)

How Telegram became Ukraine's biggest digital ally in the war

Researchers have observed the rapid growth of Ukrainian groups turning to various Telegram channels with the purpose of organizing various offensive efforts against Russia. The highly-publicized ‘IT Army of Ukraine’ group, set up by Oleksandr Bornyakov, Ukraine’s deputy minister for digital transformation, is among the most populated with more than 277,000 members as of Thursday morning.

Ref - IT Pro 

______________________________________________________________________________

(March 3, 2022)

Who's actually behind the cyberattacks hitting Ukraine?

Experts have dubbed the damaging malware HermeticWiper because it was digitally signed by a small game company called Hermetica Digital Ltd, based in the Mediterranean island country of Cyprus. Early reports assumed that the digital certificate was stolen from that company, but that apparently isn’t true. The company reports it never applied for any such certificate, which means the perpetrators must have fraudulently applied in its name.

Ref - PC Mag 

______________________________________________________________________________

(March 3, 2022)

Hacktivists are piercing Russia’s propaganda bubble

Moscow users of Google Maps were greeted earlier this week with something they rarely see: photos of horrific scenes from Ukraine, including bombed-out homes and injured civilians, and of captured Russian soldiers. The images showed up in the “latest photos” tab of landmarks on the app until Google blocked new photos from its maps of the region this week. 

Ref - Bloomberg 

______________________________________________________________________________

(March 3, 2022)

An 'IT Army' of around 260,000 volunteer hackers is rising up to defend Ukraine

According to Livia Tibirna, an analyst at cybersecurity firm Sekoia, nearly 260,000 people have joined the "IT Army" of volunteer hackers, which was set up at the initiative of Ukraine's digital minister Mykhailo Fedorov. The group, which can be accessed via the encrypted messaging service Telegram, has a list of potential targets in Russia, companies, and institutions, for the hackers to target.

Ref - News9

______________________________________________________________________________

(March 2, 2022)

Details of '120,000 Russian soldiers' leaked by Ukrainian media

Ukrainian news website Ukrainska Pravda says the nation's Centre for Defence Strategies think tank has obtained the personal details of 120,000 Russian servicemen fighting in Ukraine. The publication has now shared this data freely on its website.

Ref - The Register 

______________________________________________________________________________

(March 2, 2022)

Why Ukraine recruiting amateur ‘IT army’ could backfire

In the global rush to support Ukraine against the Russian invasion, some Ukrainian nationals and many others from around the world are heeding the call of a top Ukrainian official to join a volunteer “IT army.” But while the idea may appear sound, in theory, a leading cybersecurity expert warns that digital free-for-all could backfire.


______________________________________________________________________________

(March 3, 2022)


Russia-Ukraine conflict may increase the risk of cyberattacks for India, warn experts

With Russia’s invasion of Ukraine also being played out in the cyber world and malware being introduced, these may eventually find their way into Indian servers or get sold later in the dark web and used against India, the experts said. “India has to be prepared for a vicious cyberattack.

Ref - Live Mint 

______________________________________________________________________________

(March 2, 2022)


Why Russia hasn't launched major cyberattacks since the invasion of Ukraine

As the invasion of Ukraine continues with few signs of any sophisticated cyber conflict, it seems less and less likely that Russia has significant cyber capabilities in reserve, ready to deploy if needed. Instead, it begins to look like Russia’s much-vaunted cyber capabilities have been neglected in recent years, in favor of developing less expensive, less effective cyber weapons that cause less widespread damage and are considerably easier to contain and defend against.

Ref - Time
 
______________________________________________________________________________

(March 2, 2022)


Pro-Russian hackers launch email attack to disrupt Ukraine refugee rescue attempts

A “likely” cyber attack from a “nation-state” using a Ukrainian soldier’s email address has been used to try and disrupt European officials’ attempts to help refugees fleeing the country from Russia’s invasion. The state-sponsored phishing campaign, whereby login credentials and other user data are stolen by hackers, appeared to use the email address to send a malicious micro attachment to the Emergency Meeting of the NATO Security Council that took place on 23 February.

