Ukraine and Russia seems to be at the moments on both traditional and cyber war. We could call that hybrid warfare. We are at a cyber war. Countless examples exist of damage to infrastructure from hostile acts via computer attacks. Russia’s invasion of Ukraine has been a hybrid war from the start, a mix of conventional military strategy — traditional “boots on the ground” — and a slightly more unconventional, digital or cyberwar. On the morning of February 22, 2022, the world woke to the news that Russia had moved troops into two separatist regions of eastern Ukraine. Russia started to conduct attacks to Ukraine on February 24. Before physical attacks Russia did several cyber attacks towards IT systems in Ukraine.
Here are links to some material on the cyber side of this war:
How the Eastern Europe Conflict Has Polarized Cyberspace
https://blog.checkpoint.com/2022/02/27/how-the-eastern-europe-conflict-polarized-cyberspace/
The war between Russia and Ukraine is advancing. People everywhere are deciding who they will support. The same dynamic happens in the cyberspace. Hacktivists, cybercriminals, white hat researchers or even technology companies are picking a clear side, emboldened to act on behalf of their choices. Historically, Russia has had superiority over Ukraine in the cyberspace. And last week, Ukraine was attacked by destructive wiping malware. However, the situation is starting to change, as most of the non-nation cyber state actors are taking the side of Ukraine. To defend itself, the Ukrainian government has created an international IT army of hacktivists.
As war escalates in Europe, it’s ‘shields up’ for the cybersecurity industry
https://techcrunch.com/2022/03/02/as-war-escalates-in-europe-its-shields-up-for-the-cybersecurity-industry/
In unprecedented times, even government bureaucracy moves quickly. As a result of the heightened likelihood of cyberthreat from Russian malactor groups, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) — part of the Department of Homeland Security — issued an unprecedented warning recommending that “all organizations — regardless of size — adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.”
Digital technology and the war in Ukraine
https://blogs.microsoft.com/on-the-issues/2022/02/28/ukraine-russia-digital-war-cyberattacks/
All of us who work at Microsoft are following closely the tragic, unlawful and unjustified invasion of Ukraine. This has become both a kinetic and digital war, with horrifying images from across Ukraine as well as less visible cyberattacks on computer networks and internet-based disinformation campaigns. We are fielding a growing number of inquiries about these aspects and our work, and therefore we are putting in one place a short summary about them in this blog. This includes four areas: protecting Ukraine from cyberattacks; protection from state-sponsored disinformation campaigns; support for humanitarian assistance; and the protection of our employees.. Also:
https://threatpost.com/microsoft-ukraine-foxblade-trojan-hours-before-russian-invasion/178702/
Ukraine: Cyberwar creates chaos, ‘it won’t win the war’
https://www.dw.com/en/ukraine-cyberwar-creates-chaos-it-wont-win-the-war/a-60999197
There have been at least 150 cyberattacks in Ukraine since Russia’s invasion. Their effect is mainly psychological, and experts say they won’t decide the war.
Russia’s invasion of Ukraine has been a hybrid war from the start, a mix of conventional military strategy — traditional “boots on the ground” — and a slightly more unconventional, digital or cyberwar.
The global technology company Microsoft has said its Threat Intelligence Center (MSTIC) detected “destructive cyberattacks directed against Ukraine’s digital infrastructure” hours before the first launch of missiles or movement of tanks on February 24.
Those attacks, which Microsoft dubbed FoxBlade, included so-called wipers — malicious software or malware — that make their way inside computer networks and literally wipe the data from all connected devices.
Cybersecurity experts in Germany have said there have been over a hundred cyberattacks, in various forms, since then. But their effect has mainly been psychological.
Why Russia Hasn’t Launched Major Cyber Attacks Since the Invasion of Ukraine
https://time.com/6153902/russia-major-cyber-attacks-invasion-ukraine/
In the relatively short and rapidly evolving history of cyber conflict, perhaps nothing has been established with greater certainty and more widely accepted than the idea that Russia has significant cyber capabilities and isn’t afraid to use them—especially on Ukraine. In 2015, Russian government hackers breached the Ukrainian power grid, leading to widespread outages. In 2017, Russia deployed the notorious NotPetya malware via Ukrainian accounting software and the virus quickly spread across the globe costing businesses billions of dollars in damage and disruption.
As tensions escalated between Russia and Ukraine, many people were expecting the conflict to have significant cyber components.
But as the invasion continues with few signs of any sophisticated cyber conflict, it seems less and less likely that Russia has significant cyber capabilities in reserve, ready to deploy if needed. Instead, it begins to look like Russia’s much vaunted cyber capabilities have been neglected in recent years, in favor of developing less expensive, less effective cyber weapons that cause less widespread damage and are considerably easier to contain and defend against. For instance, many of the cyberattacks directed at Ukraine in the past month have been relatively basic distributed denial-of-service attacks.
Given Russia’s past willingness to deploy cyberattacks with far-reaching, devastating consequences, it would be a mistake to count out their cyber capabilities just because they have so far proven unimpressive. And it’s all but impossible to prove the absence of cyber weapons in a nation’s arsenal. But the longer the conflict goes on without any signs of sophisticated cyber sabotage, the more plausible it becomes that the once formidable Russian hackers are no longer playing a central role in the country’s military operations.
Crowd-sourced attacks present new risk of crisis escalation
https://blog.talosintelligence.com/2022/03/ukraine-update.html
An unpredictable and largely unknown set of actors present a threat to organizations, despite their sometimes unsophisticated techniques.
Customers who are typically focused on top-tier, state-sponsored attacks should remain aware of these highly motivated threat actors, as well. Misattribution of these actors carries the risk of nations escalating an already dangerous conflict in Ukraine. Based on data from our fellow researchers at Cisco Kenna, customers should be most concerned about threat actors exploiting several recently disclosed vulnerabilities, highlighting the importance of consistently updating software and related systems.
Russia, Ukraine and the Danger of a Global Cyberwar
https://www.securityweek.com/russia-ukraine-and-danger-global-cyberwar
On the morning of February 22, 2022, the world woke to the news that Russia had moved troops into two separatist regions of eastern Ukraine. At the time of writing, it is not yet a full invasion of Ukraine, but Russia did conduct attacks on February 24, hitting cities with airstrikes and artillery in what was called a “special military operation” by Russian President Vladamir Putin.
Russia has been waging its own cyberwar against Ukraine for many years.
Since the beginning of 2022, however, it seems that Russian cyber activity against Ukraine has increased. This includes evidence that wiper malware has again disrupted some Ukrainian government networks, and attacks from the FSB-linked Gamaredon have targeted around 5,000 entities, including critical infrastructure and government departments. So far, however, there has not been the same scale of disruption as occurred in 2015, 2016 and 2017.
The purpose of such cyber activity is to weaken critical infrastructure, damage government’s ability to respond to any aggression, and to demoralize the population.
The U.S. has been warning the rest of the world against a potential widening scope of Russian cyber activity, and that cyber defenses generally should be tightened.
“Part of the worry,” said Willett, “is that cyberattacks against Ukraine might bleed over, like NotPetya, to affect other countries and cause wider damage unintentionally. There is some concern that the Russians may intentionally do stuff more widely, but that would probably be in retaliation for something that the U.S. or NATO might do.
This raises the whole question of ‘attribution’. The received belief is it is impossible to do accurate cyber attribution. ““It would be a mistake for any one nation to think it could attack another without being known,” said Willett.That is absolutely wrong,” said Willett.
But accidents happen. The two iconic cyberweapons have been Stuxnet and NotPetya. It is assumed that the U.S. developed Stuxnet (although this has never been admitted). NotPetya has been confidently attributed to the Russian government. Both malwares escaped from their assumed targets into the wider world. This was probably accidental – but similar accidents could lead to wider implications during a period of global geopolitical tension.
On the morning of February 24, 2022, Russian troops invaded Ukraine. This was accompanied by a further increase in cyber activity.
Ukraine Digital Army Brews Cyberattacks, Intel and Infowar
https://www.securityweek.com/ukraine-digital-army-brews-cyberattacks-intel-and-infowar
Formed in a fury to counter Russia’s blitzkrieg attack, Ukraine’s hundreds-strong volunteer “hacker” corps is much more than a paramilitary cyberattack force in Europe’s first major war of the internet age. It is crucial to information combat and to crowdsourcing intelligence.
Inventions of the volunteer hackers range from software tools that let smartphone and computer owners anywhere participate in distributed denial-of-service attacks on official Russian websites to bots on the Telegram messaging platform that block disinformation, let people report Russian troop locations and offer instructions on assembling Molotov cocktails and basic first aid.
