Ukraine-Russia cyber war

Ukraine and Russia seems to be at the moments on both traditional and cyber war. We could call that hybrid warfare. We are at a cyber war. Countless examples exist of damage to infrastructure from hostile acts via computer attacks. Russia’s invasion of Ukraine has been a hybrid war from the start, a mix of conventional military strategy — traditional “boots on the ground” — and a slightly more unconventional, digital or cyberwar. On the morning of February 22, 2022, the world woke to the news that Russia had moved troops into two separatist regions of eastern Ukraine. Russia started to conduct attacks to Ukraine on February 24. Before physical attacks Russia did several cyber attacks towards IT systems in Ukraine.

Here are links to some material on the cyber side of this war:

How the Eastern Europe Conflict Has Polarized Cyberspace
https://blog.checkpoint.com/2022/02/27/how-the-eastern-europe-conflict-polarized-cyberspace/
The war between Russia and Ukraine is advancing. People everywhere are deciding who they will support. The same dynamic happens in the cyberspace. Hacktivists, cybercriminals, white hat researchers or even technology companies are picking a clear side, emboldened to act on behalf of their choices. Historically, Russia has had superiority over Ukraine in the cyberspace. And last week, Ukraine was attacked by destructive wiping malware. However, the situation is starting to change, as most of the non-nation cyber state actors are taking the side of Ukraine. To defend itself, the Ukrainian government has created an international IT army of hacktivists.

As war escalates in Europe, it’s ‘shields up’ for the cybersecurity industry
https://techcrunch.com/2022/03/02/as-war-escalates-in-europe-its-shields-up-for-the-cybersecurity-industry/
In unprecedented times, even government bureaucracy moves quickly. As a result of the heightened likelihood of cyberthreat from Russian malactor groups, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) — part of the Department of Homeland Security — issued an unprecedented warning recommending that “all organizations — regardless of size — adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.”

Digital technology and the war in Ukraine
https://blogs.microsoft.com/on-the-issues/2022/02/28/ukraine-russia-digital-war-cyberattacks/
All of us who work at Microsoft are following closely the tragic, unlawful and unjustified invasion of Ukraine. This has become both a kinetic and digital war, with horrifying images from across Ukraine as well as less visible cyberattacks on computer networks and internet-based disinformation campaigns. We are fielding a growing number of inquiries about these aspects and our work, and therefore we are putting in one place a short summary about them in this blog. This includes four areas: protecting Ukraine from cyberattacks; protection from state-sponsored disinformation campaigns; support for humanitarian assistance; and the protection of our employees.. Also:
https://threatpost.com/microsoft-ukraine-foxblade-trojan-hours-before-russian-invasion/178702/

Ukraine: Cyberwar creates chaos, ‘it won’t win the war’
https://www.dw.com/en/ukraine-cyberwar-creates-chaos-it-wont-win-the-war/a-60999197
There have been at least 150 cyberattacks in Ukraine since Russia’s invasion. Their effect is mainly psychological, and experts say they won’t decide the war.
Russia’s invasion of Ukraine has been a hybrid war from the start, a mix of conventional military strategy — traditional “boots on the ground” — and a slightly more unconventional, digital or cyberwar.
The global technology company Microsoft has said its Threat Intelligence Center (MSTIC) detected “destructive cyberattacks directed against Ukraine’s digital infrastructure” hours before the first launch of missiles or movement of tanks on February 24.
Those attacks, which Microsoft dubbed FoxBlade, included so-called wipers — malicious software or malware — that make their way inside computer networks and literally wipe the data from all connected devices.
Cybersecurity experts in Germany have said there have been over a hundred cyberattacks, in various forms, since then. But their effect has mainly been psychological.

Why Russia Hasn’t Launched Major Cyber Attacks Since the Invasion of Ukraine
https://time.com/6153902/russia-major-cyber-attacks-invasion-ukraine/
In the relatively short and rapidly evolving history of cyber conflict, perhaps nothing has been established with greater certainty and more widely accepted than the idea that Russia has significant cyber capabilities and isn’t afraid to use them—especially on Ukraine. In 2015, Russian government hackers breached the Ukrainian power grid, leading to widespread outages. In 2017, Russia deployed the notorious NotPetya malware via Ukrainian accounting software and the virus quickly spread across the globe costing businesses billions of dollars in damage and disruption.
As tensions escalated between Russia and Ukraine, many people were expecting the conflict to have significant cyber components.
But as the invasion continues with few signs of any sophisticated cyber conflict, it seems less and less likely that Russia has significant cyber capabilities in reserve, ready to deploy if needed. Instead, it begins to look like Russia’s much vaunted cyber capabilities have been neglected in recent years, in favor of developing less expensive, less effective cyber weapons that cause less widespread damage and are considerably easier to contain and defend against. For instance, many of the cyberattacks directed at Ukraine in the past month have been relatively basic distributed denial-of-service attacks.
Given Russia’s past willingness to deploy cyberattacks with far-reaching, devastating consequences, it would be a mistake to count out their cyber capabilities just because they have so far proven unimpressive. And it’s all but impossible to prove the absence of cyber weapons in a nation’s arsenal. But the longer the conflict goes on without any signs of sophisticated cyber sabotage, the more plausible it becomes that the once formidable Russian hackers are no longer playing a central role in the country’s military operations.

Crowd-sourced attacks present new risk of crisis escalation
https://blog.talosintelligence.com/2022/03/ukraine-update.html
An unpredictable and largely unknown set of actors present a threat to organizations, despite their sometimes unsophisticated techniques.
Customers who are typically focused on top-tier, state-sponsored attacks should remain aware of these highly motivated threat actors, as well. Misattribution of these actors carries the risk of nations escalating an already dangerous conflict in Ukraine. Based on data from our fellow researchers at Cisco Kenna, customers should be most concerned about threat actors exploiting several recently disclosed vulnerabilities, highlighting the importance of consistently updating software and related systems.