Ref - Independent 

______________________________________________________________________________

(March 2, 2022)


Russian space agency says hacking satellites is an act of war

Russia will consider any cyberattacks targeting Russian satellite infrastructure an act of war, as the country's space agency director said in a TV interview. Dmitry Rogozin, the current head of the Russian Roscosmos State Space Corporation, added that such attempts would also be considered crimes and investigated by Russia's law enforcement agencies.


______________________________________________________________________________

(March 2, 2022)


Ukraine war sanctions could spur Russian cyberattacks on U.S., expert warns

Indeed, the U.S. CISA issued a "shields up" alert well ahead of Russia's invasion of Ukraine on February 23, warning IT departments everywhere to monitor for suspicious activity that could disrupt their business or government operations. The technology consulting firm Wedbush affirmed the alert and issued a report warning U.S. financial institutions, enterprise data centers and logistics companies to prepare for Russia-directed cyberattacks.

Ref - CBS News 

______________________________________________________________________________

(March 2, 2022)


WordPress-hosted university websites hacked in ‘targeted attacks’

In a report released last night (March 1), researchers from Wordfence said the company had witnessed a “massive attack” on Ukrainian education institutions by threat actors identified as the ‘Monday Group’, which it says has publicly supported Russia’s recent actions. The group, whose members refer to themselves as ‘the Mx0nday’, have targeted the WordPress-hosted sites more than 100,000 times since February 24, when Russian troops officially invaded Ukraine.

Ref - Port Swigger 

______________________________________________________________________________

(March 2, 2022)


Why cyberattacks haven’t crippled Ukraine’s communication systems

Cyberattacks have not disabled Ukraine’s communications infrastructure since the start of the Russian attacks, as many had previously feared. In a nutshell, the idea is that Russia just didn’t think it was going to be necessary to disable Ukraine’s communications systems. They didn’t do this in the first place because (according to the expert) they probably thought that this would be faster and easier, they would just run through the city, stop in the main square and just celebrate.

Ref - Venture Beat 

______________________________________________________________________________

(March 2, 2022)


Ukraine seeks hackers to volunteer in its defense

Two days after Russian military forces launched an attack, Ukraine’s minister of digital transformation, Mykhailo Fedorov, asked hackers for help. Within days, a loose group of worldwide volunteers and the country’s cyber police have answered his call on Twitter, organizing in a channel on the messaging app Telegram to organize attacks against the aggressor’s web resources, targeting oil companies, top banks, and other important government and critical information systems.

Ref - Bloomberg 

______________________________________________________________________________

(March 2, 2022)


WordPress-hosted university websites hacked in ‘targeted attacks’

In a report released last night (March 1), researchers from Wordfence said the company had witnessed a “massive attack” on Ukrainian education institutions by threat actors identified as the ‘Monday Group’, which it says has publicly supported Russia’s recent actions. The group, whose members refer to themselves as ‘the Mx0nday’, have targeted the WordPress-hosted sites more than 100,000 times since February 24, when Russian troops officially invaded Ukraine.

Ref - Portswigger 

______________________________________________________________________________

(March 2, 2022)


Putin's war spills into Britain as Ukrainian Embassy in London under 'massive' cyberattack

reports have claimed the Ukraine Embassy in London is experiencing a massive cyberattack. According to the Insider, all websites and emails are down in the Embassy. This latest incident comes after Prime Minister Boris Johnson accused Putin's forces of war crimes. 

Ref - Express 

______________________________________________________________________________

(March 2, 2022)


Cybersecurity vendors respond to the Ukraine-Russia conflict

Organizations in the cybersecurity sector have begun taking action to provide help and support to those directly and subsequently impacted by cyber incidents relating to the Ukraine-Russia crisis. Vectra AI, SentinelOne, Bitdefender, CrowdStrike, Microsoft, and Cloudflare have all made contributions by offering help via their platforms or software in various ways possible.