The movement is global, drawing on IT professionals in the Ukrainian diaspora whose handiwork includes web defacements with antiwar messaging and graphic images of death and destruction in the hopes of mobilizing Russians against the invasion.
The cyber volunteers’ effectiveness is difficult to gauge. Russian government websites have been repeatedly knocked offline, if briefly, by the DDoS attacks, but generally weather them with countermeasures.
It’s impossible to say how much of the disruption — including more damaging hacks — is caused by freelancers working independently of but in solidarity with Ukrainian hackers.
A tool called “Liberator” lets anyone in the world with a digital device become part of a DDoS attack network, or botnet. The tool’s programmers code in new targets as priorities change.
Ukraine Cyber Official: We Only Attack Military Targets
https://www.securityweek.com/ukraine-cyber-official-we-only-attack-military-targets
A top Ukrainian cybersecurity official said Friday a volunteer army of hundreds of hackers enlisted to fight Russia in cyberspace is attacking only what it deems military targets, prioritizing government services including the financial sector, Kremlin-controlled media and railways.
Victor Zhora, deputy chair of the state special communications service, also said that there had been about 10 hostile hijackings of local government websites in Ukraine to spread false text propaganda saying his government had capitulated. He said most of Ukraine’s telecommunications and internet were fully operational.
Zhora told reporters in a teleconference that presumed Russian hackers continued to try to spread destructive malware in targeted email attacks on Ukrainian officials and — in what he considers a new tactic — trying to infect the devices of individual citizens.
Army of Cyber Hackers Rise Up to Back Ukraine
https://www.securityweek.com/army-cyber-hackers-rise-back-ukraine
An army of volunteer hackers is rising up in cyberspace to defend Ukraine, though internet specialists are calling on geeks and other “hacktivists” to stay out of a potentially very dangerous computer war.
According to Livia Tibirna, an analyst at cyber security firm Sekoia, nearly 260,000 people have joined the “IT Army” of volunteer hackers, which was set up at the initiative of Ukraine’s digital minister Mykhailo Fedorov.
The group, which can be accessed via the encrypted messaging service Telegram, has a list of potential targets in Russia, companies and institutions, for the hackers to target.
It’s difficult to judge the effect the cyber-army is having.
Russia Releases List of IPs, Domains Attacking Its Infrastructure with DDoS Attacks
https://thehackernews.com/2022/03/russia-releases-list-of-ips-domains.html
Russia Blocks Access to Facebook Over War
https://www.securityweek.com/russia-blocks-access-facebook-over-war
Russia’s state communications watchdog has ordered to completely block access to Facebook in Russia amid the tensions over the war in Ukraine.
The agency, Roskomnadzor, said Friday it decided to cut access to Facebook over its alleged “discrimination” of the Russian media and state information resources. It said the restrictions introduced by Facebook owner Meta on the RT and other state-controlled media violate the Russian law.
Cyberattack Knocks Thousands Offline in Europe
https://www.securityweek.com/cyberattack-knocks-thousands-offline-europe
Thousands of internet users across Europe have been thrown offline after what sources said Friday was a likely cyberattack at the beginning of Russia’s offensive in Ukraine.
According to Orange, “nearly 9,000 subscribers” of a satellite internet service provided by its subsidiary Nordnet in France are without internet following a “cyber event” on February 24 at Viasat, a US satellite operator of which it is a client.
Eutelsat, the parent company of the bigblu satellite internet service, also confirmed to AFP on Friday that around one-third of bigblu’s 40,000 subscribers in Europe, in Germany, France, Hungary, Greece, Italy and Poland, were affected by the outage on Viasat.
In the US, Viasat said on Wednesday that a “cyber event” had caused a “partial network outage” for customers “in Ukraine and elsewhere” in Europe who rely on its KA-SAT satellite.
Viasat gave no further details, saying only that “police and state partners” had been notified and were “assisting” with investigations.
General Michel Friedling, head of France’s Space Command said there had been a cyberattack.
Cybercriminals Seek to Profit From Russia-Ukraine Conflict
https://www.securityweek.com/cybercriminals-seek-profit-russia-ukraine-conflict
Dark web threat actors are looking to take advantage of the tensions between Russia and Ukraine, offering network access and databases that could be relevant to those involved in the conflict, according to a new report from Accenture.
Since mid-January, cybercriminals have started to advertise compromised assets relevant to the Russia-Ukraine conflict, and they are expected to increase their offering of databases and network access, with potentially crippling effects for the targeted organizations.
Just over a month ago, soon after the destructive WhisperGate attacks on multiple government, IT, and non-profit organizations in Ukraine, threat actors started to advertise on the dark web access to both breached networks and databases that allegedly contained personally identifiable information (PII).
Amid Russian invasion, Ukraine granted formal role with NATO cyber hub https://therecord.media/amid-russian-invasion-ukraine-granted-formal-role-with-nato-cyber-hub/
Ukraine was granted the formal role of “contributing participant” to the hub, known as the Cooperative Cyber Defence Centre of Excellence (CCDCOE), by its 27-member steering committee, the organization announced. “Ukraine’s presence in the Centre will enhance the exchange of cyber expertise, between Ukraine and CCDCOE member nations, ” Col.
Jaak Tarien, the institution’s director, said in a statement.
This Ukrainian cyber firm is offering hackers bounties for taking down Russian sites https://therecord.media/this-ukrainian-cyber-firm-is-offering-hackers-bounties-for-taking-down-russian-sites/
In the days following Russia’s invasion of Ukraine, dozens of hacking groups have taken sides in the conflict, launching attacks on various organizations and government institutions. Cyber Unit Technologies, a Kyiv-based cybersecurity startup, has been particularly outspoken on Tuesday, the company started a campaign to reward hackers for taking down Russian websites and pledged an initial $100, 000 to the program.
High Above Ukraine, Satellites Get Embroiled in the War
https://www.wired.com/story/ukraine-russia-satellites/
While the Russian invasion rages on the ground, companies that operate data-collecting satellites find themselves in an awkward position.
Some researchers are worried that the reliance on satellite imagery has given too much power to the companies that control this technology. “There’s companies like Maxar and Planet that are privately owned and they have the final say on whether or not they want to share the information, ” says Anuradha Damale. The role of private companies in conflicts such as Ukraine means commercial satellites could become targets. In the days before Russia invaded, US space officials warned satellite companies that the conflict could extend into space.
CISA Releases Advisory on Destructive Malware Targeting Organizations in Ukraine https://www.cisa.gov/uscert/ncas/current-activity/2022/02/26/cisa-releases-advisory-destructive-malware-targeting-organizations
CISA and the Federal Bureau of Investigation have released an advisory on destructive malware targeting organizations in Ukraine. The advisory also provides recommendations and strategies to prepare for and respond to destructive malware. Additionally, CISA has created a new Shields Up Technical Guidance webpage that details other malicious cyber activity affecting Ukraine. The webpage includes technical resources from partners to assist organizations against these threats.
Alert: https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
US firms should be wary of destructive malware unleashed on Ukraine, FBI and CISA warn – CNNPolitics
https://www.cnn.com/2022/02/26/politics/ukraine-malware-warning-cybersecurity-fbi-cisa/index.html
EU Activates Cyber Rapid Response Team Amid Ukraine Crisis
https://www.bankinfosecurity.com/eu-activates-cyber-rapid-response-team-amid-ukraine-crisis-a-18584
Amid rapid escalation in the Russia-Ukraine conflict derived from historical grievances and qualms with Ukraine’s plan to join the military alliance NATO, the world’s network defenders remain on high alert. And on Tuesday, the European Union confirmed that it will activate its elite cybersecurity team to assist Ukrainians if Russian cyberattacks occur.
UK alludes to retaliatory cyber-attacks on Russia
https://therecord.media/uk-alludes-to-retaliatory-cyber-attacks-on-russia/
The UK government alluded yesterday that it might launch offensive cyber operations against Russia if the Kremlin attacks UK computer systems after an invasion of Ukraine.
Amazon: Charities, aid orgs in Ukraine attacked with malware
https://www.bleepingcomputer.com/news/security/amazon-charities-aid-orgs-in-ukraine-attacked-with-malware/
Charities and non-governmental organizations (NGOs) providing critical support in Ukraine are targeted in malware attacks aiming to disrupt their operations and relief efforts seeking to assist those affected by Russia’s war. Amazon has detected these attacks while working with the employees of NGOs, charities, and aid organizations, including UNICEF, UNHCR, World Food Program, Red Cross, Polska Akcja Humanitarna, and Save the Children.