Russia, Ukraine and the Danger of a Global Cyberwar
https://www.securityweek.com/russia-ukraine-and-danger-global-cyberwar
On the morning of February 22, 2022, the world woke to the news that Russia had moved troops into two separatist regions of eastern Ukraine. At the time of writing, it is not yet a full invasion of Ukraine, but Russia did conduct attacks on February 24, hitting cities with airstrikes and artillery in what was called a “special military operation” by Russian President Vladamir Putin.
Russia has been waging its own cyberwar against Ukraine for many years.
Since the beginning of 2022, however, it seems that Russian cyber activity against Ukraine has increased. This includes evidence that wiper malware has again disrupted some Ukrainian government networks, and attacks from the FSB-linked Gamaredon have targeted around 5,000 entities, including critical infrastructure and government departments. So far, however, there has not been the same scale of disruption as occurred in 2015, 2016 and 2017.
The purpose of such cyber activity is to weaken critical infrastructure, damage government’s ability to respond to any aggression, and to demoralize the population.
The U.S. has been warning the rest of the world against a potential widening scope of Russian cyber activity, and that cyber defenses generally should be tightened.
“Part of the worry,” said Willett, “is that cyberattacks against Ukraine might bleed over, like NotPetya, to affect other countries and cause wider damage unintentionally. There is some concern that the Russians may intentionally do stuff more widely, but that would probably be in retaliation for something that the U.S. or NATO might do.
This raises the whole question of ‘attribution’. The received belief is it is impossible to do accurate cyber attribution. ““It would be a mistake for any one nation to think it could attack another without being known,” said Willett.That is absolutely wrong,” said Willett.
But accidents happen. The two iconic cyberweapons have been Stuxnet and NotPetya. It is assumed that the U.S. developed Stuxnet (although this has never been admitted). NotPetya has been confidently attributed to the Russian government. Both malwares escaped from their assumed targets into the wider world. This was probably accidental – but similar accidents could lead to wider implications during a period of global geopolitical tension.
On the morning of February 24, 2022, Russian troops invaded Ukraine. This was accompanied by a further increase in cyber activity.

Ukraine Digital Army Brews Cyberattacks, Intel and Infowar
https://www.securityweek.com/ukraine-digital-army-brews-cyberattacks-intel-and-infowar
Formed in a fury to counter Russia’s blitzkrieg attack, Ukraine’s hundreds-strong volunteer “hacker” corps is much more than a paramilitary cyberattack force in Europe’s first major war of the internet age. It is crucial to information combat and to crowdsourcing intelligence.
Inventions of the volunteer hackers range from software tools that let smartphone and computer owners anywhere participate in distributed denial-of-service attacks on official Russian websites to bots on the Telegram messaging platform that block disinformation, let people report Russian troop locations and offer instructions on assembling Molotov cocktails and basic first aid.
The movement is global, drawing on IT professionals in the Ukrainian diaspora whose handiwork includes web defacements with antiwar messaging and graphic images of death and destruction in the hopes of mobilizing Russians against the invasion.
The cyber volunteers’ effectiveness is difficult to gauge. Russian government websites have been repeatedly knocked offline, if briefly, by the DDoS attacks, but generally weather them with countermeasures.
It’s impossible to say how much of the disruption — including more damaging hacks — is caused by freelancers working independently of but in solidarity with Ukrainian hackers.
A tool called “Liberator” lets anyone in the world with a digital device become part of a DDoS attack network, or botnet. The tool’s programmers code in new targets as priorities change.

Ukraine Cyber Official: We Only Attack Military Targets
https://www.securityweek.com/ukraine-cyber-official-we-only-attack-military-targets
A top Ukrainian cybersecurity official said Friday a volunteer army of hundreds of hackers enlisted to fight Russia in cyberspace is attacking only what it deems military targets, prioritizing government services including the financial sector, Kremlin-controlled media and railways.
Victor Zhora, deputy chair of the state special communications service, also said that there had been about 10 hostile hijackings of local government websites in Ukraine to spread false text propaganda saying his government had capitulated. He said most of Ukraine’s telecommunications and internet were fully operational.
Zhora told reporters in a teleconference that presumed Russian hackers continued to try to spread destructive malware in targeted email attacks on Ukrainian officials and — in what he considers a new tactic — trying to infect the devices of individual citizens.

Army of Cyber Hackers Rise Up to Back Ukraine
https://www.securityweek.com/army-cyber-hackers-rise-back-ukraine
An army of volunteer hackers is rising up in cyberspace to defend Ukraine, though internet specialists are calling on geeks and other “hacktivists” to stay out of a potentially very dangerous computer war.
According to Livia Tibirna, an analyst at cyber security firm Sekoia, nearly 260,000 people have joined the “IT Army” of volunteer hackers, which was set up at the initiative of Ukraine’s digital minister Mykhailo Fedorov.
The group, which can be accessed via the encrypted messaging service Telegram, has a list of potential targets in Russia, companies and institutions, for the hackers to target.
It’s difficult to judge the effect the cyber-army is having.

Russia Releases List of IPs, Domains Attacking Its Infrastructure with DDoS Attacks
https://thehackernews.com/2022/03/russia-releases-list-of-ips-domains.html
Russia Blocks Access to Facebook Over War
https://www.securityweek.com/russia-blocks-access-facebook-over-war
Russia’s state communications watchdog has ordered to completely block access to Facebook in Russia amid the tensions over the war in Ukraine.
The agency, Roskomnadzor, said Friday it decided to cut access to Facebook over its alleged “discrimination” of the Russian media and state information resources. It said the restrictions introduced by Facebook owner Meta on the RT and other state-controlled media violate the Russian law.

Cyberattack Knocks Thousands Offline in Europe
https://www.securityweek.com/cyberattack-knocks-thousands-offline-europe
Thousands of internet users across Europe have been thrown offline after what sources said Friday was a likely cyberattack at the beginning of Russia’s offensive in Ukraine.
According to Orange, “nearly 9,000 subscribers” of a satellite internet service provided by its subsidiary Nordnet in France are without internet following a “cyber event” on February 24 at Viasat, a US satellite operator of which it is a client.
Eutelsat, the parent company of the bigblu satellite internet service, also confirmed to AFP on Friday that around one-third of bigblu’s 40,000 subscribers in Europe, in Germany, France, Hungary, Greece, Italy and Poland, were affected by the outage on Viasat.
In the US, Viasat said on Wednesday that a “cyber event” had caused a “partial network outage” for customers “in Ukraine and elsewhere” in Europe who rely on its KA-SAT satellite.
Viasat gave no further details, saying only that “police and state partners” had been notified and were “assisting” with investigations.
General Michel Friedling, head of France’s Space Command said there had been a cyberattack.