______________________________________________________________________________

(March 2, 2022)


Hackers claim to have breached Russian space agency as group trolls Putin

A group affiliated with Anonymous called NB6 has claimed to have hacked Roscosmos, Russia’s space agency. “#Russia has no more control over their own Spy-Satelites”, an Anonymous Twitter account posted. Although the space agency’s chief executive has denied that it has been affected.

Ref - Independent 

______________________________________________________________________________

(March 2, 2022)


SA could be caught in the crossfire of Russia-Ukraine cyber-warfare

South African organizations may find themselves casualties of the cyberwar between Russia and Ukraine, as the former intensifies its military offensive against its neighbor. In interviews with ITWeb, South African-based cyber security experts say they fear the cyberweapons being deployed by the belligerents may spill into countries like South Africa.

Ref - IT Web 

______________________________________________________________________________

(March 2, 2022)


International hackers answer Ukraine's call to launch cyber operations against Russia

Since launching at the weekend, one public Telegram channel, the IT ARMY of Ukraine Telegram channel, has grown to more than 265,000 subscribers — it is unlikely every account in the group is genuine. The channel encouraged sympathetic volunteers to target state services and Russian businesses, including energy provider Gazprom and cryptocurrency exchanges connected to Russian banks, with DDoS attacks.

Ref - ABC News 

______________________________________________________________________________

(March 2, 2022)


Ukrainian hackers target Russian Power Grid, Railways

A Ukrainian cyber guerrilla warfare group plans to launch digital sabotage attacks against critical Russian infrastructure such as railways and the electricity grid, to strike back at Moscow over its invasion, a hacker team coordinator told Reuters. Officials from Ukraine's defense ministry last week approached Ukrainian businessman and local cybersecurity expert Yegor Aushev to help organize a unit of hackers to defend against Russia, Reuters previously reported.

Ref - NDTV

______________________________________________________________________________

(March 2, 2022)


Hacking attacks launched across Europe as internet activist group trolls Putin

Hacking groups such as Anonymous and the Cyber Partisans have claimed responsibility for cyberattacks on Russia’s banks, state broadcaster RT, and a Belarusian rail network reportedly used to move troops from Russia to Ukraine. These cyber groups have said that they stand with Ukraine against Russia’s powerful online forces - causing disruption to stop the country’s own attacks against Ukraine and the West.


______________________________________________________________________________

(March 1, 2022)


Russia-Ukraine crisis stokes new cyber attack fears

According to Senator Mark Warner (D-VA), Russia may choose to engage in cyber-warfare – putting critical infrastructure like power operators at risk. Warner added the interconnected nature of networks means even an indirect cyberattack could quickly escalate the conflict beyond Eastern Europe. Sen. Warner stated U.S. cyber defenses are ready, citing several programs designed to thwart attacks; meanwhile, energy providers say they have been investing heavily in cybersecurity and physical security.

Ref - Yahoo 

______________________________________________________________________________

(March 1, 2022)


Whether Ukraine is in a ‘cyberwar’ or not, it’s getting bad

The electricity, water, and internet are largely still operational in Ukraine. There have been virtually no major disruptions to key infrastructure reported, where a cyberattack was the likely cause, since the Russian invasion last Thursday. The worst-case scenario for cyberattacks has plainly not happened so far. But that does not mean that there haven’t been some very harmful cyberattacks in Ukraine.

Ref - VentureBeat 

______________________________________________________________________________

(March 1, 2022)

FoxBlade malware targeted Ukrainian networks hours before Russia’s invasion

The Microsoft Threat Intelligence Center (MSTIC) continues to investigate the attacks that are targeting Ukrainian networks and discovered that entities in Ukraine were targeted with a previously undetected malware, dubbed FoxBlade, several hours before Russia’s invasion. This trojan can use your PC for distributed denial-of-service (DDoS) attacks without your knowledge.
 