Ransomware Used as Decoy in Destructive Cyberattacks on Ukraine
https://www.securityweek.com/ransomware-used-decoy-destructive-cyberattacks-ukraine
Destructive ‘HermeticWiper’ Malware Targets Computers in Ukraine
https://www.securityweek.com/destructive-hermeticwiper-malware-targets-computers-ukraine
Just as Russia was preparing to launch an invasion of Ukraine, Ukrainian government websites were disrupted by DDoS attacks and cybersecurity firms reported seeing what appeared to be a new piece of malware on hundreds of devices in the country.
The new malware, dubbed “HermeticWiper” by the cybersecurity community, is designed to erase infected Windows devices. The name references a digital certificate used to sign a malware sample — the certificate was issued to a Cyprus-based company called Hermetica Digital.
“At this time, we haven’t seen any legitimate files signed with this certificate. It’s possible that the attackers used a shell company or appropriated a defunct company to issue this digital certificate,” explained endpoint security firm SentinelOne, whose researchers have been analyzing the new malware.
The malware has also been analyzed by researchers at ESET and Symantec. Each of the companies has shared indicators of compromise (IoCs) associated with HermeticWiper.
ESET first spotted HermeticWiper on Wednesday afternoon (Ukraine time) and the company said hundreds of computers in Ukraine had been compromised.
HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine https://www.sentinelone.com/labs/hermetic-wiper-ukraine-under-attack/
On February 23rd, the threat intelligence community began observing a new wiper malware sample circulating in Ukrainian organizations. Our analysis shows a signed driver is being used to deploy a wiper that targets Windows devices, manipulating the MBR resulting in subsequent boot failure. This blog includes the technical details of the wiper, dubbed HermeticWiper, and includes IOCs to allow organizations to stay protected from this attack. This sample is actively being used against Ukrainian organizations, and this blog will be updated as more information becomes available. Also:
https://www.welivesecurity.com/2022/02/24/hermeticwiper-new-data-wiping-malware-hits-ukraine/
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ukraine-wiper-malware-russia
https://www.bleepingcomputer.com/news/security/new-data-wiping-malware-used-in-destructive-attacks-on-ukraine/
HermeticWiper: A detailed analysis of the destructive malware that targeted Ukraine https://blog.malwarebytes.com/threat-intelligence/2022/03/hermeticwiper-a-detailed-analysis-of-the-destructive-malware-that-targeted-ukraine/
The day before the invasion of Ukraine by Russian forces on February 24, a new data wiper was unleashed against a number of Ukrainian entities. This malware was given the name “HermeticWiper” based on a stolen digital certificate from a company called Hermetica Digital Ltd. This wiper is remarkable for its ability to bypass Windows security features and gain write access to many low-level data-structures on the disk. In addition, the attackers wanted to fragment files on disk and overwrite them to make recovery almost impossible.
In Ukraine, Online Gig Workers Keep Coding Through the War
https://www.wired.com/story/gig-work-in-ukraine/
Freelancers or gig workers who piece together work on online platforms are a hidden engine of the Ukrainian economyand the world’s. They work as software engineers, project managers, IT technicians, graphic designers, editors, and copywriters. And they work for everyone.
Invading Russian forces have plunged freelancers’ home offices into chaos and uncertainty. Vlad, a video editor in southern Ukraine, says he’s grown accustomed to the air alarm signal, and hiding until it has passed. Now there are battles 30 miles from his home. “But as long as there is water, electricity, and internet, I can work, ” he says.
“Because we all need to live for something, eat
Leaving Russia? Experts Say Wipe Your Phone Before You Go
https://www.forbes.com/sites/thomasbrewster/2022/03/04/russians-escaping-putins-repression-urged-to-wipe-their-phones/
Russians fleeing President Vladimir Putin’s regime as it cracks down on anti-war sentimentand rumors of martial law grow louderare being advised to wipe their phones, especially of any traces of support for Ukraine. If they don’t, experts say they may face detention. They’re starting by deleting messages on Signal, Telegram or any app that promises security. For those leaving the country, they’re deleting the apps themselves, and urging others to do the same. Russian media has first-hand accounts of lengthy interrogations at the border, along with phone and laptop searches, though Forbes could not corroborate those claims.
Why ICANN Won’t Revoke Russian Internet Domains
The organization says cutting the country off would have “devastating” effects on the global internet system.
https://www.wired.com/story/why-icann-wont-revoke-russian-internet-domains/#intcid=_wired-bottom-recirc_8e802014-a05f-48c5-89e8-9dad931361ad_text2vec1-reranked-by-vidi
Ukraine on Monday asked ICANN to revoke Russian top-level domains such as .ru, .рф, and .su; to “contribute to the revoking for SSL certificates” of those domains; and to shut down DNS root servers in Russia. Fedorov argued that the requested “measures will help users seek for reliable information in alternative domain zones, preventing propaganda and disinformation.”
Ukraine’s request to cut Russia off from core parts of the internet has been rejected by the nonprofit group that oversees the Internet’s Domain Name System (DNS). CEO Göran Marby of the Internet Corporation for Assigned Names and Numbers (ICANN) said the group must “maintain neutrality and act in support of the global internet.”
“Our mission does not extend to taking punitive actions, issuing sanctions, or restricting access against segments of the internet—regardless of the provocations,” Marby wrote in his response to Ukraine Vice Prime Minister Mykhailo Fedorov.
https://www.icann.org/en/system/files/correspondence/marby-to-fedorov-02mar22-en.pdf
TikTok Was Designed for War
As Russia’s invasion of Ukraine plays out online, the platform’s design and algorithm prove ideal for the messiness of war—but a nightmare for the truth.
https://www.wired.com/story/ukraine-russia-war-tiktok/#intcid=_wired-bottom-recirc_8e802014-a05f-48c5-89e8-9dad931361ad_text2vec1-reranked-by-vidi
2,363 Comments
Tomi Engdahl says:
U.S. Security Vendors Launch Critical Infrastructure Defense Project
https://www.securityweek.com/us-security-vendors-launch-critical-infrastructure-defense-project
Amid rising Russia tensions, Cloudflare, CrowdStrike and Ping Identity offer free security for Critical National Infrastructure operators
Government warnings of heightened cyber risk to U.S. organizations as a by-product of the war in Ukraine are almost a daily occurrence. The government considers increased cyber activity aimed at U.S. and NATO organizations ‒ and particularly critical infrastructure organizations ‒ to be a serious threat.
CISA has a ‘Shields Up’ page that states, “While there are no specific or credible cyber threats to the U.S. homeland at this time, Russia’s unprovoked attack on Ukraine, which has involved cyber-attacks on Ukrainian government and critical infrastructure organizations, may impact organizations both within and beyond the region. Every organization—large and small—must be prepared to respond to disruptive cyber activity.”
You can see SecurityWeek’s take on how and why cyber threats could escalate from Ukraine into a formal or informal cyberwar here: Russia-Ukraine: Threat of Local Cyber Operations Escalating Into Global Cyberwar. Failing the rapid withdrawal of Russian troops from Ukraine, which doesn’t seem likely, it is difficult to see anything other than increased cyber activity aimed against the U.S. and its allies.
Tomi Engdahl says:
Russia-Ukraine: Threat of Local Cyber Operations Escalating Into Global Cyberwar
https://www.securityweek.com/russia-ukraine-threat-local-cyber-operations-escalating-global-cyberwar
The war in Ukraine is not following its expected course. The Russian army has not simply marched across the country, and the invasion was not accompanied by a massive increase in cyber operations aimed against Ukrainian critical infrastructure.
This could all change in a moment – but for now the Russia/Ukraine conflict is likely to redefine the relationship between kinetic and cyber warfare. It began as expected: an increase in military power at the border and an increase in cyber operations against Ukraine designed to prepare the battlefield.
Those cyber operations have continued but have not escalated to the extent expected. New destructive malware has been detected on Ukrainian computers, but for the most part they are targeted and not in themselves designed to cause widespread infrastructure damage. They started with WhisperGate detected by Microsoft in January, but have been followed by HermeticWiper, IsaacWiper, and FoxBlade (although there are some suggestions that HermeticWiper and FoxBlade are separate names for the same malware).
There is currently no public proof that these malwares are state operations – but it seems likely. Wipers do not offer criminal gangs an easy method of monetization. While they could be developed and used by ‘patriotic’ hackers wishing to further their own cause, all these examples were developed well ahead of the conflict.