Cybercriminals Seek to Profit From Russia-Ukraine Conflict
https://www.securityweek.com/cybercriminals-seek-profit-russia-ukraine-conflict
Dark web threat actors are looking to take advantage of the tensions between Russia and Ukraine, offering network access and databases that could be relevant to those involved in the conflict, according to a new report from Accenture.
Since mid-January, cybercriminals have started to advertise compromised assets relevant to the Russia-Ukraine conflict, and they are expected to increase their offering of databases and network access, with potentially crippling effects for the targeted organizations.
Just over a month ago, soon after the destructive WhisperGate attacks on multiple government, IT, and non-profit organizations in Ukraine, threat actors started to advertise on the dark web access to both breached networks and databases that allegedly contained personally identifiable information (PII).
Amid Russian invasion, Ukraine granted formal role with NATO cyber hub https://therecord.media/amid-russian-invasion-ukraine-granted-formal-role-with-nato-cyber-hub/
Ukraine was granted the formal role of “contributing participant” to the hub, known as the Cooperative Cyber Defence Centre of Excellence (CCDCOE), by its 27-member steering committee, the organization announced. “Ukraine’s presence in the Centre will enhance the exchange of cyber expertise, between Ukraine and CCDCOE member nations, ” Col.
Jaak Tarien, the institution’s director, said in a statement.

This Ukrainian cyber firm is offering hackers bounties for taking down Russian sites https://therecord.media/this-ukrainian-cyber-firm-is-offering-hackers-bounties-for-taking-down-russian-sites/
In the days following Russia’s invasion of Ukraine, dozens of hacking groups have taken sides in the conflict, launching attacks on various organizations and government institutions. Cyber Unit Technologies, a Kyiv-based cybersecurity startup, has been particularly outspoken on Tuesday, the company started a campaign to reward hackers for taking down Russian websites and pledged an initial $100, 000 to the program.

High Above Ukraine, Satellites Get Embroiled in the War
https://www.wired.com/story/ukraine-russia-satellites/
While the Russian invasion rages on the ground, companies that operate data-collecting satellites find themselves in an awkward position.
Some researchers are worried that the reliance on satellite imagery has given too much power to the companies that control this technology. “There’s companies like Maxar and Planet that are privately owned and they have the final say on whether or not they want to share the information, ” says Anuradha Damale. The role of private companies in conflicts such as Ukraine means commercial satellites could become targets. In the days before Russia invaded, US space officials warned satellite companies that the conflict could extend into space.

CISA Releases Advisory on Destructive Malware Targeting Organizations in Ukraine https://www.cisa.gov/uscert/ncas/current-activity/2022/02/26/cisa-releases-advisory-destructive-malware-targeting-organizations
CISA and the Federal Bureau of Investigation have released an advisory on destructive malware targeting organizations in Ukraine. The advisory also provides recommendations and strategies to prepare for and respond to destructive malware. Additionally, CISA has created a new Shields Up Technical Guidance webpage that details other malicious cyber activity affecting Ukraine. The webpage includes technical resources from partners to assist organizations against these threats.
Alert: https://www.cisa.gov/uscert/ncas/alerts/aa22-057a

US firms should be wary of destructive malware unleashed on Ukraine, FBI and CISA warn – CNNPolitics
https://www.cnn.com/2022/02/26/politics/ukraine-malware-warning-cybersecurity-fbi-cisa/index.html
EU Activates Cyber Rapid Response Team Amid Ukraine Crisis

https://www.bankinfosecurity.com/eu-activates-cyber-rapid-response-team-amid-ukraine-crisis-a-18584

Amid rapid escalation in the Russia-Ukraine conflict derived from historical grievances and qualms with Ukraine’s plan to join the military alliance NATO, the world’s network defenders remain on high alert. And on Tuesday, the European Union confirmed that it will activate its elite cybersecurity team to assist Ukrainians if Russian cyberattacks occur.

UK alludes to retaliatory cyber-attacks on Russia
https://therecord.media/uk-alludes-to-retaliatory-cyber-attacks-on-russia/
The UK government alluded yesterday that it might launch offensive cyber operations against Russia if the Kremlin attacks UK computer systems after an invasion of Ukraine.

Amazon: Charities, aid orgs in Ukraine attacked with malware
https://www.bleepingcomputer.com/news/security/amazon-charities-aid-orgs-in-ukraine-attacked-with-malware/
Charities and non-governmental organizations (NGOs) providing critical support in Ukraine are targeted in malware attacks aiming to disrupt their operations and relief efforts seeking to assist those affected by Russia’s war. Amazon has detected these attacks while working with the employees of NGOs, charities, and aid organizations, including UNICEF, UNHCR, World Food Program, Red Cross, Polska Akcja Humanitarna, and Save the Children.

Ransomware Used as Decoy in Destructive Cyberattacks on Ukraine
https://www.securityweek.com/ransomware-used-decoy-destructive-cyberattacks-ukraine
Destructive ‘HermeticWiper’ Malware Targets Computers in Ukraine

https://www.securityweek.com/destructive-hermeticwiper-malware-targets-computers-ukraine

Just as Russia was preparing to launch an invasion of Ukraine, Ukrainian government websites were disrupted by DDoS attacks and cybersecurity firms reported seeing what appeared to be a new piece of malware on hundreds of devices in the country.
The new malware, dubbed “HermeticWiper” by the cybersecurity community, is designed to erase infected Windows devices. The name references a digital certificate used to sign a malware sample — the certificate was issued to a Cyprus-based company called Hermetica Digital.
“At this time, we haven’t seen any legitimate files signed with this certificate. It’s possible that the attackers used a shell company or appropriated a defunct company to issue this digital certificate,” explained endpoint security firm SentinelOne, whose researchers have been analyzing the new malware.
The malware has also been analyzed by researchers at ESET and Symantec. Each of the companies has shared indicators of compromise (IoCs) associated with HermeticWiper.
ESET first spotted HermeticWiper on Wednesday afternoon (Ukraine time) and the company said hundreds of computers in Ukraine had been compromised.

HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine https://www.sentinelone.com/labs/hermetic-wiper-ukraine-under-attack/
On February 23rd, the threat intelligence community began observing a new wiper malware sample circulating in Ukrainian organizations. Our analysis shows a signed driver is being used to deploy a wiper that targets Windows devices, manipulating the MBR resulting in subsequent boot failure. This blog includes the technical details of the wiper, dubbed HermeticWiper, and includes IOCs to allow organizations to stay protected from this attack. This sample is actively being used against Ukrainian organizations, and this blog will be updated as more information becomes available. Also:
https://www.welivesecurity.com/2022/02/24/hermeticwiper-new-data-wiping-malware-hits-ukraine/
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ukraine-wiper-malware-russia
https://www.bleepingcomputer.com/news/security/new-data-wiping-malware-used-in-destructive-attacks-on-ukraine/

HermeticWiper: A detailed analysis of the destructive malware that targeted Ukraine https://blog.malwarebytes.com/threat-intelligence/2022/03/hermeticwiper-a-detailed-analysis-of-the-destructive-malware-that-targeted-ukraine/
The day before the invasion of Ukraine by Russian forces on February 24, a new data wiper was unleashed against a number of Ukrainian entities. This malware was given the name “HermeticWiper” based on a stolen digital certificate from a company called Hermetica Digital Ltd. This wiper is remarkable for its ability to bypass Windows security features and gain write access to many low-level data-structures on the disk. In addition, the attackers wanted to fragment files on disk and overwrite them to make recovery almost impossible.

In Ukraine, Online Gig Workers Keep Coding Through the War
https://www.wired.com/story/gig-work-in-ukraine/
Freelancers or gig workers who piece together work on online platforms are a hidden engine of the Ukrainian economyand the world’s. They work as software engineers, project managers, IT technicians, graphic designers, editors, and copywriters. And they work for everyone.
Invading Russian forces have plunged freelancers’ home offices into chaos and uncertainty. Vlad, a video editor in southern Ukraine, says he’s grown accustomed to the air alarm signal, and hiding until it has passed. Now there are battles 30 miles from his home. “But as long as there is water, electricity, and internet, I can work, ” he says.
“Because we all need to live for something, eat

Leaving Russia? Experts Say Wipe Your Phone Before You Go
https://www.forbes.com/sites/thomasbrewster/2022/03/04/russians-escaping-putins-repression-urged-to-wipe-their-phones/
Russians fleeing President Vladimir Putin’s regime as it cracks down on anti-war sentimentand rumors of martial law grow louderare being advised to wipe their phones, especially of any traces of support for Ukraine. If they don’t, experts say they may face detention. They’re starting by deleting messages on Signal, Telegram or any app that promises security. For those leaving the country, they’re deleting the apps themselves, and urging others to do the same. Russian media has first-hand accounts of lengthy interrogations at the border, along with phone and laptop searches, though Forbes could not corroborate those claims.

Why ICANN Won’t Revoke Russian Internet Domains
The organization says cutting the country off would have “devastating” effects on the global internet system.
https://www.wired.com/story/why-icann-wont-revoke-russian-internet-domains/#intcid=_wired-bottom-recirc_8e802014-a05f-48c5-89e8-9dad931361ad_text2vec1-reranked-by-vidi
Ukraine on Monday asked ICANN to revoke Russian top-level domains such as .ru, .рф, and .su; to “contribute to the revoking for SSL certificates” of those domains; and to shut down DNS root servers in Russia. Fedorov argued that the requested “measures will help users seek for reliable information in alternative domain zones, preventing propaganda and disinformation.”
Ukraine’s request to cut Russia off from core parts of the internet has been rejected by the nonprofit group that oversees the Internet’s Domain Name System (DNS). CEO Göran Marby of the Internet Corporation for Assigned Names and Numbers (ICANN) said the group must “maintain neutrality and act in support of the global internet.”
“Our mission does not extend to taking punitive actions, issuing sanctions, or restricting access against segments of the internet—regardless of the provocations,” Marby wrote in his response to Ukraine Vice Prime Minister Mykhailo Fedorov.
https://www.icann.org/en/system/files/correspondence/marby-to-fedorov-02mar22-en.pdf

TikTok Was Designed for War
As Russia’s invasion of Ukraine plays out online, the platform’s design and algorithm prove ideal for the messiness of war—but a nightmare for the truth.
https://www.wired.com/story/ukraine-russia-war-tiktok/#intcid=_wired-bottom-recirc_8e802014-a05f-48c5-89e8-9dad931361ad_text2vec1-reranked-by-vidi

1,740 Comments

  1. Tomi Engdahl says:

    Russia pivots to Chinese CPUs that aren’t subject to US sanctions — Russia’s homegrown Linux-based Alt OS now supports Chinese LoongArch chips
    https://www.tomshardware.com/news/russia-alt-os-linux-china-loongson-loongarch

    Reply
  2. Tomi Engdahl says:

    Pääkirjoitus: Velttoilu Putinin Venäjää kohtaan kostautuu nyt Suomen itärajalla – tätä Maria Zaharovan ikävä vihjailu vasta­toimista voi tarkoitta https://www.is.fi/paakirjoitus/art-2000010001968.html

    Reply
  3. Tomi Engdahl says:

    Kybersoturit

    Katso: K1, J1
    1 kausi
    ·
    tutkiva journalismi
    ·
    dokumentti
    ·
    ahdistava
    ·
    rankka
    Kaksiosainen dokumentti neljästä norjalaismiehestä, jotka yrittävät vaikuttaa Venäjään kybertoiminnan kautta. Tuotanto: NRK, 2023.
    https://areena.yle.fi/1-66193016

    Reply
  4. Tomi Engdahl says:

    The Russian economy is in bad shape, no matter what the Kremlin says: Russian economist
    https://www.businessinsider.com/russia-economy-real-situation-economist-ukraine-war-sanctions-growth-inflation-2023-11?utm_medium=social&utm_source=facebook&utm_campaign=insider-sf&fbclid=IwAR3Qh6WHccULCgZ2_xv6JKQEVsZjT_oJO3vWB3vez7P6XkzWUx-lxhYmGpU&r=US&IR=T

    The “real situation” in Russia’s economy is bad, Russian economist Igor Lipsits told Reuters.
    Russian authorities’ rosy announcements are aimed at making the Kremlin happy, he said.
    Around 14% of Russians live below or are on the brink of poverty, he added.