______________________________________________________________________________

(March 1, 2022)

Cyber-attacks on Ukraine are conspicuous by their absence

Cyber-attacks aimed at Ukrainian computer systems seem to have played hardly any role. Conspicuous by its absence, though, it has been something that many observers thought would be one of the defining features of a 21st-century conflict between high-tech opponents.


______________________________________________________________________________

(March 1, 2022)


State actor uses compromised private Ukrainian Military emails to target European Governments and Refugee Movement

a likely nation-state-sponsored phishing campaign has been identified, that is using a possibly compromised Ukrainian armed service member’s email account to target European government personnel involved in managing the logistics of refugees fleeing Ukraine. The email included a malicious macro attachment that attempted to download a Lua-based malware dubbed SunSeed.

 
______________________________________________________________________________

(March 1, 2022)


Hacker collective Anonymous declares war on Russia

The rogue group of hackers has declared itself to be in a cyber warfare campaign against Putin & his allies. Using both Twitter and YouTube, the group urged followers (7.6 million on Twitter; 28,000 YouTube subscribers) to launch cyberattacks on the country’s websites. The group claims to have already disabled sites including the state-controlled Russian news agency, the Kremlin’s official site, and Russian internet service providers.

Ref - Fortune 

______________________________________________________________________________

(March 1, 2022)


Ukraine Universities hacked as Russian invasion started

The Wordfence team has identified a massive attack on Ukrainian universities that coincided with the invasion of Ukraine by Russia and resulted in at least 30 compromised Ukrainian university websites. The threat actor behind the attack is identified as part of a group called the Monday group, which the members refer to as “theMx0nday”. The group has stated publicly that they support Russia in this conflict.

Ref - Wordfence 

______________________________________________________________________________

(March 1, 2022)


Cyber attackers are looking to exploit people who want to help Ukraine

Initiatives were being shared through social media that encourage regular people to become hackers, by downloading DDoS tools to support DDoS attacks on Russian targets. However, the analysis of one of these tools shows that it isn’t secure, as it collects personal data that can make users identifiable, such as your IP address, country code, city, location derived from IP address, etc. Since the configuration is downloaded from a remote server, the tool can also support a DDoS attack on any target the server operator/ tool author picks without you knowing.

Ref - Independent 

______________________________________________________________________________

(March 1, 2022)


Take these steps to prepare for and handle the cybersecurity effects of the war in Ukraine

The US CISA has already warned of increased attacks on critical infrastructure and defense industrial bases through their Shields Up initiative. In the UK, the NCSC has published specific steps to undertake in the current heightened threat landscape. Other agencies such as the European Union Agency for Cybersecurity (ENISA), the Federal Office for Information Security (BSI) in Germany, and the National Cybersecurity Agency (ANSSI) in France have warned of the situation, and an EU cyber unit has been deployed to assist Ukraine.

Ref - ZDNet 

______________________________________________________________________________

(March 1, 2022)


Russia-Ukraine cyberwar: A look at DDoS attacks, HermeticWiper malware

Cyberattacks on state-owned digital assets, including websites and banking services, have gradually increased in both frequency and sophistication, beginning with Distributed-denial-of-service (DDoS) attacks before escalation with the use of complex wiper malware and ransomware.


______________________________________________________________________________

(March 1, 2022)


A free-for-all but no crippling cyberattacks in Ukraine war

Russia has some of the best hackers in the world, but in the early days of the war in Ukraine, its ability to create mayhem through malware hasn’t had much of a noticeable impact. Instead, it is Ukraine that has marshaled sympathetic volunteer hackers in an unprecedented collective global effort to make the Kremlin pay for making war on its neighbor. It’s a kind of cyber free-for-all that experts say risks escalating a moment already fraught with extraordinary danger after Russian President Vladimir Putin put his nuclear forces on alert.