Escalation could, of course, still occur. “The expectation that cyber activity by Russia against Ukraine will be ratcheted down now the invasion has begun is wrong,” Tim Kosiba (currently CEO at Bracket f, a company owned by [redacted], but a former technical director at U.S. Cyber Command) told SecurityWeek. But why it hasn’t yet, at least to the time of writing this, remains a mystery.
Tomi Engdahl says:
Joseph Menn / Washington Post:
Google: Russia’s Fancy Bear launched phishing campaigns against Ukrainians before the invasion and Belarus’ Ghostwriter targeted Ukrainian and Polish militaries — Belarus conducted widespread phishing attacks against members of the Polish military as well as Ukrainian officials …
Russia, Belarus conducted widespread phishing campaigns in Ukraine, Google says
The campaign included efforts to capture the longin credentials for Polish military sites.
https://www.washingtonpost.com/technology/2022/03/07/russia-belarus-conducted-widespread-phishing-campaigns-ukraine-google-says/
Tomi Engdahl says:
Map what happens in war
https://maphub.net/Cen4infoRes/russian-ukraine-monitor
Tomi Engdahl says:
Vital News! Musk just HUMILIATED Russia’s insane decision to STOP supplying rocket engines to the US
https://www.youtube.com/watch?v=Oqv92vlEYBM
In retaliation for Biden sanctions against Russia over Ukraine, Russia’s state space corporation has finally decided to stop supplying rocket engines to the United States.
“Let them fly on something else, their broomsticks”, Roscosmos chief challenged.
The decades-old space partnership between Russia and the US may be going up in smoke right now!
So, how bad is this happening?
Notably, how did Elon Musk humiliate this decision of Russia?
Importantly, what impact will this move of Dmitry Rogozin have on the US space industry and Russia as well?
Tomi Engdahl says:
The Invisible Battlefields Of The Russia-Ukraine War
https://hackaday.com/2022/03/07/the-invisible-battlefields-of-the-russia-ukraine-war/
Early in the morning of February 24th, Dr. Jeffrey Lewis, a professor at California’s Middlebury Institute of International Studies watched Russia’s invasion of Ukraine unfold in realtime with troop movements overlaid atop high-resolution satellite imagery. This wasn’t privileged information — anybody with an internet connection could access it, if they knew where to look. He was watching a traffic jam on Google Maps slowly inch towards and across the Russia-Ukraine border.
As he watched the invasion begin along with the rest of the world, another, less-visible facet of the emerging war was beginning to unfold on an ill-defined online battlefield. Digital espionage, social media and online surveillance have become indispensable instruments in the tool chest of a modern army, and both sides of the conflict have been putting these tools to use. Combined with civilian access to information unlike the world has ever seen before, this promises to be a war like no other.
Tomi Engdahl says:
Kybersota Ukrainassa – mitä on tapahtunut ja mitä tapahtuu seuraavaksi? https://www.is.fi/digitoday/tietoturva/art-2000008666529.html
Tomi Engdahl says:
Kybersota Ukrainassa – mitä on tapahtunut ja mitä tapahtuu seuraavaksi?
Huippuasiantuntijat käyvät läpi Ukrainan kybersodan tapahtumia.
https://www.is.fi/digitoday/tietoturva/art-2000008666529.html
Asiantuntijat: Tätä nähdään Ukrainan kybersodassa seuraavaksi
Kyberturvallisuuden asiantuntijoiden mukaan kybermaailmassa sodan rintamalinjat ovat entistäkin sumuisemmat.
https://www.is.fi/digitoday/tietoturva/art-2000008653212.html
Tomi Engdahl says:
Nettikatko paljastui kyberhyökkäykseksi – kohteena Ukrainan armeija?
https://www.is.fi/digitoday/tietoturva/art-2000008665052.html
Venäjän epäiltyjen kyberoperaatioiden vähäistä määrää Ukrainan sodassa on ihmetelty. Yksi sellainen kohdistui satelliittinettiyhteyksiin, kertoo Der Spiegel.
Venäjän aloittaman Ukrainan-sodan alkupäivinä tapahtunut laaja Viasatin satelliittiyhteyksien toimintahäiriö on paljastumassa kyberhyökkäykseksi. Isku kohdistui satelliittipohjaisiin internet-yhteyksiin, ja toteutettiin reitittimet toimintakyvyttömäksi tekevällä ohjelmistopäivityksellä, kertoo saksalaisiin hallituslähteisiin tukeutuva Der Spiegel.
Hyökkäyksen kohteena oli Viasatin KA-SAT-palvelu, jota käytetään runsaasti Itä-Euroopassa. Sitä käyttää myös Ukrainan armeija. Kyberhyökkäys aiheutti häiriöitä myös Saksan energiantuotannossa, sillä verkkoyhteys ainakin 3 000 tuulivoimalaan katkesi hyökkäyksessä. Tämä lienee ollut hyökkäyksen tahaton sivuvaikutus.
Tomi Engdahl says:
https://www.hs.fi/kotimaa/art-2000008667266.html ryssien gps häirintä kuuluu savonlinnaan asti
Tomi Engdahl says:
Suomen itärajalla havaittu gps-häiriöitä, Traficom varoittanut lentoliikennettä
Yksi lentoyhtiö ei ole alkuviikolla päässyt lainkaan laskeutumaan Savonlinnaan, koska se on kadottanut gps-signaalinsa.
https://www.hs.fi/kotimaa/art-2000008667266.html
SUOMEN itärajalla on havaittu viime päivinä gps-paikannuksessa häiriöitä, jotka ovat vaikuttaneet jo lentoliikenteeseenkin.
Liikenne- ja viestintävirasto Traficom varoitti lentoyhtiöitä asiasta maanantaina niin sanotulla NOTAM-viestillä. Se on ilmailussa yleisesti käytetty pikaviesti kaikille alueella lentäville operaattoreille ja tulee sanoista Notice to airmen.
Siinä kerrottiin lyhyesti, että gps-signaalissa on häiriöitä Suomen lentoalueen itäosissa eli käytännössä koko Suomen itärajalla. Se johtaa kysymykseen, onko gps-häiriöiden takana Venäjä.
TILANNE on johtanut jo siihen, että liettualaisen lentoyhtiö Transaviabaltican kone ei ole kolmeen päivään päässyt lentämään vuoronsa mukaista lentoa Tallinnasta Savonlinnaan, koska kone on HS:n tietojen mukaan joutunut aina kääntymään Kouvolan paikkeilta takaisin Tallinnaan.
Tomi Engdahl says:
Evaluation of Russia by Finnish Intelligence Colonel (subtitles) | December 3, 2018
https://www.youtube.com/watch?v=kF9KretXqJw
Martti J. Kari (former intelligence colonel in the Finnish Defence Forces): Russian strategic culture – Why Russia does things the way it does?
Viewer comments:
This was a great lecture. The insight to the russian people and way of conducting themselves was well explained and fascinating.
This is absolute gold for anyone trying to understand Russian thinking. I even understood most of it without English subtitles thanks to my childhood MTV3 and YLE tv watching. I really loved Masha Gessen’s books, she excellently describes the same problems. Greetings from Estonia!
I sit through hundreds of lectures each year., and this is hands down one of the best if not the best lecture I’ve seen in years.Thank you so much. This should be shared worldwide.
i am a Russian, and Im agree with 95% of this lecture, very accurate and truly – you described a mentality of all Russians over 30 y.o. nowadays. The new generate thinks differently, at least I see this
Incredibile lecture. Should be at school in every country. The finnish people have been side by side with russians always, but never could understand. No we can. Understand, but not agree. Really worth while!
Tomi Engdahl says:
HS: Suomen itärajalla GPS-häiriöitä – lentoliikennettä varoitettu
Suomen itärajalla on havaittu GPS-paikannushäiriöitä, jotka vaikuttavat lentoliikenteeseen, kertoo Helsingin Sanomat.
https://www.iltalehti.fi/kotimaa/a/f306199c-d9f6-41a0-9b89-67d165a95a9c
Suomen itärajalla on viime päivinä havaittu lentoliikenteeseenkin vaikuttaneita GPS-paikannuksen häiriöitä, kertoo Helsingin Sanomat.
Lehden mukaan Liikenne- ja viestintävirasto Traficom on varoittanut lentoyhtiöitä asiasta maanantaina.
Helsingin Sanomien mukaan GPS-häiriön johdosta liettualaisen lentoyhtiö Transaviabaltican kone ei ole kolmeen päivään päässyt lentämään vuoronsa mukaista lentoa Tallinnasta Savonlinnaan, koska se on kadottanut GPS-yhteytensä ja joutunut kääntymään takaisin. Asiasta kertoi jo aiemmin Itä-Savo.