    Reply
  5. Tomi Engdahl says:

    Yle: Venäjä vakoilee suomalaisia vähän tunnetulla ja huomaamattomalla tavalla https://www.is.fi/digitoday/tietoturva/art-2000010005268.html

    Venäjän vakoilu saattaa ulottua ihmisten yksityisviestintään asti, kertoo Yle.
    VENÄJÄ todennäköisesti vakoilee suomalaisten tietoliikennettä tavalla, joka on erittäin vähän tunnettu. Lutsh (säde, valokeila, valonsäde) -nimiset vakoilusatelliitit ohjataan tietoliikennesatelliittien viereen, jolloin jälkimmäisten heikohkosti salattu tietoliikenne on varastettavissa ja siirrettävissä maahan kopioitavaksi, kertoo Yle.

    Supo listasi maaliskuussa vakoilun kolme pääkohdetta Suomessa: ulko- ja turvallisuus­poliittinen päätöksenteko sekä yritysvakoilu. Jälkimmäiseen syynä ovat pyrkimykset tukea pakotteiden kurittaman huippu­teknologiatuonnin korvaavaa valmistusta Venäjällä.

    Reply
  6. Tomi Engdahl says:

    USB worm unleashed by Russian state hackers spreads worldwide
    LitterDrifter’s means of self-propagation are simple. So why is it spreading so widely?
    https://arstechnica.com/security/2023/11/normally-targeting-ukraine-russian-state-hackers-spread-usb-worm-worldwide/

    A group of Russian-state hackers known for almost exclusively targeting Ukrainian entities has branched out in recent months, either accidentally or purposely, by allowing USB-based espionage malware to infect a variety of organizations in other countries.

    The group—known by many names, including Gamaredon, Primitive Bear, ACTINIUM, Armageddon, and Shuckworm—has been active since at least 2014 and has been attributed to Russia’s Federal Security Service by the Security Service of Ukraine. Most Kremlin-backed groups take pains to fly under the radar; Gamaredon doesn’t care to. Its espionage-motivated campaigns targeting large numbers of Ukrainian organizations are easy to detect and tie back to the Russian government. The campaigns typically revolve around malware that aims to obtain as much information from targets as possible.

    Reply
  7. Tomi Engdahl says:

    Russian Hackers Linked to ‘Largest Ever Cyber Attack’ on Danish Critical Infrastructure
    https://thehackernews.com/2023/11/russian-hackers-launch-largest-ever.html

    Russian threat actors have been possibly linked to what’s been described as the “largest cyber attack against Danish critical infrastructure,” in which 22 companies associated with the operation of the country’s energy sector were targeted in May 2023.

    “22 simultaneous, successful cyberattacks against Danish critical infrastructure are not commonplace,” Denmark’s SektorCERT said [PDF]. “The attackers knew in advance who they were going to target and got it right every time. Not once did a shot miss the target.”

    The agency said it found evidence connecting one or more attacks to Russia’s GRU military intelligence agency, which is also tracked under the name Sandworm and has a track record of orchestrating disruptive cyber assaults on industrial control systems. This assessment is based on artifacts communicating with IP addresses that have been traced to the hacking crew.

    Reply
  8. Tomi Engdahl says:

    Ukrainan jälleenrakennus on yrityksille 400 miljardin auttamismahdollisuus
    https://www.op-media.fi/yrittajyys/ukrainan-jalleenrakennus/?cmpid=….facebook+instagram.social.YA-suuret+yritykset%2C+vastuullisuus_Ukrainan+j%C3%A4lleenrakennus+on+yrityksille+400+miljardin+auttamismahdollisuus.&fbclid=IwAR1cCJ56xpAV-EbDN110SLktOPS7E8tvISs3PP2fyPYerAzkzbz74Z9VQac_aem_AXbfzhPTYWM7QqPK5vQ_0D9hfhguRnuEFkDuaKckxEje1U6QO9i7brFJhla6OB3Bg_qOC27GIrfyAm5KJOt6jZqN

    Ukrainan jälleenrakennus on jo alkanut. Siksi viimeistään nyt yritysten on pankkien lailla tehtävä kotiläksyjä sen suhteen, miten Ukrainan jälleenrakennukseen kannattaa lähteä mukaan.

    Reply
  9. Tomi Engdahl says:

    Yle MOT: Salainen raportti paljastaa – Tällainen oli Venäjän suunnitelma Suomen Nato-jäsenyyden jarruttamiseksi
    Suojelupoliisi vahvistaa Yle MOT:lle, että se tiesi Venäjän tiedustelupalvelun suunnitelmista.
    https://www.iltalehti.fi/kotimaa/a/01e65655-27f5-4d24-a965-8a413554416d
    https://yle.fi/a/74-20063067

    Reply
  10. Tomi Engdahl says:

    ”Ensimmäinen ajatukseni oli rientää pankki­­automaatille” – Ukrainan sota poiki todellisia yllätyksiä https://www.is.fi/digitoday/art-2000009974761.html

    Reply
  11. Tomi Engdahl says:

    MOT sai haltuunsa salaisen tiedusteluraportin, jonka mukaan Venäjä suunnitteli häiritsevänsä Suomen ja Ruotsin liittymistä Natoon
    Suojelupoliisi vahvistaa tienneensä Venäjän tiedustelupalvelun suunnitelmista mielenosoitusten lietsomiseksi.
    https://yle.fi/a/74-20063067

    Reply
  12. Tomi Engdahl says:

    Actors Recorded Videos for ‘Vladimir.’ It Turned Into Russian Propaganda.
    Microsoft found that celebrities were tricked into making videos used to attack Ukrainian President Volodymyr Zelensky
    https://www.wsj.com/tech/cybersecurity/actors-recorded-videos-for-vladimir-it-turned-into-russian-propaganda-7ff2ce8e

    Reply
  13. Tomi Engdahl says:

    Näkökulma: Rajan takana voi kohta olla sodan voittanut Venäjä, jonka armeija on täydessä iskussa – Nato-jäsenyys ei riitä Suomelle, toimia vaaditaan pian
    https://www.iltalehti.fi/politiikka/a/27d630d6-c834-4235-b2bf-e193443cbb4c

    Reply
  14. Tomi Engdahl says:

    Tutkija kehotti suomalaisia laittamaan koti­varansa kuntoon – tässä syy
    Charly Salonius-Pasternakin mukaan kyseessä ei ole ennustus, mutta monien asioiden summana voisi pahimmillaan edessä olla suomalaisille entistä haastavampi tilanne.
    https://www.is.fi/kotimaa/art-2000010049105.html

    Reply
  15. Tomi Engdahl says:

    Salonius-Pasternakilta painava viesti Suomen reserviläisille
    Ulkopoliittisen instituutin johtava tutkija ei pidä Suomeen kohdistuvaa sotilaallista uhkaa todennäköisimpänä, mutta mahdollisena.
    https://yle.fi/a/74-20064302

    Reply
  16. Tomi Engdahl says:

    Huolestuttava tieto Yhdysvalloista: Lähes puolet äänestäjistä kokee, että Ukrainaa tuetaan liikaa – IL seuraa sotaa
    Iltalehti seuraa Ukrainan sotaa hetki hetkeltä.
    https://www.iltalehti.fi/ulkomaat/a/9435695b-e455-4c18-8a2d-68e6e241c31f

    Ukrainan ulkoministeriö tuomitsee Kansainvälisen olympiakomitean päätöksen sallia venäläiset ja valko-venäläiset yksilölajien urheilijat Pariisin 2024 olympialaisiin.
    Ukraina jyrähti Venäjän vaaliaikeista.
    Ajatushautomo ISW:n mukaan Venäjän taloutta riivaa kasvava työvoimapula.

    Reply
  17. Tomi Engdahl says:

    Ukraina on vaarassa hävitä, ja sen jälkeen Venäjä voi hyökätä Nato-maahan naapurissaan, varoittaa nyt moni taho
    Lännellä on enää muutama kuukausi aikaa kääntää tukensa Ukrainalle kasvuun, sanoo Ulkopoliittisen instituutin ohjelmajohtaja Arkady Moshes.
    https://yle.fi/a/74-20064091

    Reply
  18. Tomi Engdahl says:

    Infosodan veteraani
    Miten nuoresta ja lahjakkaasta tutkijasta tuli Suomi-vihaa Venäjällä lietsova putinisti? Sitä ovat pohtineet Johan Bäckmanin vanhat kollegatkin. Vai aloittiko Bäckman infosotansa jo 1990-luvulla?
    ”Hän aloitti jo silloin tämän pelinsä” – Kollegat kertovat hetkistä, jolloin alkoivat ihmetellä Johan Bäckmanin maailmankuvaa
    https://www.is.fi/kotimaa/art-2000010060439.html

    Reply
  19. Tomi Engdahl says:

    Nato-komentaja: Putinilla on erityisesti kaksi vaarallista asetta
    https://www.is.fi/ulkomaat/art-2000010043848.html

    Tulevaisuuden sodankäynnissä avaruus ja kyberturvallisuus tulevat olemaan tärkeitä tekijöitä.

    VENÄJÄ on laajan ydinasearsenaalinsa vuoksi ainoa Yhdysvaltain olemassaoloa uhkaava vastustaja, sanoo amiraali Daryl Caudle hyvin suoraan.

    Caudle on Naton Norfolkin yhteisoperaatiojohtoportaan komentaja. Yhdysvaltain toisen laivaston amiraalina hän vastaa laivaston alusten lähettämisestä niille merialuille, joita koettelevat erilaiset kriisit ja konfliktit.

    Caudlen mukaan Vladimir Putinin Venäjällä on ydinaseiden lisäksi myös toinen vaarallinen ase: sukellusvenejoukot.

    Caudle sanoo, että talouskurimuksesta huolimatta Venäjä jatkaa niiden suorituskykyyn panostamista.

    – Venäjällä on maailmanluokan sukellusveneet. Heillä on esimerkiksi erittäin kyvykkäitä ballistisia ohjuksia operoivia sukellusveneitä. Ne voivat operoida missä päin maailmaa hyvänsä ja iskeä minne vain.

    Reply
  20. Tomi Engdahl says:

    Ukrainan armeijan komentajan toimistosta paljastui häijy laite
    Myös komentaja Valeri Zalužnyin alaisten työhuoneista löytyi salakuuntelulaitteita, ukrainalaislehti kertoo.
    https://www.iltalehti.fi/ulkomaat/a/1ff722aa-d594-4e3d-9d17-1e0a8b94c1c8

    Huoneesta, jota Ukrainan asevoimien komentajan Valeri Zalužnyin voisi käyttää tulevaisuudessa työssään, on löytynyt salakuuntelulaite, Ukrainan turvallisuuspalvelu SBU kertoo Telegram-kanavallaan.

    Reply
  21. Tomi Engdahl says:

    Ukrainian hackers destroy IT infrastructure of Russian water company
    https://www.pravda.com.ua/eng/news/2023/12/20/7433934/

    Ukrainian hackers from the Blackjack group, likely with the support of cyber specialists of the Security Service of Ukraine (SSU), conducted a cyber attack on the IT infrastructure of Rosvodokanal (a Russian company that deals with water utilities and water management – ed.), and now its work is blocked.