Ref - AP News

______________________________________________________________________________

(Feb 28, 2022)


Belarusian hackers launched another attack, adding to chaotic hacktivist activity around Ukraine 

A group of Belarusian hackers and IT specialists calling themselves Cyber Partisans claimed Sunday that they’d attacked the Belarusian Railways in an attempt to “slow down the transfer of occupying forces and give the Ukrainians more time to repel the attack,” according to a Google translation of the message posted to the group’s Telegram channel.

Ref - Cyber Scoop 

______________________________________________________________________________

(Feb 28, 2022)


Moscow Exchange downed by cyber-attack

The website for the Moscow Stock Exchange was offline and inaccessible on Monday. A crowdsourced community of hackers endorsed by Kyiv officials has claimed responsibility for the outage. The Ukraine IT Army posted a message on Telegram that it had taken just five minutes to render the site inaccessible.


______________________________________________________________________________

(Feb 28, 2022)


Americans are at higher risk of Russian cyberattacks after Ukraine invasion

Security professionals are urging Americans to take immediate steps to protect themselves from a higher risk of Russian cyberattacks following the invasion of Ukraine. With US sanctions setting in, it is only a matter of time until the US is targeted more directly. This may mean attacks on citizens' personal devices through ransomware but also attacks on the infrastructure such as the Internet access or even the power grid.

Ref - USA Today 

______________________________________________________________________________

(Feb 28, 2022)


Anonymous hacks Russian TV channels & EV charging station with pro-Ukraine messages

In a video circulating on top Twitter handles run by Anonymous hacktivists it is being claimed that the group managed to hack several Russian State TV channels and deface/interrupt their ongoing transmissions with the Ukrainian national anthem. After the national anthem, the hacktivists broadcasted the events taking place in Ukraine.

Ref - Hackread 

______________________________________________________________________________

(Feb 28, 2022)


Ukraine cyberattacks seen spiking, but no destructive cyberwar yet

As the war in Ukraine continues, large-scale, targeted Russian cyberattacks against targets in Western countries have failed to materialize, as far as we know, but observers are nevertheless reporting significant spikes in malicious cyber activity, albeit without sustained or damaging impact.


 ______________________________________________________________________________

(Feb 28, 2022)


As tanks rolled into Ukraine, so did malware. Then Microsoft entered the war.

A few hours before Russian tanks began rolling into Ukraine, alarms went off inside Microsoft’s Threat Intelligence Center, warning of a never-before-seen piece of “wiper” malware that appeared aimed at the country’s government ministries and financial institutions. Within three hours, Microsoft threw itself into the middle of a ground war in Europe, from 5,500 miles away.

 
______________________________________________________________________________

(Feb 28, 2022)


Satellite firm Viasat probes suspected cyberattacks in Ukraine and elsewhere

U.S.-listed satellite communications firm Viasat Inc (VSAT.O) said on Monday it was investigating a suspected cyberattack that caused a partial outage in its residential broadband services in Ukraine and other European countries. Viasat said a third-party cybersecurity firm was looking into the causes of an outage in recent days across its KA-SAT network, which provides high-speed satellite internet coverage in Europe and Mediterranean markets.

Ref - Reuters

______________________________________________________________________________

(Feb 28, 2022)


Cyberattack on NATO could trigger collective defense clause - official

A cyberattack on a NATO member state could trigger Article 5, its collective defense clause, a NATO official said on Monday, amid concerns that chaos in cyberspace around Russia's invasion of Ukraine could spill over into other territories. The military alliance has for years made clear that a serious cyberattack could trigger the clause, but such a scenario has so far been largely hypothetical.