Traficomin NOTAM-viestissä kerrottiin, että GPS-signaalissa on häiriöitä Suomen lentoalueen itäosissa eli käytännössä koko Suomen itärajalla.
Suomen itärajalla havaittu gps-häiriöitä, Traficom varoittanut lentoliikennettä
https://www.hs.fi/kotimaa/art-2000008667266.html
Yksi lentoyhtiö ei ole alkuviikolla päässyt lainkaan laskeutumaan Savonlinnaan, koska se on kadottanut gps-signaalinsa.
Savonlinnan aamulento Helsinkiin peruttiin – Kone ei ole päässyt laskeutumaan Savonlinnan lentokentälle
https://www.ita-savo.fi/paikalliset/4503991
Tomi Engdahl says:
IS:n kysely: Venäjän sotilaallinen uhka suomalaisten suurin huolenaihe – tutkija äimistelee valtavaa muutosta https://www.is.fi/politiikka/art-2000008667084.html
Tomi Engdahl says:
United Nations bans staff from using ‘war’ or ‘invasion’ regarding Ukraine
Email on communications policy reminds staff of their responsibility to ‘be impartial’
https://www.irishtimes.com/news/world/united-nations-bans-staff-from-using-war-or-invasion-regarding-ukraine-1.4821438
The United Nations has banned its staff from referring to the situation in Ukraine as a “war” or “invasion”, in a move to balance political sensitivities as powerful member state Russia cracks down domestically on those who use the words.
Instead, UN staff have been instructed to use the terms “conflict” or “military offensive” to describe Russia’s invasion of its neighbour, which has killed hundreds of civilians and forced two million to flee the country.
Tomi Engdahl says:
EU pyrkii eroon venäläisenergiasta: leikkaa kaksi kolmasosaa kaasuntuonnista tänä vuonna – IL seuraa sotaa
https://www.iltalehti.fi/ulkomaat/a/fac86480-df24-41b8-be6c-6ab6ff6476e4
Tomi Engdahl says:
Analyysi: Itä-Suomen lentoja haittaavat gps-häiriöt – tai häirintä
Gps:n häiriöt ovat harvinaisia. Nyt julkaistu Notam-tiedote lentäjille on ensimmäinen laatuaan.
https://suomenkuvalehti.fi/jutut/kotimaa/analyysi-ita-suomen-lentoja-haittaavat-gps-hairiot-tai-hairinta/
SUOMEN lennonvarmistustoimintaa pyörittävä Fintraffic Lennonvarmistus-yhtiö on julkaissut harvinaisen, lentäjille tarkoitetun Notam-tiedotteen. Sen mukaan Helsingin lentotiedotusalueen eli FIR:n itäisissä osissa on havaittu satelliittinavigointijärjestelmä gps:n häirintää (interference) maan pinnalta lentopinnalle 200 eli noin kuuden kilometrin korkeuteen.
Notam on voimassa tavanomaiseen tapaan kolme kuukautta eli kesäkuun 7. päivään saakka. Varoitus voidaan kuitenkin kumota ennen sitä, jos ongelman katsotaan poistuneen.
Tomi Engdahl says:
HS: Suomen itärajalla on havaittu gps-häiriöitä, jotka haittaavat lentoliikennettä – osa Savonlinnaan lentäneistä koneista on joutunut kääntymään pois
https://www.ksml.fi/uutissuomalainen/4505603
Tilanne on johtanut jo siihen, että liettualaisen lentoyhtiö Transaviabaltican kone ei ole kolmeen päivään päässyt lentämään vuoronsa mukaista lentoa Tallinnasta Savonlinnaan, koska kone on HS:n tietojen mukaan joutunut aina kääntymään Kouvolan kohdalla takaisin Tallinnaan.
Ylen mukaan häiriöitä on havaittu myös muun muassa Jyväskylässä ja Kuopiossa. Ylen haastattelema Traficomin ilmailusta vastaava johtaja Jari Pöntinen sanoo, että vian syy ei ole toistaiseksi selvinnyt.
YHTIÖN KONEET lentävät normaalisti useasti päivässä Savonlinnan ja Helsingin väliä.
Gps-häirintä nousi edellisen kerran esiin Suomessa vuoden 2018 lopussa, jolloin Norjassa oli käynnissä sotilasliitto Naton suuri sotaharjoitus Trident Juncture, johon myös Suomi osallistui.
Tekijäksi epäiltiin lännessä Venäjää, joka kiisti asian.
Tomi Engdahl says:
https://elsokilta.net/gps-hairinta/
Mitä GPS-järjestelmien häirinnällä voi saavuttaa?
Petri Kuparinen (12/2018)
Päämäärät voivat olla sotilaallisesti harkittuja tai hyvinkin arkisia.
Osana informaatio-operaatioita päämääriä voisi olla
– Voiman näyttö
– Muiden valtioiden haavoittuvuuksien tai suhtautumistavan testaus
– Huomion kiinnittäminen pois jostain muusta asiasta.
Yleensä hankitaan tietoa. Kyllähän se esimerkiksi on merkittävä tieto, pitäisikö ilmatila sulkea tai edes harkita sitä vai osataanko esimerkiksi Pohjoismaissa vielä liikkua, viestiä, siirtää rahaa, lentää tai käydä merta ilman satelliittipaikannusta ja sen yhteydessä tarjottua tarkkaa aikaa.
Häirinnän käyttö voi liittyä myös tekniseen testaukseen. Venäjä sanotaan ottavan käyttöön laajaa ohjustorjuntaan liittyvää satelliittipaikantamisjärjestelmien häirintäverkostoa (POLE-21). Sen testaus ja käytön harjoittelun voisi hyvinkin johtaa siihen, että strategisen suojattavan kohteen suunnasta lähtee ajoittain häirintäsignaalia taivaalle.
Miten laajalle alueelle häirintä voidaan kohdistaa?
Koska satelliitit kiertävät maata noin 20000 km korkeudessa ja ovat tehoresursseiltaan rajallisia, voi häiritsijä saavuttaa maan lähellä helposti valtavan tehoylivoiman. Jos häirintäetäisyys on 200 km, voi satelliitin tasoisella lähettimellä (teho kymmeniä watteja) saavuttaa kymmentuhatkertaisia tehotasoja kohdevastaanottimeen.
Oleellista on maanpinnan ja eri esteiden häirinnälle aiheuttama vaimennus ja satelliitin signaalin suojaustaso.
Kun häiritään maasta, häirintä vaikuttaa usein niin kauan, kun kohde on vapaassa tilassa eli radiohorisontin yläpuolella. Lentokone, joka lentää 10 km korkeudella, altistuu noin 400 km säteeltä tulevalle häirinnälle.
Vastaavasti jos häiritään lentokoneesta vaikkapa 6 km korkeudesta, häirintä vaikuttaa noin 300 km päähän.
Jos häiritään maasta maahan, maan pinnan läheisyys ja esteet vaimentavat häirintäsignaalia nopeasti. Tehoetu supistuu ja häirintävaikutus lakkaa usein jo 10-50 kilometrien päässä häiritsijästä. Korkeasta mastosta häirintä voi toki ulottua maastosta riippuen kauemmaksikin.
Jos halutaan vaikuttaa pintaan, on lähettimet siis edullista sijoittaa ilmaan. Esimerkiksi lennokilla voi 1000 m korkeudesta estää GPS:n käytön noin 80-120 km etäisyydelle käyttäessään kopioitua paikannussignaalia ja vähäistä esimerkiksi 10-100 W tehoa.
Vastaavasti jos halutaan häiritä matalalla lentäviä, teknisesti paremmin suojattuja risteilyohjuksia, on häirintälähetin nostettava ilmaan tai niitä on asennettava korkeisiin mastoihin säännöllisin välimatkoin. Jälkimmäinen tapa on valittu Venäjällä käyttöön (POLE-21).
Teknisesti häirintä voi myös vääristää paikkatietoa. Jos signaalia ei ole sekoitettu kohinaan salatulla koodilla, voivat häirintälähettimet matkia satelliitteja ja aiheuttaa tahdistusmuutoksilla paikannusvirheitä kohteelle.
Kaupallinen GPS on siis erittäin helppo häiritä varsinkin ammattitasoisilla laitteilla. Näin siis, jos häiritään kaupallista paikannussignaalia oikeanlaisella kopioidulla signaalilla.
Signaalin suojaus voi kuitenkin auttaa. Kaupallinen GPS-signaali on suojattu pieniltä häiriöiltä sekoittamalla se kohinaan. Kun signaali kootaan koodin tuntevassa vastaanottimessa, se vahvistuu noin 1000 kertaiseksi kohinaan ja myös kohinahäirintään nähden. Aiemman tehokilpailun ylivoima tasoittuu hieman.
Venäläisessä ohjustorjunnan häirintäkonseptissa (POLE-21) matkapuhelinoperaattoreiden mastoihin sijoitetaan tasaisin kymmenien kilometrien välein kauko-ohjattuja häirintälähettimiä.
Venäjän maavoimien ELSO-prikaatit, yhtymien ELSO-joukot, laivastojen ELSO-keskukset sekä erilaiset ilma-alukset on varustettu monipuolisesti häirintäjärjestelmillä.
ELSO-pataljoonien ja -komppanioiden Borisoglebsk-2 järjestelmäperheeseen kuuluu R-330 Zh, joka on ollut julkisessa keskustelussa esillä. Se on tehty häiritsemään UHF-alueella toimivia satelliitti- ja GSM-puhelimia ja soveltuu myös satelliittipaikannusjärjestelmien häirintään. Laitteen häirintäteho on kilowattien suuruusluokkaa ja siten varsin riittävä.
Koska useat maat ja sovellukset käyttävät rinnan esimerkiksi GPS/GLONASS paikannusta, häirintäjärjestelmät tehdään siten, että niillä voidaan häiritä yhtä tai useampaa paikannusjärjestelmää ml Galileo ja Kiinan Beidou. Laitteista riippuen voi tahattomasti häiriöityä usean paikannusjärjestelmän käyttö.
Yksinkertaisuudessaan häiritään silloin, kun sillä saavutetaan haittaa suurempi hyöty.
Tomi Engdahl says:
Asiantuntija: GPS-häirintä on harmittavan helppoa, signaalin voi peittää roskalla – “Netistä voi tilata laitteen muutamalla kympillä”
https://www.mtvuutiset.fi/artikkeli/asiantuntija-gps-hairinta-on-harmittavan-helppoa-signaalin-voi-peittaa-roskalla-netista-voi-tilata-laitteen-muutamalla-kympilla/7174292#gs.sbj2a7
Tomi Engdahl says:
Traficom: Itärajan läheisyydessä poikkeuksellisen paljon havaintoja GPS-häiriöistä https://www.is.fi/digitoday/art-2000008668739.html
Tomi Engdahl says:
Did UN Ban the Word ‘War’ Regarding Russia’s Invasion of Ukraine?
Staff were reportedly advised to instead use “conflict” or “military offensive.”
https://www.snopes.com/fact-check/un-ban-word-war-russia-ukraine/
Tomi Engdahl says:
Suomeenkin kohdistuu kybersodankäynnin merkkejä – Yhdysvaltain hallinnon tietoturva-asiantuntija: ”Liikenneheuristiikka on sekaisin”
Myös Nordean palvelunestohyökkäyksen epäillään olleen venäläistä alkuperää.
https://www.hs.fi/visio/art-2000008668762.html
Tomi Engdahl says:
https://en.wikipedia.org/wiki/2022_Russian_invasion_of_Ukraine
Tomi Engdahl says:
Joseph Menn / Washington Post:
Google: Russia’s Fancy Bear launched phishing campaigns against Ukrainians before the invasion and Belarus’ Ghostwriter targeted Ukrainian and Polish militaries — Belarus conducted widespread phishing attacks against members of the Polish military as well as Ukrainian officials …
https://www.washingtonpost.com/technology/2022/03/07/russia-belarus-conducted-widespread-phishing-campaigns-ukraine-google-says/
Tomi Engdahl says:
Ben Thompson / Stratechery:
Sanctions by US tech companies on Russia may have unintended consequences in India; the West could use chips as leverage to compel China to not sell to Russia
Tech and War
Posted onMonday, March 7, 2022
https://stratechery.com/2022/tech-and-war/
While it has been only 11 days since Russia invaded Ukraine, it is already clear that the long-term impact on the tech industry is going to be substantial. The goal of this Article is to explore what those implications might be.
Let me start with some caveats:
First, while I presume it goes without saying, I condemn Russia’s invasion of Ukraine in the strongest possible terms.
Second, the situation is obviously extremely fluid. My goal is to write about impacts that seem likely to endure, but some issues, particularly those involving China, could shift considerably.
Third, the long-term is inherently difficult to predict. Nearly every major event that has has happened over the last several years, from Donald Trump’s election, to COVID, to this invasion, was not only not anticipated by most people, but was in fact dismissed even after there were signs in place that they might occur. So take all of this with the appropriate grain of salt.
This Article is not about those public sanctions, by which I mean sanctions coming from governments (Noah Smith has a useful overview of their impact here); what is interesting to me is the extent to which these public sanctions have been accompanied by private sanctions by companies, including:
Apple has stopped selling its products in Russia (although still operates the App Store).
Microsoft has suspended all new sales of Microsoft products and services in Russia, and SAP and Oracle have suspended operations.
Google and Facebook suspended all advertising in Russia.
Activision Blizzard, Epic Games, EA, and CD Projekt suspended game sales in Russia.
Disney, Sony, and Warner Bros. paused film releases in Russia, and Netflix suspended its service.
Visa and Mastercard cut off Russia from their respective international payment networks, and PayPal suspended service.
Samsung stopped selling phones and chips, and Nvidia, Intel, and AMD also stopped selling chips to Russia.
This is an incomplete list! The key thing to note, though, is few if any of these actions were required by law; they were decisions made by individual companies.
Internet 3.0 and the Rise of Politics
Last January I wrote an article entitled Internet 3.0 and the Beginning of (Tech) History that argued that technology broadly has passed through two eras: 1.0 was the technological era, and 2.0 was the economic era.
The technological era was defined by the creation of the technical building blocks and protocols that undergird the Internet; there were few economic incentives beyond building products that people might want to buy, in part because few thought there was any money to be made on the Internet. That changed during the 2000s, as it became increasingly clear that the Internet provided massive returns to scale in a way that benefited both Aggregators and their customers.
There is no economic reason to ever leave this era, which leads many to assume we never will; services that are centralized work better for more people more cheaply, leaving no obvious product vector on which non-centralized alternatives are better. The exception is politics, and the point of that Article was to argue that we were entering a new era: the political era.
Go back to the two points I raised above:
If a country, corporation, or individual assumes that the tech platforms of another country are acting in concert with their enemy, they are highly motivated to pursue alternatives to those tech platforms even if those platforms work better, are more popular, are cheaper, etc.
If a country, corporation, or individual assumes that tech platforms are themselves engaged in political action, they are highly motivated to pursue alternatives to those tech platforms even if those platforms work better, are more popular, are cheaper, etc.
Semiconductors and China
China’s leading semiconductor foundry is the Semiconductor Manufacturing International Corporation — SMIC for short. While the majority of SMIC’s volume is on older 55nm and 65nm process nodes, the company has a sizable and growing business at the extremely popular 28nm node. The company has also recently started mass production of 14nm and has demonstrated the ability to build 7nm chips. Even so, the most cutting edge companies in China have long been used to buying their chips abroad, whether that be Intel chips for servers or contracting with TSMC for everything else.
Tomi Engdahl says:
Onko Telegram turvallinen? Sodan alusta kestänyt hiljaisuus rikkoutui https://www.is.fi/digitoday/tietoturva/art-2000008666954.html
Tomi Engdahl says:
https://krebsonsecurity.com/2022/03/internet-backbone-giant-lumen-shuns-ru/
Lumen Technologies, an American company that operates one of the largest Internet backbones and carries a significant percentage of the world’s Internet traffic, said today it will stop routing traffic for organizations based in Russia. Lumen’s decision comes just days after a similar exit by backbone provider Cogent, and amid a news media crackdown in Russia that has already left millions of Russians in the dark about what is really going on with their president’s war in Ukraine.
Tomi Engdahl says:
Venäjän ”tulivalmistelu” verkossa epäonnistui pahoin – tässä syyt https://www.is.fi/digitoday/tietoturva/art-2000008667365.html
Tomi Engdahl says:
In Ukraine, there is not only a war with conventional weapons, but also information networks.
Professor Jarno Limnéll and security expert Mikko Hyppönen discussed at Aalto University why
Russia’s “fire preparation” online failed badly compared to expectations that they had very good capabilities that could do a lot of damage.
Ukraine has been defending itself against cyber attacks for years. When a tight spot came, the defense held.
The functioning of Ukrainian society does not mean that there have been no attacks. Russia struck the Ukrainian regime with a destructive Hermetic Wiper cyberase 12 hours before the army’s attack.
According to Hyppönen, it seems that Russia has tried to completely disconnect Ukraine from the network. This was accompanied by an attack on satellite Internet connections, which acted as a backup system in Ukraine.
F-Secure’s research director Mikko Hyppönen says Ulraina is the best country in Europe to defend against cyber attacks.
- We, like Finland and Sweden, are defending themselves against theoretical scenarios. Ukraine has been defending itself against real attacks for 7 years now.
People in Ukraine have experience in identifying and repelling state attacks, Hyppönen says. Russia has hit many times Ukraine’s electricity generation and other information systems. Although Ukraine has a lot of know-how, it is largely burdened by an outdated software and hardware base and a shortage of money.
Ukraine is getting help from the rest of the world. For example, Microsoft found and neutralized a suspected Russian cyber attack.
As Ukraine’s communications are dominant, there are mostly contemptuous comments about the Russians ’cyber success.
The Conti and Trickbot groups, among others, are now hacking in favor of Russia.
Of the blackmail groups defending Russia, Lockbit withdrew its support from Russia due business reasons.
Some years ago NotPetya caused a lot of damage also outside Ukraine, among other things, it paralyzed the operations of the Danish logistics group Maersk. Hyppönen thinks this damage was intentional.
- NotPetya will contact the command server before doing any damage. Maersk was therefore an approved destination. The intention was to give a warning that this will happen to those who do business with Ukraine, Hyppönen says.
Source:
Venäjän ”tulivalmistelu” verkossa epäonnistui pahoin – tässä syyt
https://www.is.fi/digitoday/tietoturva/art-2000008667365.html
Tomi Engdahl says:
VM:n kansliapäällikkö: Ukrainan sodan hintalappua Suomelle ei vielä ymmärretä – “Vanhan velan päälle pitää ottaa uutta velkaa”
https://www.iltalehti.fi/politiikka/a/7f5d8441-6952-4be8-b1a5-555d69bb336d
Valtiovarainministeriön kansliapäällikkö Juha Majanen kertoo Iltalehden haastattelussa, mihin Suomen ja suomalaisten on syytä varautua Venäjän aloittaman hyökkäyssodan aiheuttamassa talousturbulenssissa.
Moni kansalainen on jo pannut merkille bensapumpulla, kaupassa tai energialaskuja maksaessaan hintojen rajun nousun ja rahan ostovoiman heikkenemisen, eli inflaation. Ennakkotietojen mukaan euroalueen kokonaisinflaatio oli helmikuussa lähes 6 prosenttia, iso osa siitä johtui energian hinnan noususta.
Venäjän hyökkäys Ukrainaan on lisännyt epävarmuutta talousnäkymissä. Esimerkiksi Helsingin pörssi on laskenut vuoden alusta yli 20 prosenttia, kun muualla maailmassa alamäki on pysytellyt yli puolet loivempana. Moni ulkomaalaisomistaja on säikähtynyt Suomen sijaintia Venäjän naapurimaana ja myynyt ”maariskin” vuoksi osakkeitaan.
Velkaa jo 7,6 miljardia
Iltalehden tietojen mukaan armeijaa on ohjeistettu käyttämään tämän vuoden budjettia lisähankintoihin, jotka on hyvä tehdä saman tien, ennen kuin kansainvälinen markkinatilanne heikentää hankintaketjuja.
Sen jälkeen toukokuussa eduskunnalle annettavassa lisäbudjetissa voidaan paikata Puolustusvoimien tämän vuoden budjettiin syntynyttä rahavajetta. Myös huoltovarmuuden vahvistamiseksi – kuten maatalouden omavaraisuuden turvaamiseksi – voidaan tarvittaessa käyttää toukokuun lisäbudjettia.
Valtionvelan määrän hallitus arvioi helmikuussa olevan tämän vuoden lopussa noin 136 miljardia euroa, mikä on noin 52 prosenttia suhteessa bruttokansantuotteeseen.
Ensi vuoden budjetin osalta painetta menokehysten ylittämiseksi on jo noin miljardin euron verran, ilman mitään Venäjän aiheuttamaa kriisiäkin.
Iltalehden tietojen mukaan Venäjän hyökkäyksestä koituu noin parin sadan miljoonan euron lisämenopaineet huhtikuun kehysneuvotteluihin. Ne kohdistuvat etenkin puolustusmenoihin, kyberturvallisuuden parantamiseen sekä huoltovarmuuden vahvistamiseen.
Valtiovarainministeriön kansliapäällikkö Juha Majasen mukaan Venäjän hyökkäys Ukrainaan on kriisi, joka vaikuttaa yhteiskunnan kaikilla sektoreilla, mutta nostaa talouden merkityksen uuteen rooliin.
– Tässä uudessa tilanteessa ei voi enää luottaa siihen, että velalla ei ole mitään väliä, Majanen sanoo.
Kansliapäällikkö muistuttaa, että keväällä 2020 alkaneeseen koronakriisiin mentiin vuonna 2008 alkaneen finanssikriisin seuranneesta hitaan talouskasvun ajasta.
– Talouden näkökulmasta nyt ei ole tarvetta mihinkään elvytykseen, koska talous on yhä kasvussa, mutta nyt on tarve luoda tulevaa kasvupotentiaalia turvaamalla t&k-rahojen nykyinen taso myös ensi vuonna ja sen jälkeen vielä lisätä rahoitusta.
Tomi Engdahl says:
Cloudflare to auto-brick servers that go offline in Ukraine, Russia https://www.bleepingcomputer.com/news/security/cloudflare-to-auto-brick-servers-that-go-offline-in-ukraine-russia/
To protect client data during the ongoing conflicts, Cloudflare has removed all customer encryption keys from data centers located in Ukraine, Russia, and Belarus, and deployed its “Keyless SSL”
technology. This technology enables organizations to use a cloud vendor for SSL/TLS encryption without giving them the master key. The system moves the private key handshake off of the vendor’s server and replaces it with secure “session keys”. The second measure is the addition of a forceful configuration on all servers located in Ukraine, Belarus, and Russia, to automatically brick in the case of a power loss or internet connection disruption.
Tomi Engdahl says:
Chinese Hackers Launch Attacks On European Officials In Russia-Ukraine War https://www.forbes.com/sites/thomasbrewster/2022/03/08/chinese-hackers-ramp-up-europe-attacks-in-time-with-russia-ukraine-war/
Google reported on Monday that a Chinese group called Mustang Panda targeted European entities with lures related to Russia’s invasion of Ukraine. The company’s Threat Analysis Group (TAG) spotted phishing emails with malicious attached files with names such as ‘Situation at the EU borders with Ukraine.zip’. Google said it had also seen Russian and Belarusian groups launching attacks centered on the Ukraine invasion. One, dubbed FancyBear or APT28, was previously attributed to Russia’s GRU intelligence agency. According to Google, it’s now launched “several large credential phishing campaigns targeting ukr.net users.” UkrNet is a Ukrainian media organization.
Tomi Engdahl says:
The Good, the Bad, and the Web Bug: TA416 Increases Operational Tempo Against European Governments as Conflict in Ukraine Escalates https://www.proofpoint.com/us/blog/threat-insight/good-bad-and-web-bug-ta416-increases-operational-tempo-against-european
Proofpoint researchers have identified ongoing activity by the China-aligned APT actor TA416 in which the group is targeting European diplomatic entities, including an individual involved in refugee and migrant services. This targeting is consistent with other activity reported by Proofpoint, showing an interest in refugee policies and logistics across the APT actor landscape which coincides with increased tensions and now armed conflict between Russia and Ukraine.
Tomi Engdahl says:
Concerns raised over bug disclosure program aimed at tackling Russia’s propaganda machine’
https://portswigger.net/daily-swig/concerns-raised-over-bug-disclosure-program-aimed-at-tackling-russias-propaganda-machine
Ethical hackers are being invited to unearth critical vulnerabilities in the digital infrastructure of both the Ukrainian and Russian governments. HackenProof, the Estonia-based bug bounty platform, said bugs reported in a vulnerability disclosure program (VDP) focused on Ukrainian assets will be sent to the Ukrainian authorities for remediation in order to bolster the nation against cyber-aggression from Russia or elsewhere. Mikko Hyppönen, chief research officer for Finnish cybersecurity firm F-Secure, told The Daily Swig: “There doesn’t seem to be any question about what HackenProof is doing: they are straight up promoting attacks against Russian targets, including DDoS against systems of Russian Railways.
Tomi Engdahl says:
The Media Environment and Domestic Public Opinion in China Toward Russia’s War On Ukraine https://www.recordedfuture.com/media-environment-domestic-public-opinion-china-russias-war-ukraine/
Ultimately, China’s position is more supportive of Russia than not.
The result is that official public messaging domestically has downplayed Russia’s war on Ukraine, limited coverage of anti-war protests overseas, and suppressed dissenting sentiment within China.
Editor’s Note: The research presented below was conducted during the week of February 28, with collection and conclusions finalized on March 3. While relevant information regarding China’s official position and media environment towards the conflict in Ukraine continues to come to light, we believe our findings are an accurate representation of the situation at the time this report was written and likely continue to be accurate as of the publication date.
Tomi Engdahl says:
Traficom: Itärajan läheisyydessä poikkeuksellisen paljon havaintoja GPS-häiriöistä https://www.is.fi/digitoday/art-2000008668739.html
Häiriöiden vuoksi liettualaisen Transavibaltikan kone ei ole päässyt kolmeen päivään lentämään Tallinnasta Savonlinnaan. Asiasta aiemmin kertoneen Helsingin Sanomien tietojen mukaan kone oli joutunut aina Kouvolan tienoilla kääntymään takaisin kadotettuaan GPS-signaalin.
Häiriöt alkoivat viikonloppuna ja jatkuvat edelleen. Traficom ei toistaiseksi tiedä häiriön syytä tai aiheuttajaa, mutta seuraa tilannetta ja kerää asiasta lisätietoja. Tiedote:
https://www.traficom.fi/fi/ajankohtaista/gps-hairioista-tehty-havaintoja-itarajan-laheisyydessa-poikkeuksellisen-paljon
Tomi Engdahl says:
New RURansom Wiper Targets Russia
https://www.trendmicro.com/en_us/research/22/c/new-ruransom-wiper-targets-russia.html
On March 1, a tweet from MalwareHunterTeam about a possible ransomware variant caught our attention and set our immediate analysis into motion. We found several additional samples of this malware, which has been dubbed as “RURansom” by its developer. Despite its name, analysis has revealed it to be a wiper and not a ransomware variant because of its irreversible destruction of encrypted files. We detected different versions of the malware between February 26 and March 2, 2022. Upon further analysis, we have learned more details about its capabilities.
Tomi Engdahl says:
Conti Ransomware source code: a well-designed COTS ransomware https://yoroi.company/research/conti-ransomware-source-code-a-well-designed-cots-ransomware/
Across all the leaked material, there was also the Conti ransomware encryptor source code. We obtain a copy of such code and analyze it to figure out how this world-class ransomware threat code and prepare their cyber arsenal, with the objective to identify patterns in their operating model that may be useful for defenders to fight back Conti, and the other ransomware actors operating likewise:. this organized criminal group heavily rely on malicious codebase leaked in the past, such as the Carberp malware source code leaked back in 2013, in the past also used as the foundation for the Carbanak backdoor.
Tomi Engdahl says:
Michael M. Grynbaum / New York Times:
The New York Times temporarily removes its journalists from Russia in response to the law that effectively renders independent reporting in the country illegal — Other news organizations, like the BBC and Bloomberg, have suspended their operations in Russia in response to a new law that effectively criminalizes independent reporting
https://www.nytimes.com/2022/03/08/business/media/new-york-times-russia-press-freedom.html
Tomi Engdahl says:
Joseph Cox / VICE:
Twitter launches a Tor onion service using a modified version of the Enterprise Onion Toolkit, letting users access Twitter via any Tor-compatible browser — The site may become the most significant onion service created if it allows people to access Twitter from censored countries. — Joseph Cox
Twitter Launches Tor Onion Service Making Site Easier to Access in Russia
https://www.vice.com/en/article/v7dqxd/twitter-tor-onion-service-dark-web-version
The site may become the most significant onion service created if it allows people to access Twitter from censored countries.
Tomi Engdahl says:
Washington Post:
As Western tech companies react to sanctions, Russian streamers on Twitch, gig workers on Upwork, and creators on OnlyFans have all lost their livelihoods — When Arina, a 22-year-old illustrator in Russia, first started using the freelance work platform Upwork last year, it changed her life.
Tens of thousands of Russian gig workers left behind as tech platforms pull out
U.S. tech companies are scrambling to react to sanctions and public pressure after Russia’s invasion of Ukraine
https://www.washingtonpost.com/technology/2022/03/08/gigwork-russia/
Tomi Engdahl says:
Karen Weise / New York Times:
Amazon stops letting customers in Russia and Belarus open AWS accounts; AWS says its biggest customers in Russia are multinational firms with local dev teams — The policy change for Amazon Web Services started over the weekend but was not publicly announced until Tuesday.
https://www.nytimes.com/2022/03/08/technology/amazon-web-services-russia.html
Tomi Engdahl says:
Karissa Bell / Engadget:
Instagram will down-rank Russian state media posts, label the posts to discourage sharing, and hide follower details for private Ukraine and Russia accounts
Instagram is demoting Russian state media accounts and labeling their posts
The app will discourage users from sharing content from Russian state media.
https://www.engadget.com/instagram-down-rank-russian-state-media-175749253.html
Tomi Engdahl says:
Instagram warns users who share Russian state media, hides following lists in Russia and Ukraine
https://techcrunch.com/2022/03/08/instagram-russia-ukraine-mutual-follows-stories/?tpcc=tcplusfacebook
Instagram announced Tuesday that it would implement steps to dampen Russian government propaganda and protect the privacy of users across Ukraine and Russia.
The company will begin downranking posts from Russian state-affiliated media, placing any stories from those outlets below other content from other sources. Users who go to share stories originating with any of these accounts will now see a pop-up message cautioning them against spreading “Russia state-controlled media.”
Tomi Engdahl says:
Russia’s war on Ukraine is dire for world hunger. But there are solutions
https://www.npr.org/sections/goatsandsoda/2022/03/06/1083769798/russias-war-on-ukraine-is-dire-for-world-hunger-but-there-are-solutions
Tomi Engdahl says:
Ukrainan sota ahdistaa suomalaisia – kriisipuhelimeen ennätysmäärä soittoja, pahimmillaan sairauslomia
Pahimmillaan kriisi on johtanut jopa sairauslomiin, kertoo Mieli ry.
https://www.iltalehti.fi/kotimaa/a/34949b8e-9bec-47cc-808f-627427e7647d
Venäjän hyökkäys Ukrainaan on järkyttänyt ja ahdistanut ihmisiä. Se näkyy Mieli ry:n Kriisipuhelimen ja Sekasin-chatin keskusteluissa.
Monilla Ukrainan kriisin tuoma ahdistus on heikentänyt toimintakykyä tai pahentanut mielenterveyden ongelmia. Osalla ahdistus on johtanut myös jopa sairauslomiin.
Soittajilla on ollut monenlaisia pelkoja sodan leviämisestä Suomeen, huolta maailmansodasta ja ydinsodan uhasta. Puheluissa on pohdittu myös hyvin konkreettisia asioita, kuten väestönsuojien riittävyyttä. Yksittäisiä puheluja on tullut myös liittyen huoleen läheisistä Ukrainassa ja Venäjällä.
Tomi Engdahl says:
Mihin Suomen tulee nyt varautua Venäjän suhteen? Asiantuntija kertoo suorassa lähetyksessä
Ulkopoliittisen instituutin johtava tutkija Charly Salonius-Pasternak antaa arvionsa Venäjän aikeista ja Ukrainan sodan viime hetken käänteistä ja niiden vaikutuksesta myös Suomeen suorassa Sensuroimaton Päivärinta -lähetyksessä.
https://www.iltalehti.fi/iltv-paivarinta/a/f42208bc-ec1c-4a8b-be6d-104445ae9f1c
Tomi Engdahl says:
internet’ on March 11
Technology in Vehicles
Elon Musk has been asked to ‘turn off’ all Tesla’s in Russia
Elon Musk has received multiple requests to disable ALL Tesla vehicles in Russia because of the Ukraine invasion, a ‘tech embargo’
Read more: https://www.tweaktown.com/news/84950/elon-musk-has-been-asked-to-turn-off-all-teslas-in-russia/index.html
Tomi Engdahl says:
Decent article. I agree with the ICANN stance (No, do not cut off their IP or namespace). As well this digs into Runet, which has been looming for some time.
Russia-Ukraine: Is internet on verge of break-up?
https://www.bbc.com/news/technology-60661987