    Source: Ukrainska Pravda sources in law enforcement agencies

    Details: Sources say hackers attacked over 6,000 computers and deleted over 50 TB of data. They targeted internal document management, corporate mail, cyber defenсe services, backups, etc.

    Reply
  22. Tomi Engdahl says:

    Putin Orders Hunt for Property of Russian Empire, Soviet Union
    https://www.bloomberg.com/news/articles/2024-01-19/putin-orders-hunt-for-property-of-russian-empire-soviet-union?srnd=premium-europe&leadSource=uverify%20wall

    President directs officials to search for Russian assets
    Russian empire extended over eastern Europe, Finland at peak

    Reply
  23. Tomi says:

    Lähteet: Putin otti salassa yhteyttä Yhdysvaltoihin – Kreml kiistää
    Talousmedia Bloombergin tietojen mukaan Kremlistä on viestitetty Washingtoniin, että Venäjä on valmis keskustelemaan Ukrainan sodan päättämisestä.

    https://www.iltalehti.fi/ulkomaat/a/7a02b992-248b-41d8-9704-331f569f0ebb

    Reply
  24. Tomi Engdahl says:

    Internetin käyttöä rajoitetaan Venäjällä – syy herättää kysymyksiä
    4G-yhteyksiä rajoitetaan jo kolmella alueella Venäjällä.
    https://www.is.fi/ulkomaat/art-2000010150602.html

    4G-YHTEYKSIEN käyttöä rajoitetaan Venäjällä Leningradin alueella. Rajoitukset koskevat kaikkien matkapuhelinoperaattoreiden palveluja. Moscow Times -lehden mukaan rajoitukset alkoivat perjantaina 26. tammikuuta, ja ne ovat voimassa kuun loppuun asti.

    4G-verkon käytön rajoitukset alkavat päivittäin kello 23 illalla ja päättyvät kello 6 aamulla paikallista aikaa.

    Matkapuhelinoperaattorit ovat kertoneet katkojen syyksi taajuuksien muuttamisen, mutta talouslehti Forbesille puhuneen lähteen mukaan taajuuksia voidaan muuttaa sulkematta palveluita. Lähde pitää erikoisena, että muutoksia tehtäisiin usealla alueella ja matkapuhelinoperaattorilla samaan aikaan.

    – Syy voi olla jokin muu kuin virallisesti ilmoitettu

    – Huomioikaa, että Tele2:sta riippumattomista syistä mobiili-internetyhteys ei välttämättä ole käytössä. Huomioikaa myös, että rajoitukset voivat vaikuttaa negatiivisesti verkkopalvelujen, pankkiautomaattien ja maksupäätteiden toimintaan.

    Hän arvelee, että rajoitusten taustalla ovat droneiskut, joita Ukraina on tehnyt Venäjälle.

    – Todennäköisesti katkokset liittyvät Ukrainan ensimmäiseen hyökkäykseen Leningradin alueelle täysimittaisen sodan alkamisen jälkeen.

    TAMMIKUUSSA Ukraina onnistui droneiskussa Leningradin alueella. Ensin 18. tammikuuta Ukraina yritti iskeä öljyterminaaliin, mutta Venäjä onnistui torjumaan iskun. Kolme päivää myöhemmin Ukraina onnistui iskussa maakaasuterminaaliin Suomenlahden rannikolla Laukaansuulla.

    Aiemmin vastaavia rajoituksia on otettu käyttöön Pskovin ja Novgorodin alueilla, joille Ukraina on iskenyt.

    Reply
  25. Tomi Engdahl says:

    Pääkirjoitus: Putinin Venäjä testaa jo tekoälyasettaan – Trumpin ja Bidenin kaksintaistelusta voi tulla deepfaken temmellyskenttä
    https://www.is.fi/paakirjoitus/art-2000010203368.html

    Reply
  26. Tomi Engdahl says:

    Varoitus Nato-liittolaisille Alanko­maista – myös supo hereillä
    Alankomaiden viranomaisten mukaan kiinalaiset hakkerit onnistuivat sijoittamaan maan asevoimien tietoverkkoon vakoiluhaitta­ohjelman.
    https://www.is.fi/ulkomaat/art-2000010222145.html

    ALANKOMAALAISTEN tiedusteluviranomaisten mukaan Kiinan vakoilu Hollannissa ja sen liittolaismaissa on selkeässä kasvussa. Myös Suomi Alankomaiden Nato-liittolaisena kuuluu näiden maiden ryhmään.

    Alankomaiden sotilastiedustelupalvelut kertoivat viime viikolla, että Kiinan valtion tukemat kybervakoilijat pääsivät viime vuonna tunkeutumaan Hollannin sotilastietoverkkoon.

    Tiedustelupalvelujen mukaan operaatio oli osa Kiinan poliittista vakoilua Hollantia ja sen liittolaisia vastaan.

    Reply
  27. Tomi says:

    Ben Hall / Financial Times:
    Ukraine’s GUR military intelligence unit says Russian forces are using Starlink terminals on the front line, corroborating multiple media reports in recent days

    Russia using Elon Musk’s Starlink on Ukraine front line, says Kyiv
    Adoption of satellite internet service by Moscow’s troops ‘systemic’
    https://www.ft.com/content/e69c8c20-85a2-4e98-8b6f-46b92f42871b

    Please use the sharing tools found via the share button at the top or side of articles. Copying articles to share with others is a breach of FT.com T&Cs and Copyright Policy. Email [email protected] to buy additional rights. Subscribers may share up to 10 or 20 articles per month using the gift article service. More information can be found at https://www.ft.com/tour.
    https://www.ft.com/content/e69c8c20-85a2-4e98-8b6f-46b92f42871b

    Russian forces are using Starlink terminals on the front line in Ukraine, according to the Ukrainian military, which said the adoption of Elon Musk’s satellite internet service by Moscow’s troops was becoming “systemic”.

    Ukraine’s GUR military intelligence unit said on Telegram on Sunday that radio intercepts confirmed the use of Starlink terminals by Russian units operating in the occupied Donetsk region of eastern Ukraine.

    “Yes, there have been recorded cases of the Russian occupiers using these devices,” Andriy Yusov, a GUR officer, told RBC-Ukraine. “This is starting to take on a systemic nature.”

    GUR made its claim following multiple reports in recent days that Russian forces are using Starlink devices, including a sighting reported by news outlet Defense One of the company’s distinctive square-shaped receivers close to Russian positions.

    One Russian volunteer group flaunted on social media the devices it said it had purchased for Russian forces.

    https://twitter.com/sambendett/status/1755608457280160187

    Reply
  28. Tomi Engdahl says:

    Venäjän hyökkäys Ukrainaan alkoi iskulla 30 tuhanteen modeemiin
    https://etn.fi/index.php/13-news/15913-venaejaen-hyoekkaeys-ukrainaan-alkoi-iskulla-30-tuhanteen-modeemiin

    Venäjän hyökkäyssota Ukrainaan on nyt kestänyt jo kaksi vuotta. Moni muistaa sen aamun, kun hyökkäys alkoi, mutta tosiasiassa hyökkäys alkoi kyberiskuilla jo aiemmin. Ennen joukkojen siirtymistä rajan yli Venäjä iski satelliittiyhteyksillä toimineisiin modeemeihin.

    Check Pointin Threat Intelligence -tutkimusta johtava Lotem Finkelsteem esitteli viime viikolla yhtiön CPX 2024 -tapahtumassa kybersodankäynnin uusia tuulia. Esitys pyrki ennen kaikkea poistamaan mystiikka kybersodankäynnistä, joka tarkoittaa monia asioita: informaatiosotaa, sähkömagneettista häirintää, kybervakoilu ja hyökkäyksiä infrastruktuuriin.

    Reply
  29. Tomi Engdahl says:

    Venäjän televisiossa esitettiin härski videoväärennös – ”Onko Moskovassa hauskaa tänään?”
    Venäjän suurimpiin kuuluva TV-kanava jakoi väärennettyä videota Oleksi Danilovista.
    https://www.iltalehti.fi/ulkomaat/a/e8ad4dea-2717-4049-9371-d6a5edbc9b04

    Venäjän Kremliä myötäilevällä TV-kanava NTV:llä esitettiin lauantaina väitetysti Ukrainan presidentin turvallisuusneuvonantaja Oleksi Danilovia esittävä väärennetty video, joka vihjaa Ukrainan olevan syyllinen Moskovan terrori-iskuun. Asiasta kertoo BBC:n tutkiva toimittaja Shayan Sardarizadeh.

    Sardarizadehin mukaan kyseessä on deepfake-video, johon on liitetty tekoälyn avulla luotua puhetta. Videon katsojalle näyttää, että Danilov kommentoisi Moskovan perjantaista terrori-iskua seuraavaan tapaan:

    ”Onko Moskovassa hauskaa tänään? Uskon, että todella hauskaa. Haluan uskoa, että tulemme järjestämään heille tällaisia huveja useamminkin.”

    BBC:n mukaan väärennös on luotu yhdistelemällä materiaalia kahdesta äskettäin julkaistusta haastattelusta, joilla esiintyy Danilovin lisäksi Ukrainan tiedustelujohtaja Kyrylo Budanov. Väärennetyllä videolla näkyvät samat haastattelijat kuin pohjana toimivalla videolla, jolla haastatellaan Budanovia.

    Deepfake-videolla kuuluvia sanoja ei kuitenkaan koskaan lausuttu, joten ne on todennäköisesti luotu tekoälyn avulla. Väärennettyä videota on jaettu laajasti internetissä.

    Russian TV airs fake video blaming Ukraine for Moscow attack
    https://www.bbc.com/news/live/world-68642036?ns_mchannel=social&ns_source=twitter&ns_campaign=bbc_live&ns_linkname=65feee133c0b7a6946ae3614%26Russian%20TV%20airs%20fake%20video%20blaming%20Ukraine%20for%20Moscow%20attack%262024-03-23T15%3A40%3A04.475Z&ns_fee=0&pinned_post_locator=urn:asset:b8f8fd75-07a2-4302-866a-aeeb2c5e0aff&pinned_post_asset_id=65feee133c0b7a6946ae3614&pinned_post_type=share

    One of Russia’s major channels, NTV, has broadcast a fake video using AI-generated audio of a top Ukrainian security official in an attempt to blame Ukraine for last night’s attack.

    In the video, which has also been widely shared online, Ukraine’s top security official Oleksiy Danilov appears to say: “It is fun in Moscow today. I think it’s a lot of fun. I would like to believe that we will arrange such fun for them more often.”

    However, BBC Verify has established that the video is a composite of two interviews published in the last week. The voice of Danilov was likely generated using AI technology, according to an expert.

    What we know about the attack on a Moscow concert hall

    The attack on a Moscow concert hall on Friday was the worst in Russia for years. More than 100 people were killed as gunmen stormed the complex.

    How did the attack unfold?

    A rock band were due to perform to a packed Crocus City Hall on the outskirts of Moscow on Friday evening. Video showed at least four people wearing camouflage shooting randomly before proceeding into the concert hall itself and opening fire there.

    Russian investigators said a flammable liquid was used to start a fire which engulfed the facade of the building.

    Who are the Crocus City Hall victims?

    As of Saturday afternoon, at least 133 people had been confirmed dead, while at least 60 remain in a serious condition.

    Who are the attackers?

    Russian MP Alexander Khinshtein said the attackers fled in a white Renault car, which was stopped by police in the Bryansk region about 340km (210 miles) away from Moscow.

    Their identities have not been confirmed, but the Russian government says the four suspected gunmen who were arrested are not Russian citizens.

    Who was behind the attack?

    In a brief statement, the Islamic State (IS) said it was behind the attack. On Saturday, it released a photograph of what it said were the four attackers – all masked.

    President Putin said the attackers were heading to Ukraine. However, Kyiv has denied any involvement.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*