Ref - Reuters 

______________________________________________________________________________

(Feb 28, 2022)


Digital technology and the war in Ukraine

The past few days have seen kinetic warfare accompanied by a well-orchestrated battle ongoing in the information ecosystem where the ammunition is disinformation, undermining truth and sowing seeds of discord and distrust. This requires decisive efforts across the tech sector – both individually by companies and in partnership with others – as well as with governments, academia, and civil society.

Ref - Microsoft

 ______________________________________________________________________________

(Feb 28, 2022)


Ukraine says its 'IT Army' has taken down key Russian sites

Key Russian websites and state online portals have been taken offline by attacks claimed by the Ukrainian cyber police force, which now openly engages in cyber-warfare. As the announcement of the law enforcement agency's site details, specialists from the force have teamed with volunteers to attack the web resources of Russia and Belarus. The three countries are currently involved in an ongoing and large-scale armed forces conflict that includes a cyber frontline, which manifested even before the invasion.


______________________________________________________________________________

(Feb 27, 2022)


Ukraine border control hit with wiper cyberattack, slowing refugee crossing

Refugees fleeing Ukraine after Russia’s invasion of the country have faced long waits at the border, sometimes for as long as days. At least part of the reason appears to be the impact of another major wiper attack, according to the cybersecurity expert. The wiper attack occurred early on Saturday morning, shortly after 6 a.m. Ukraine time.

Ref - VentureBeat 

______________________________________________________________________________

(Feb 26, 2022)


Hackers destroyed data at a key Ukraine agency before the invasion

In the buildup to Russia’s invasion, hackers detonated powerful data-destroying software on the network of Ukraine’s Ministry of Internal Affairs, and they siphoned off large amounts of data from the country’s telecommunications network, according to three people involved in investigations into the incidents.


______________________________________________________________________________

(Feb 28, 2022)


The Hermetic Wiper malware that targeted Ukraine

The Slovakian cybersecurity company ESET said it had detected the data-wiper malware, which it named Hermetic Wiper, on hundreds of computers in Ukraine. The name is likely derived from the company name Hermetica Digital Ltd, to which the malware’s code signing certificate was issued.


______________________________________________________________________________

(Feb 28, 2022)


CISA and FBI warn of potential data wiping attacks spillover

The CISA and the FBI warned US organizations that data wiping attacks targeting Ukraine could spill over to targets from other countries. The two federal agencies issued this warning in the form of a joint cybersecurity advisory published over the weekend following the unwarranted Russian invasion of Ukraine. Disruptive cyberattacks using HermeticWiper and WhisperGate wiper malware are likely to occur and may unintentionally spill over to organizations in other countries.


______________________________________________________________________________

(Feb 27, 2022)


Conti ransomware's internal chats leaked after siding with Russia

A Ukrainian security researcher has leaked over 60,000 internal messages belonging to the Conti ransomware operation after the gang sided with Russia over the invasion of Ukraine. The data was leaked by a researcher who had access to the "ejabberd database" backend for Conti's XMPP chat server. In total, there are 393 leaked JSON files containing a total of 60,694 messages since January 21, 2021, through today.


______________________________________________________________________________

(Feb 27, 2022)


Anonymous hacker collective has declared cyberwar on Russia

Anonymous said it had hacked the Ministry of Defence database, while on Sunday it was claimed the group had hacked Russian state TV channels, posting pro-Ukraine content including patriotic songs and images from the invasion. The group has claimed credit for several cyber incidents including DDoS attacks, that have brought down government websites and that of Russia Today.

Ref - The Guardian 

______________________________________________________________________________

(Feb 26, 2022)


Ukraine among 3 most affected by Russian cyber activity

Between July 2020 to June 2021, the US and Ukraine have been the most targeted nations by state-backed cyber attacks, according to Microsoft Digital Defense Report released in October 2021. It also notes that such incidents have increased in frequency with a rise in geopolitical tensions between nations.


______________________________________________________________________________

(Feb 26, 2022)


Cyberattacks, hacks, and misinformation: The many fronts of Russia’s hybrid war in Ukraine

A U.S. official cautioned that Russia plans to discourage Ukrainian soldiers with false reports about the widespread surrender of Ukrainian troops. Throughout the month U.S. intelligence has warned of propaganda and panic-causing misinformation strategies that could have a longer-lasting impact.


______________________________________________________________________________

(Feb 25, 2022)


Cyber attack risks poised to soar as Russia attacks Ukraine

On Wednesday, just hours before Moscow sent troops into its neighbor's territory, the websites of several Ukrainian banks and government agencies were disabled by so-called denial of service (DDoS) attacks that Kyiv claimed were of Russian origin. Cyber security firm ESET said Wednesday that malware capable of erasing data had been found on hundreds of computers in Ukraine.

Ref - SecurityWeek 

______________________________________________________________________________

(Feb 25, 2022)


The world is bracing for a global cyber war as Russia invades Ukraine

In recent weeks, Ukraine has been hit with numerous cyberattacks targeting its government and banking system, and experts have blamed Russia. The onslaught of attacks has led to fears of a wider digital conflict, with Western governments on alert for cyber threats from Russia. Researchers say a cyberwar between Russia and the West is possible — though the severity of any such event may be limited.

Ref - CNBC 

______________________________________________________________________________

(Feb 25, 2022)


Ukraine: Belarusian APT group UNC1151 targets military personnel with spear phishing

The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of an ongoing spear-phishing campaign targeting private email accounts belonging to Ukrainian armed forces personnel. In mid-January, the government of Kyiv attributed the defacement of tens of Ukrainian government websites to Belarusian APT group UNC1151.


______________________________________________________________________________

(Feb 25, 2022)


The hybrid war that began before Russia invaded Ukraine

On the eve of the first Russian missile strikes on Ukraine, international cyber-security researchers at security company ESET had already registered cyber-attacks on numerous computers in Ukraine. The company discovered what is known as a "wiper" attack. The goal of this kind of malware is to wipe out, or erase, the entire hard drive of an infected computer. It has no other purpose than to make the computer inoperable.

Ref - DW 

______________________________________________________________________________

(Feb 24, 2022)


Russia’s cyber threat to Ukraine is vast and underestimated

The Russian state has sophisticated cyber capabilities with a track record of havoc. Moreover, Moscow can unleash an even more expansive, complex, and often opaque web of proxies whose actors are happy to hack and attack on behalf of the regime. The Kremlin’s involvement with these groups varies and may fluctuate over time; it may finance, endorse, ignore, recruit, or use these actors on an ad hoc basis.

Ref - Wired
 
______________________________________________________________________________

(Feb 24, 2022)


Russia unleashed data-wiper malware on Ukraine, say cyber experts

Cyber experts have identified a new strain of computer-disabling malware unleashed on Ukrainian targets as part of Russia’s offensive, as the UK government and banks said they were on alert for online attacks. Russia was widely expected to launch a cyber assault alongside its military campaign, and the run-up to the invasion of Ukraine was marked by the deployment of “wiper” malware .

Ref - The Guardian 

______________________________________________________________________________

(Feb 24, 2022)


Current executive guidance for ongoing cyberattacks in Ukraine

Cisco Talos is observing a variety of threats targeting Ukraine, including disinformation, defacements, DDoS, wiper malware, and potential BGP manipulation. Organizations should understand that when looking at this particular set of concerns, they are not the target, they are the tool. The adversary in question will make choices to maximize the public impact of any outage — not to embarrass the affected organization — but to apply pressure to the government.  

 
______________________________________________________________________________

(Feb 24, 2022)


Latest Security Guidance: Ukraine-Russia

Quorum Cyber is continually monitoring the latest intelligence and potential exploitation vectors which may be utilized by Russian State-Sponsored Threat Actors, as presented by the NCSC and CISA. According to them, the Threat Actors which are likely to be involved in any offensive cyber operations are APT28 and APT29.

Ref - Quorum Cyber 

______________________________________________________________________________

(Feb 22, 2022)


NCSC advises organizations to act following Russia’s further violation of Ukraine’s territorial integrity

Following Russia’s further violation of Ukraine’s territorial integrity, the National Cyber Security Centre has called on organizations in the UK to bolster their online defenses. The NCSC – which is a part of GCHQ – has urged organizations to follow its guidance on steps to take when the cyber threat is heightened.

Ref - NCSE 

______________________________________________________________________________

(Feb 22, 2022)


Ukraine says government websites and banks were hit with a denial of service attack

Amid heightened tensions between Russia and Ukraine, multiple Ukrainian government websites and banking systems were temporarily inaccessible. The outage, which impacted the website of the Ukrainian Defense Ministry and the Armed Services as well as two large Ukrainian banks, Privatbank and Oschadbank, was the result of a digital denial of service attack, according to multiple Ukrainian government agencies.

Ref - NPR 

______________________________________________________________________________

(Feb 21, 2022)


EU to mobilize a cyber team to help Ukraine fight Russian cyberattacks

The European Union will activate a team of cybersecurity experts to help Ukraine fight off cyberattacks from Russia. The EU’s Cyber Rapid Response Team includes around 10 national cybersecurity officials of six European countries — Croatia, Estonia, Lithuania, the Netherlands, Poland and Romania — who can provide assistance to countries under cyberattack. The team falls under the EU's defense cooperation program PESCO; it will be its first deployment.

Ref - Politico 

______________________________________________________________________________

(Feb 16, 2022)


Gamaredon’s Feb-2022 activities - updated IoCs released

Researchers from PAN-Unit42 have released updated IoCs related to Gamaredon’s Feb-2022 activities. A set of LNK files was not observed in earlier campaigns and seems to be a new dropper technique. 

Ref - GitHub 

______________________________________________________________________________

(Feb 14, 2022)


Experts fear possible cyberwar by Russia against Ukraine amid ongoing tensions

Disrupting the software supply chain system could be one of the strategies that Russia adopts for its future cyber campaigns. It would be similar to the SolarWinds breach where its software Orion was hacked to spread updates with trojan viruses. Orion was used by major US telecommunication companies, military branches including universities and colleges worldwide.


______________________________________________________________________________

(Feb 9, 2022)


Preliminary cyber operations targeting Ukraine

Since the beginning of 2022, Ukraine has been impacted by several high-profile cyber attacks. Although no firm attribution has been provided yet on these attacks, it is suspected that the attacker’s goal was to destabilize Ukraine and make its government look fragile. On 31 January 2022, Symantec researchers published details about an ongoing cyberespionage campaign targeting Ukrainian entities, that has been attributed to the Russian state-associated threat group “Gamaredon”.


______________________________________________________________________________

(Jan 20, 2022)


Threat Brief: Ongoing Russia and Ukraine Cyber Conflict

On Jan 14, 2022, reports began emerging about a series of attacks targeting numerous Ukrainian government websites. As a result of these attacks, numerous government websites were found to be either defaced or inaccessible. A day later, public reporting outlined a new malware family, called WhisperGate, that originally was observed on Jan. 13, 2022. Microsoft has publicly attributed the use of this custom malware family to a threat actor they refer to as DEV-0586.


______________________________________________________________________________

(Jan 15, 2022)


Destructive malware targeting Ukrainian organizations

Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a destructive malware operation targeting multiple organizations in Ukraine. This malware first appeared on victim systems in Ukraine on January 13, 2022. While our investigation is continuing, MSTIC has not found any notable associations between this observed activity, tracked as DEV-0586, and other known activity groups.

Ref - Microsoft

 Tags

cyber warfare
russia ukraine conflict
nato
russia
cyberwar
ukraine

Posted on: February 28, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite