Ukraine and Russia seems to be at the moments on both traditional and cyber war. We could call that hybrid warfare. We are at a cyber war. Countless examples exist of damage to infrastructure from hostile acts via computer attacks. Russia’s invasion of Ukraine has been a hybrid war from the start, a mix of conventional military strategy — traditional “boots on the ground” — and a slightly more unconventional, digital or cyberwar. On the morning of February 22, 2022, the world woke to the news that Russia had moved troops into two separatist regions of eastern Ukraine. Russia started to conduct attacks to Ukraine on February 24. Before physical attacks Russia did several cyber attacks towards IT systems in Ukraine.
Here are links to some material on the cyber side of this war:
How the Eastern Europe Conflict Has Polarized Cyberspace
https://blog.checkpoint.com/2022/02/27/how-the-eastern-europe-conflict-polarized-cyberspace/
The war between Russia and Ukraine is advancing. People everywhere are deciding who they will support. The same dynamic happens in the cyberspace. Hacktivists, cybercriminals, white hat researchers or even technology companies are picking a clear side, emboldened to act on behalf of their choices. Historically, Russia has had superiority over Ukraine in the cyberspace. And last week, Ukraine was attacked by destructive wiping malware. However, the situation is starting to change, as most of the non-nation cyber state actors are taking the side of Ukraine. To defend itself, the Ukrainian government has created an international IT army of hacktivists.
As war escalates in Europe, it’s ‘shields up’ for the cybersecurity industry
https://techcrunch.com/2022/03/02/as-war-escalates-in-europe-its-shields-up-for-the-cybersecurity-industry/
In unprecedented times, even government bureaucracy moves quickly. As a result of the heightened likelihood of cyberthreat from Russian malactor groups, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) — part of the Department of Homeland Security — issued an unprecedented warning recommending that “all organizations — regardless of size — adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.”
Digital technology and the war in Ukraine
https://blogs.microsoft.com/on-the-issues/2022/02/28/ukraine-russia-digital-war-cyberattacks/
All of us who work at Microsoft are following closely the tragic, unlawful and unjustified invasion of Ukraine. This has become both a kinetic and digital war, with horrifying images from across Ukraine as well as less visible cyberattacks on computer networks and internet-based disinformation campaigns. We are fielding a growing number of inquiries about these aspects and our work, and therefore we are putting in one place a short summary about them in this blog. This includes four areas: protecting Ukraine from cyberattacks; protection from state-sponsored disinformation campaigns; support for humanitarian assistance; and the protection of our employees.. Also:
https://threatpost.com/microsoft-ukraine-foxblade-trojan-hours-before-russian-invasion/178702/
Ukraine: Cyberwar creates chaos, ‘it won’t win the war’
https://www.dw.com/en/ukraine-cyberwar-creates-chaos-it-wont-win-the-war/a-60999197
There have been at least 150 cyberattacks in Ukraine since Russia’s invasion. Their effect is mainly psychological, and experts say they won’t decide the war.
Russia’s invasion of Ukraine has been a hybrid war from the start, a mix of conventional military strategy — traditional “boots on the ground” — and a slightly more unconventional, digital or cyberwar.
The global technology company Microsoft has said its Threat Intelligence Center (MSTIC) detected “destructive cyberattacks directed against Ukraine’s digital infrastructure” hours before the first launch of missiles or movement of tanks on February 24.
Those attacks, which Microsoft dubbed FoxBlade, included so-called wipers — malicious software or malware — that make their way inside computer networks and literally wipe the data from all connected devices.
Cybersecurity experts in Germany have said there have been over a hundred cyberattacks, in various forms, since then. But their effect has mainly been psychological.
Why Russia Hasn’t Launched Major Cyber Attacks Since the Invasion of Ukraine
https://time.com/6153902/russia-major-cyber-attacks-invasion-ukraine/
In the relatively short and rapidly evolving history of cyber conflict, perhaps nothing has been established with greater certainty and more widely accepted than the idea that Russia has significant cyber capabilities and isn’t afraid to use them—especially on Ukraine. In 2015, Russian government hackers breached the Ukrainian power grid, leading to widespread outages. In 2017, Russia deployed the notorious NotPetya malware via Ukrainian accounting software and the virus quickly spread across the globe costing businesses billions of dollars in damage and disruption.
As tensions escalated between Russia and Ukraine, many people were expecting the conflict to have significant cyber components.
But as the invasion continues with few signs of any sophisticated cyber conflict, it seems less and less likely that Russia has significant cyber capabilities in reserve, ready to deploy if needed. Instead, it begins to look like Russia’s much vaunted cyber capabilities have been neglected in recent years, in favor of developing less expensive, less effective cyber weapons that cause less widespread damage and are considerably easier to contain and defend against. For instance, many of the cyberattacks directed at Ukraine in the past month have been relatively basic distributed denial-of-service attacks.
Given Russia’s past willingness to deploy cyberattacks with far-reaching, devastating consequences, it would be a mistake to count out their cyber capabilities just because they have so far proven unimpressive. And it’s all but impossible to prove the absence of cyber weapons in a nation’s arsenal. But the longer the conflict goes on without any signs of sophisticated cyber sabotage, the more plausible it becomes that the once formidable Russian hackers are no longer playing a central role in the country’s military operations.
Crowd-sourced attacks present new risk of crisis escalation
https://blog.talosintelligence.com/2022/03/ukraine-update.html
An unpredictable and largely unknown set of actors present a threat to organizations, despite their sometimes unsophisticated techniques.
Customers who are typically focused on top-tier, state-sponsored attacks should remain aware of these highly motivated threat actors, as well. Misattribution of these actors carries the risk of nations escalating an already dangerous conflict in Ukraine. Based on data from our fellow researchers at Cisco Kenna, customers should be most concerned about threat actors exploiting several recently disclosed vulnerabilities, highlighting the importance of consistently updating software and related systems.
Russia, Ukraine and the Danger of a Global Cyberwar
https://www.securityweek.com/russia-ukraine-and-danger-global-cyberwar
On the morning of February 22, 2022, the world woke to the news that Russia had moved troops into two separatist regions of eastern Ukraine. At the time of writing, it is not yet a full invasion of Ukraine, but Russia did conduct attacks on February 24, hitting cities with airstrikes and artillery in what was called a “special military operation” by Russian President Vladamir Putin.
Russia has been waging its own cyberwar against Ukraine for many years.
Since the beginning of 2022, however, it seems that Russian cyber activity against Ukraine has increased. This includes evidence that wiper malware has again disrupted some Ukrainian government networks, and attacks from the FSB-linked Gamaredon have targeted around 5,000 entities, including critical infrastructure and government departments. So far, however, there has not been the same scale of disruption as occurred in 2015, 2016 and 2017.
The purpose of such cyber activity is to weaken critical infrastructure, damage government’s ability to respond to any aggression, and to demoralize the population.
The U.S. has been warning the rest of the world against a potential widening scope of Russian cyber activity, and that cyber defenses generally should be tightened.
“Part of the worry,” said Willett, “is that cyberattacks against Ukraine might bleed over, like NotPetya, to affect other countries and cause wider damage unintentionally. There is some concern that the Russians may intentionally do stuff more widely, but that would probably be in retaliation for something that the U.S. or NATO might do.
This raises the whole question of ‘attribution’. The received belief is it is impossible to do accurate cyber attribution. ““It would be a mistake for any one nation to think it could attack another without being known,” said Willett.That is absolutely wrong,” said Willett.
But accidents happen. The two iconic cyberweapons have been Stuxnet and NotPetya. It is assumed that the U.S. developed Stuxnet (although this has never been admitted). NotPetya has been confidently attributed to the Russian government. Both malwares escaped from their assumed targets into the wider world. This was probably accidental – but similar accidents could lead to wider implications during a period of global geopolitical tension.
On the morning of February 24, 2022, Russian troops invaded Ukraine. This was accompanied by a further increase in cyber activity.
Ukraine Digital Army Brews Cyberattacks, Intel and Infowar
https://www.securityweek.com/ukraine-digital-army-brews-cyberattacks-intel-and-infowar
Formed in a fury to counter Russia’s blitzkrieg attack, Ukraine’s hundreds-strong volunteer “hacker” corps is much more than a paramilitary cyberattack force in Europe’s first major war of the internet age. It is crucial to information combat and to crowdsourcing intelligence.
Inventions of the volunteer hackers range from software tools that let smartphone and computer owners anywhere participate in distributed denial-of-service attacks on official Russian websites to bots on the Telegram messaging platform that block disinformation, let people report Russian troop locations and offer instructions on assembling Molotov cocktails and basic first aid.
The movement is global, drawing on IT professionals in the Ukrainian diaspora whose handiwork includes web defacements with antiwar messaging and graphic images of death and destruction in the hopes of mobilizing Russians against the invasion.
The cyber volunteers’ effectiveness is difficult to gauge. Russian government websites have been repeatedly knocked offline, if briefly, by the DDoS attacks, but generally weather them with countermeasures.
It’s impossible to say how much of the disruption — including more damaging hacks — is caused by freelancers working independently of but in solidarity with Ukrainian hackers.
A tool called “Liberator” lets anyone in the world with a digital device become part of a DDoS attack network, or botnet. The tool’s programmers code in new targets as priorities change.
Ukraine Cyber Official: We Only Attack Military Targets
https://www.securityweek.com/ukraine-cyber-official-we-only-attack-military-targets
A top Ukrainian cybersecurity official said Friday a volunteer army of hundreds of hackers enlisted to fight Russia in cyberspace is attacking only what it deems military targets, prioritizing government services including the financial sector, Kremlin-controlled media and railways.
Victor Zhora, deputy chair of the state special communications service, also said that there had been about 10 hostile hijackings of local government websites in Ukraine to spread false text propaganda saying his government had capitulated. He said most of Ukraine’s telecommunications and internet were fully operational.
Zhora told reporters in a teleconference that presumed Russian hackers continued to try to spread destructive malware in targeted email attacks on Ukrainian officials and — in what he considers a new tactic — trying to infect the devices of individual citizens.
Army of Cyber Hackers Rise Up to Back Ukraine
https://www.securityweek.com/army-cyber-hackers-rise-back-ukraine
An army of volunteer hackers is rising up in cyberspace to defend Ukraine, though internet specialists are calling on geeks and other “hacktivists” to stay out of a potentially very dangerous computer war.
According to Livia Tibirna, an analyst at cyber security firm Sekoia, nearly 260,000 people have joined the “IT Army” of volunteer hackers, which was set up at the initiative of Ukraine’s digital minister Mykhailo Fedorov.
The group, which can be accessed via the encrypted messaging service Telegram, has a list of potential targets in Russia, companies and institutions, for the hackers to target.
It’s difficult to judge the effect the cyber-army is having.
Russia Releases List of IPs, Domains Attacking Its Infrastructure with DDoS Attacks
https://thehackernews.com/2022/03/russia-releases-list-of-ips-domains.html
Russia Blocks Access to Facebook Over War
https://www.securityweek.com/russia-blocks-access-facebook-over-war
Russia’s state communications watchdog has ordered to completely block access to Facebook in Russia amid the tensions over the war in Ukraine.
The agency, Roskomnadzor, said Friday it decided to cut access to Facebook over its alleged “discrimination” of the Russian media and state information resources. It said the restrictions introduced by Facebook owner Meta on the RT and other state-controlled media violate the Russian law.
Cyberattack Knocks Thousands Offline in Europe
https://www.securityweek.com/cyberattack-knocks-thousands-offline-europe
Thousands of internet users across Europe have been thrown offline after what sources said Friday was a likely cyberattack at the beginning of Russia’s offensive in Ukraine.
According to Orange, “nearly 9,000 subscribers” of a satellite internet service provided by its subsidiary Nordnet in France are without internet following a “cyber event” on February 24 at Viasat, a US satellite operator of which it is a client.
Eutelsat, the parent company of the bigblu satellite internet service, also confirmed to AFP on Friday that around one-third of bigblu’s 40,000 subscribers in Europe, in Germany, France, Hungary, Greece, Italy and Poland, were affected by the outage on Viasat.
In the US, Viasat said on Wednesday that a “cyber event” had caused a “partial network outage” for customers “in Ukraine and elsewhere” in Europe who rely on its KA-SAT satellite.
Viasat gave no further details, saying only that “police and state partners” had been notified and were “assisting” with investigations.
General Michel Friedling, head of France’s Space Command said there had been a cyberattack.
Cybercriminals Seek to Profit From Russia-Ukraine Conflict
https://www.securityweek.com/cybercriminals-seek-profit-russia-ukraine-conflict
Dark web threat actors are looking to take advantage of the tensions between Russia and Ukraine, offering network access and databases that could be relevant to those involved in the conflict, according to a new report from Accenture.
Since mid-January, cybercriminals have started to advertise compromised assets relevant to the Russia-Ukraine conflict, and they are expected to increase their offering of databases and network access, with potentially crippling effects for the targeted organizations.
Just over a month ago, soon after the destructive WhisperGate attacks on multiple government, IT, and non-profit organizations in Ukraine, threat actors started to advertise on the dark web access to both breached networks and databases that allegedly contained personally identifiable information (PII).
Amid Russian invasion, Ukraine granted formal role with NATO cyber hub https://therecord.media/amid-russian-invasion-ukraine-granted-formal-role-with-nato-cyber-hub/
Ukraine was granted the formal role of “contributing participant” to the hub, known as the Cooperative Cyber Defence Centre of Excellence (CCDCOE), by its 27-member steering committee, the organization announced. “Ukraine’s presence in the Centre will enhance the exchange of cyber expertise, between Ukraine and CCDCOE member nations, ” Col.
Jaak Tarien, the institution’s director, said in a statement.
This Ukrainian cyber firm is offering hackers bounties for taking down Russian sites https://therecord.media/this-ukrainian-cyber-firm-is-offering-hackers-bounties-for-taking-down-russian-sites/
In the days following Russia’s invasion of Ukraine, dozens of hacking groups have taken sides in the conflict, launching attacks on various organizations and government institutions. Cyber Unit Technologies, a Kyiv-based cybersecurity startup, has been particularly outspoken on Tuesday, the company started a campaign to reward hackers for taking down Russian websites and pledged an initial $100, 000 to the program.
High Above Ukraine, Satellites Get Embroiled in the War
https://www.wired.com/story/ukraine-russia-satellites/
While the Russian invasion rages on the ground, companies that operate data-collecting satellites find themselves in an awkward position.
Some researchers are worried that the reliance on satellite imagery has given too much power to the companies that control this technology. “There’s companies like Maxar and Planet that are privately owned and they have the final say on whether or not they want to share the information, ” says Anuradha Damale. The role of private companies in conflicts such as Ukraine means commercial satellites could become targets. In the days before Russia invaded, US space officials warned satellite companies that the conflict could extend into space.
CISA Releases Advisory on Destructive Malware Targeting Organizations in Ukraine https://www.cisa.gov/uscert/ncas/current-activity/2022/02/26/cisa-releases-advisory-destructive-malware-targeting-organizations
CISA and the Federal Bureau of Investigation have released an advisory on destructive malware targeting organizations in Ukraine. The advisory also provides recommendations and strategies to prepare for and respond to destructive malware. Additionally, CISA has created a new Shields Up Technical Guidance webpage that details other malicious cyber activity affecting Ukraine. The webpage includes technical resources from partners to assist organizations against these threats.
Alert: https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
US firms should be wary of destructive malware unleashed on Ukraine, FBI and CISA warn – CNNPolitics
https://www.cnn.com/2022/02/26/politics/ukraine-malware-warning-cybersecurity-fbi-cisa/index.html
EU Activates Cyber Rapid Response Team Amid Ukraine Crisis
https://www.bankinfosecurity.com/eu-activates-cyber-rapid-response-team-amid-ukraine-crisis-a-18584
Amid rapid escalation in the Russia-Ukraine conflict derived from historical grievances and qualms with Ukraine’s plan to join the military alliance NATO, the world’s network defenders remain on high alert. And on Tuesday, the European Union confirmed that it will activate its elite cybersecurity team to assist Ukrainians if Russian cyberattacks occur.
UK alludes to retaliatory cyber-attacks on Russia
https://therecord.media/uk-alludes-to-retaliatory-cyber-attacks-on-russia/
The UK government alluded yesterday that it might launch offensive cyber operations against Russia if the Kremlin attacks UK computer systems after an invasion of Ukraine.
Amazon: Charities, aid orgs in Ukraine attacked with malware
https://www.bleepingcomputer.com/news/security/amazon-charities-aid-orgs-in-ukraine-attacked-with-malware/
Charities and non-governmental organizations (NGOs) providing critical support in Ukraine are targeted in malware attacks aiming to disrupt their operations and relief efforts seeking to assist those affected by Russia’s war. Amazon has detected these attacks while working with the employees of NGOs, charities, and aid organizations, including UNICEF, UNHCR, World Food Program, Red Cross, Polska Akcja Humanitarna, and Save the Children.
Ransomware Used as Decoy in Destructive Cyberattacks on Ukraine
https://www.securityweek.com/ransomware-used-decoy-destructive-cyberattacks-ukraine
Destructive ‘HermeticWiper’ Malware Targets Computers in Ukraine
https://www.securityweek.com/destructive-hermeticwiper-malware-targets-computers-ukraine
Just as Russia was preparing to launch an invasion of Ukraine, Ukrainian government websites were disrupted by DDoS attacks and cybersecurity firms reported seeing what appeared to be a new piece of malware on hundreds of devices in the country.
The new malware, dubbed “HermeticWiper” by the cybersecurity community, is designed to erase infected Windows devices. The name references a digital certificate used to sign a malware sample — the certificate was issued to a Cyprus-based company called Hermetica Digital.
“At this time, we haven’t seen any legitimate files signed with this certificate. It’s possible that the attackers used a shell company or appropriated a defunct company to issue this digital certificate,” explained endpoint security firm SentinelOne, whose researchers have been analyzing the new malware.
The malware has also been analyzed by researchers at ESET and Symantec. Each of the companies has shared indicators of compromise (IoCs) associated with HermeticWiper.
ESET first spotted HermeticWiper on Wednesday afternoon (Ukraine time) and the company said hundreds of computers in Ukraine had been compromised.
HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine https://www.sentinelone.com/labs/hermetic-wiper-ukraine-under-attack/
On February 23rd, the threat intelligence community began observing a new wiper malware sample circulating in Ukrainian organizations. Our analysis shows a signed driver is being used to deploy a wiper that targets Windows devices, manipulating the MBR resulting in subsequent boot failure. This blog includes the technical details of the wiper, dubbed HermeticWiper, and includes IOCs to allow organizations to stay protected from this attack. This sample is actively being used against Ukrainian organizations, and this blog will be updated as more information becomes available. Also:
https://www.welivesecurity.com/2022/02/24/hermeticwiper-new-data-wiping-malware-hits-ukraine/
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ukraine-wiper-malware-russia
https://www.bleepingcomputer.com/news/security/new-data-wiping-malware-used-in-destructive-attacks-on-ukraine/
HermeticWiper: A detailed analysis of the destructive malware that targeted Ukraine https://blog.malwarebytes.com/threat-intelligence/2022/03/hermeticwiper-a-detailed-analysis-of-the-destructive-malware-that-targeted-ukraine/
The day before the invasion of Ukraine by Russian forces on February 24, a new data wiper was unleashed against a number of Ukrainian entities. This malware was given the name “HermeticWiper” based on a stolen digital certificate from a company called Hermetica Digital Ltd. This wiper is remarkable for its ability to bypass Windows security features and gain write access to many low-level data-structures on the disk. In addition, the attackers wanted to fragment files on disk and overwrite them to make recovery almost impossible.
In Ukraine, Online Gig Workers Keep Coding Through the War
https://www.wired.com/story/gig-work-in-ukraine/
Freelancers or gig workers who piece together work on online platforms are a hidden engine of the Ukrainian economyand the world’s. They work as software engineers, project managers, IT technicians, graphic designers, editors, and copywriters. And they work for everyone.
Invading Russian forces have plunged freelancers’ home offices into chaos and uncertainty. Vlad, a video editor in southern Ukraine, says he’s grown accustomed to the air alarm signal, and hiding until it has passed. Now there are battles 30 miles from his home. “But as long as there is water, electricity, and internet, I can work, ” he says.
“Because we all need to live for something, eat
Leaving Russia? Experts Say Wipe Your Phone Before You Go
https://www.forbes.com/sites/thomasbrewster/2022/03/04/russians-escaping-putins-repression-urged-to-wipe-their-phones/
Russians fleeing President Vladimir Putin’s regime as it cracks down on anti-war sentimentand rumors of martial law grow louderare being advised to wipe their phones, especially of any traces of support for Ukraine. If they don’t, experts say they may face detention. They’re starting by deleting messages on Signal, Telegram or any app that promises security. For those leaving the country, they’re deleting the apps themselves, and urging others to do the same. Russian media has first-hand accounts of lengthy interrogations at the border, along with phone and laptop searches, though Forbes could not corroborate those claims.
Why ICANN Won’t Revoke Russian Internet Domains
The organization says cutting the country off would have “devastating” effects on the global internet system.
https://www.wired.com/story/why-icann-wont-revoke-russian-internet-domains/#intcid=_wired-bottom-recirc_8e802014-a05f-48c5-89e8-9dad931361ad_text2vec1-reranked-by-vidi
Ukraine on Monday asked ICANN to revoke Russian top-level domains such as .ru, .рф, and .su; to “contribute to the revoking for SSL certificates” of those domains; and to shut down DNS root servers in Russia. Fedorov argued that the requested “measures will help users seek for reliable information in alternative domain zones, preventing propaganda and disinformation.”
Ukraine’s request to cut Russia off from core parts of the internet has been rejected by the nonprofit group that oversees the Internet’s Domain Name System (DNS). CEO Göran Marby of the Internet Corporation for Assigned Names and Numbers (ICANN) said the group must “maintain neutrality and act in support of the global internet.”
“Our mission does not extend to taking punitive actions, issuing sanctions, or restricting access against segments of the internet—regardless of the provocations,” Marby wrote in his response to Ukraine Vice Prime Minister Mykhailo Fedorov.
https://www.icann.org/en/system/files/correspondence/marby-to-fedorov-02mar22-en.pdf
TikTok Was Designed for War
As Russia’s invasion of Ukraine plays out online, the platform’s design and algorithm prove ideal for the messiness of war—but a nightmare for the truth.
https://www.wired.com/story/ukraine-russia-war-tiktok/#intcid=_wired-bottom-recirc_8e802014-a05f-48c5-89e8-9dad931361ad_text2vec1-reranked-by-vidi
2,362 Comments
Tomi Engdahl says:
Surkeat radiot maksavat Venäjälle: Ukraina häiritsee hevillä – kenraalin henki lähti
https://www.iltalehti.fi/ulkomaat/a/887f9bbc-be81-4600-b928-260722d34dc5
Ukrainalaiset syöttävät suojaamattoman venäläisviestinnän sekaan väärää tietoa ja käyttävät yksinkertaista radiopaikannusta vastustajan sijaintien selvittämiseen.
Jos komentajat ovat armeijan aivot, sotilaat sen raajat, niin viestintävälineet ovat sen hermosto: jos hermosto ei toimi kunnolla, raajat toimivat huonosti tai eivät lainkaan.
Tässä piilee yksi Venäjän heikosti sujuneen hyökkäyssotaretken syistä. Ukrainasta tihkuvien tietojen perusteella venäläisillä ei ole riittävästi hyviä, salattuja radioita viestien välittämiseen, vaan he joutuvat turvautumaan salaamattomiin vanhanaikaisiin HF-radioihin, matkapuhelimiin ja radiopuhelimiin. Kaatuneilta ja vangituilta venäläissotilailta on takavarikoitu ainakin Motorolan, Baofengin ja Kenwoodin radiopuhelimia, joissa ei ole sotilastason salausta.
Tämä puolestaan mahdollistaa puolustajille viestien sieppaamisen, hyökkääjien sijainnin paikantamisen ja viestiliikenteen häirinnän. The Economist -lehden mukaan ukrainalaisjoukot ovat tukkineet kanavia muun muassa luukuttamalla kesken taistelun venäläisten radioihin heavymusiikkia.
– Vaikuttaa eriskummalliselta ettei Ukrainaan eteneviä yksiköitä tässä operaation vaarallisessa vaiheessa ole varustettu parhailla mahdollisilla varusteilla, mukaan lukien radioilla, mitä Venäjän puolustusteollisuudella on tarjota, brittiläinen puolustukseen ja sotaan keskittynyt ajatushautomo Royal United Services Institute (Rusi) kirjoitti analyysissaan, kun sotaa oli kulunut vasta reilu viikko.
Why Russian radios in Ukraine are getting spammed with heavy metal
Ukrainians are eavesdropping on the invaders and broadcasting on their frequencies
https://www.economist.com/the-economist-explains/2022/03/28/why-russian-radios-ukraine-war-intercepted-heavy-metal
Tomi Engdahl says:
Ukrainian cartoon mocks Russia with a singing tractor pulling a tank
https://www.indy100.com/viral/ukraine-cartoon-tractor-russian-tank#Echobox=1648536941
A Ukrainian cartoon appears to mock Russia’s military by showing a tractor pulling along on of its tanks.
Now, even a children’s cartoon has taken the opportunity to mock and belittle the Russians.
In the clip, a blue tractor can be seen joyfully pulling along a tractor with the letter “Z” emblazoned on the side – the letter has become synonymous with Russian military vehicles.
The clip has gone viral and has been liked almost 21,000 times. It’s unclear whether the video comes from a genuine episode of a cartoon, or if it has been edited.
Someone else wrote: “This is absolutely AMAZING! I AM ALL FOR THIS!!”
Another claimed: “This is the best propaganda of all time.”
Tomi Engdahl says:
Aamuinen räjähdys kertoo, että sota on saanut uuden käänteen – ”Venäjä joutuu toteamaan, että hitto vie” https://www.is.fi/ulkomaat/art-2000008723832.html
Tomi Engdahl says:
Panssarivaunun hinaaminen traktorilla
https://m.youtube.com/watch?v=WcAASv9Ri_A
Tomi Engdahl says:
https://i.stuff.co.nz/world/europe/300552751/why-russian-radios-in-ukraine-are-getting-spammed-with-heavy-metal
Tomi Engdahl says:
Modern military-grade radios encrypt signals and change the frequency on which they operate many times a second, making their transmissions impossible to intercept. But many Russian forces are communicating on unencrypted high-frequency (HF) channels that allow anyone with a ham radio to eavesdrop.
The Russian army does have some modern tech. It started receiving Azart radios, which have built-in encryption and can operate on much higher frequencies, in 2012.
Thomas Withington, a military analyst specialising in electronic warfare, says that the Azart system seems adequate, if inferior to the equipment used by Nato forces. But there are not enough radios to go around.
By the most optimistic estimates only a fraction of the invasion force could have Azart radios.
Nor is it clear if Azart works as intended.
The Azart project was embroiled in a scandal when supposedly Russian-made components were found to have been imported from China. About a third of the total procurement budget of 18.5 billion roubles (around US$240m at the time) was allegedly embezzled.
Russia has other radios, but Azart may not be compatible with them. If an elite airborne unit has modern Azart radios but the artillery supporting it is using legacy systems or commercial sets, the two will end up communicating via unsecure HF. Photographs of captured military equipment, and verified intercepts, indicate that Russians are using Motorola, Kenwood and Baofeng walkie-talkies.
An integrated system gives a commander instant voice communication, location details and data exchange with neighbouring units, artillery, air support and reconnaissance drones. Walkie-talkies are much too basic to support such co-ordinated operations.
Ukrainian defenders have been sharing known military frequencies, recording Russian communications and uploading to them for volunteers to transcribe and parse for information.
Some of these supposed radio intercepts sound like Ukrainian propaganda.
But many seem genuine.
Withington says that some have been matched with actions on the ground, giving them credibility.
There are reports of frequencies used by Russian forces being bombarded with heavy-metal music or other transmissions from Ukrainian operators, sometimes during combat.
https://i.stuff.co.nz/world/europe/300552751/why-russian-radios-in-ukraine-are-getting-spammed-with-heavy-metal
Tomi Engdahl says:
Suomalainen Anonymous-hakkeri iskee Venäjää vastaan – menetelmät kuin tiedustelupalveluilla https://www.is.fi/digitoday/art-2000008720782.html
Tomi Engdahl says:
Putin, Ukraina ja imperiumi
Miksi Vladimir Putin päätti hyökätä Ukrainaan? Pohdimme Putinin ajattelua eri lähteitä ja asiantuntija-arvioita käyttäen. Analysoimme tarkasti Putinin ennen sotaa pitämän “sodan oikeutus” -puheen.
https://yle.fi/uutiset/3-12385667
Tomi Engdahl says:
Vahinko, että 83% porukasta pilaa kaikkien maineen.
Venäjä | Riippumaton tutkimuslaitos: Putinin kannatus kasvanut Venäjällä kohisten: https://www.hs.fi/ulkomaat/art-2000008719000.html?share=06316d21c1c1d5d85ecf5ed3645a203e
Tomi Engdahl says:
Venäjä voi häiritä Suomen Nato-keskustelua iskemällä arkaan paikkaan https://www.is.fi/digitoday/art-2000008719816.html
VENÄJÄN odotetaan kohdistavan lähikuukausien aikana Suomeen kyber- ja informaatiovaikuttamista. Suojelupoliisi kertoi tiistaina pitämässään tiedotustilaisuudessa pitävänsä todennäköisenä, että etenkin Suomessa käytävään Nato-keskusteluun pyritään vaikuttamaan. Tekniikan tohtori ja kyberturvallisuuden asiantuntija Catharina Candolin uskoo Nato-keskustelussa kuultavan virheellistä ja negatiivista tietoa.
Tomi Engdahl says:
Google: Russian credential thieves target NATO, Eastern European military https://www.theregister.com/2022/04/01/russian_credential_phishing/
A Russian cybercrime gang has lately sent credential-phishing emails to the military of Eastern European countries and a NATO Center of Excellence, according to a Google threat report this week.
Tomi Engdahl says:
Russian-linked Android malware records audio, tracks your location https://www.bleepingcomputer.com/news/security/russian-linked-android-malware-records-audio-tracks-your-location/
After receiving the permissions, the spyware removes its icon and runs in the background with only a permanent notification indicating its presence. Researchers from Lab52 identified a malicious APK [VirusTotal] named “Process Manager” that acts as Android spyware, uploading information to the threat actors. While it is not clear how the spyware is distributed, once installed, Process Manager attempts to hide on an Android device using a gear-shaped icon, pretending to be a system component. It is unclear if the malware abuses the Android Accessibility service to grant itself permissions or if it’s tricking the user into approving a request. The information collected by the device, including lists, logs, SMS, recordings, and event notifications, are sent in JSON format to the command and control server at 82.146.35[.]240. The method of distribution for the APK is unknown, but if it is Turla, they commonly use social engineering, phishing, watering hole attacks, etc., so it could be anything.
Tomi Engdahl says:
Suomalainen Anonymous-hakkeri iskee Venäjää vastaan menetelmät kuin tiedustelupalveluilla https://www.is.fi/digitoday/art-2000008720782.html
Suomalainen Anonymous-hakkeri aloitti verkkosotansa Venäjää vastaan maan hyökättyä Ukrainaan. Operaatiot ovat muuttuneet koko ajan järeämmäksi. Toiminta on laitonta, ja hän tietää sen.
Tomi Engdahl says:
Jahtaako Putin omiaan? Näppärä huijauskampanja löytää hallinnon toisinajattelijat https://www.kauppalehti.fi/uutiset/jahtaako-putin-omiaan-nappara-huijauskampanja-loytaa-hallinnon-toisinajattelijat/9474e4e5-72ff-4329-b8a8-a5a0becd019e
Kalastelukampanja etsii niitä, jotka eivät myötäile valtion linjaa Ukrainan sodan kulusta. Tuore huijauskampanja on tarkasti kohdistettu Venäjän valtiollisissa viroissa työskenteleviin, kuten hallituksen työntekijöihin sekä julkisen alan toimijoihin, ja sillä pyritään löytämään sellaisia ihmisiä, jotka ajattelevat Ukrainan sodasta eri tavalla kuin mitä valtio ja valtiollinen media sanoo. (Alkup.
seuraavana)
Tomi Engdahl says:
Phishing campaign targets Russian govt dissidents with Cobalt Strike https://www.bleepingcomputer.com/news/security/phishing-campaign-targets-russian-govt-dissidents-with-cobalt-strike/
A new spear phishing campaign is taking place in Russia targeting dissenters with opposing views to those promoted by the state and national media about the war against Ukraine. The campaign targets government employees and public servants with emails warning of the software tools and online platforms that are forbidden in the country.
Tomi Engdahl says:
Rehashed NYT yarn on Russian surveillance shot down by Nokia https://itwire.com/business-it-news/business-technology/rehashed-nyt-yarn-on-russian-surveillance-shot-down-by-nokia.html
Finnish telecommunications equipment provider Nokia has termed as “misleading” claims made by The New York Times about the company’s role in Russia’s lawful intercept system.
Tomi Engdahl says:
UK Spy Chief Warns Russia Looking for Cyber Targets
https://www.securityweek.com/uk-spy-chief-warns-russia-looking-cyber-targets
A U.K. intelligence chief warned that the Kremlin is hunting for cyber targets and bringing in mercenaries to shore up its stalled military campaign in Ukraine.
Jeremy Fleming, who heads the GCHQ electronic spy agency, praised Ukrainian President Volodymyr Zelenskyy’s “information operation” for being highly effective at countering Russia’s massive disinformation drive spreading propaganda about the war.
While there were expectations that Russia would launch a major cyberattack as part of its military campaign, Fleming said such a move was never a central part of Moscow’s standard playbook for war.
“That’s not to say that we haven’t seen cyber in this conflict. We have — and lots of it,” Fleming said in a speech in Canberra, Australia, according to a transcript released in London on Wednesday.
He said GCHQ’s National Cyber Security Centre has picked up signs of “sustained intent” by Russia to disrupt Ukrainian government and military systems.
“We’ve seen what looks like some spillover of activity affecting surrounding countries,” Fleming said. “And we’ve certainly seen indicators which suggest Russia’s cyber actors are looking for targets in the countries that oppose their actions.”
Tomi Engdahl says:
Anonymous hakkeriryhmä kertoo murtaneensa 120.000 Ukrainaan hyökänneen venäläisen sotilaan henkilötiedot.
Anonymous expose personal data of 120,000 invaders fighting in Ukraine
https://www.kyivpost.com/world/anonymous-expose-personal-data-of-120000-invaders-fighting-in-ukraine.html
The Anonymous group has stated that personal data of 120,000 Russian soldiers deployed in Ukraine has been leaked.
The group announced the news via Twitter, Ukrinform reports.
“Personal data of 120,000 Russian soldiers fighting in Ukraine was leaked,” the hackers said.
“All soldiers participating in the invasion of Ukraine should be subjected to a war crime tribunal,” the hackers stressed.
Earlier, Anonymous reported that it had made public 15 GB of data stolen from the Russian Orthodox Church’s charity wing.
Tomi Engdahl says:
Food Delivery Leak Unmasks Russian Security Agents
https://www.bellingcat.com/news/rest-of-world/2022/04/01/food-delivery-leak-unmasks-russian-security-agents/
Russian tech giant Yandex has blamed one of its employees for the hacking and subsequent leak of data from Yandex Food, a popular food delivery service in Russia.
Among the many users affected are serving agents of Russia’s security services and military, who in several cases even ordered food to their places of work using their official email addresses.
This leak includes user emails, a large number of phone numbers, addresses, and orders made on the platform. Russia’s state media watchdog Roskomnadzor has strongly attempted to block its proliferation.
What’s in the leak?
The main part of the data leak includes order information, along with some personal information collected from the user. These include their Yandex.Food ID, address, contact details, delivery instructions, billing information and metadata.
One address Bellingcat searched for is Dorozhnaya Street 56 in Moscow. This facility is linked to the Russian National Guard (Rosgvardia), which has been active in the invasion of Ukraine.
First, here’s an example of how personal details of users who ordered food are displayed in the leak.
Also included is the delivery address — not to be confused with the user’s home address, which is not included in this data — with accompanying delivery instructions. These delivery instructions, as detailed later in this article, are some of the most fascinating data points of this leak.
The vast majority of this data concerns ordinary Russian citizens whose ordering habits are not hugely useful for investigative research. However, specific targeting of addresses, phone numbers, names, and notes in delivery instructions pointed our researchers to some interesting leads.
GRU to MFA?
We searched the phone numbers in the leak for a range of individuals linked to the GRU, Russia’s foreign military intelligence service, whom we have discovered over the past few years.
Military and security service identities
Perhaps the most obvious use for this database (at least for Bellingcat) is to cross-reference the personal details of users with the functions of the facilities at addresses used for orders — in other words, to find spies and soldiers.
Leaks continue unabated
This leak marks yet another entry into a long list of massive data breaches for Russian citizens, some of the largest of which include vehicle registration data, social media platform (VK) user information, and comprehensive air travel records.
Tomi Engdahl says:
Venäjä yrittää hillitä pahaa aivovuotoa verovapaudella https://www.is.fi/digitoday/art-2000008728369.html
VENÄJÄN hyökkäystä Ukrainaan seurannut it-työläisten joukkopako ei ole osoittamassa laantumisen merkkejä. Jo 70000 tietotyöläisen arvioidaan lähteneen Venäjältä, kirjoittaa uutistoimisto AP. Vladimir Putin on reagoinut aivovuotoon kirjoittamalla viime viikolla lain, joka takaa it-työntekijöille verovapauden vuoteen 2024 asti. It-osaajista on paha pula ympäri maailman, joten ammattitaitoinen väki on haluttua työvoimaa ympäri maailman. Etenkin Puola, Latvia ja Liettua ovat olleet suosittuja kohteita venäläisosaajille. Kuitenkaan esimerkiksi Liettua ei päästä venäläisyrityksiä maahan.
Tomi Engdahl says:
Pääkirjoitus: Pankkipalveluiden häiriöihin tulee varautua https://www.kauppalehti.fi/uutiset/pankkipalveluiden-hairioihin-tulee-varautua/2d126a18-3672-42aa-becb-b5676d117c7d
Venäjän Ukrainaan kohdistaman hyökkäyssodan seurauksena kyberhyökkäysten riski on kohonnut myös Suomessa. Yhtenä niin sanotun hybridisodankäynnin muotona ovat kyberiskut kriittistä infrastruktuuria vastaan. Kriittistä infrastruktuuria ovat esimerkiksi sähkönjakelu, telekommunikaatio ja pankkitoiminnot.
Tomi Engdahl says:
Putin, Ukraina ja imperiumi
Miksi Vladimir Putin päätti hyökätä Ukrainaan? Pohdimme Putinin ajattelua eri lähteitä ja asiantuntija-arvioita käyttäen. Analysoimme tarkasti Putinin ennen sotaa pitämän “sodan oikeutus” -puheen. Jutun kautta pääset myös lukemaan tai katsomaan puheen suomalaisin käännöksin.
https://yle.fi/uutiset/3-12385667
Tomi Engdahl says:
Kommentti: Venäjän hirmuteot muuttivat kaiken – Euroopan pitkä sota vasta alkaa
Sodan seuraukset tuntuvat pian todella suomalaistenkin arjessa. On syy kestää ne, kirjoittaa erikoistoimittaja Seppo Varjus.
https://www.is.fi/ulkomaat/art-2000008729651.html
Tomi Engdahl says:
Andrew Webster / The Verge:
Fortnite raises $144M for Ukraine relief, two weeks after Epic Games said all of its and Microsoft’s proceeds from the game would go to humanitarian efforts
Fortnite raised $144 million for Ukraine relief
The fundraising effort has ended after two weeks
https://www.theverge.com/2022/4/4/23009838/fortnite-ukraine-relief-fundraising-total?scrolla=5eb6d68b7fedc32c19ef33b4
Tomi Engdahl says:
The Russian Civil Aviation Authority is returning to the pencil and paper. The hackers deleted his data
https://www.archyworldys.com/the-russian-civil-aviation-authority-is-returning-to-the-pencil-and-paper-the-hackers-deleted-his-data/
Internal documents and files, as well as aircraft registration data, entire e-mail boxes and other sensitive files, all contained a leaked 65 TB database. So far, this is the biggest “cut” of hackers since the beginning of the cyber war, which was declared to Moscow by the Anonymous movement after the Russian invasion of Ukraine.
No hacker has yet claimed a cyber attack on the Civil Aviation Authority.
However, the Aviation24 server pointed out that on Monday, the favt.ru website faced a cyber raid, which made it completely inaccessible to users. That’s when the hackers were supposed to seize the sensitive data, which they immediately deleted.
Rosaviatsia has not yet officially acknowledged the hacker attack. However, the staff said in a statement that “computer systems failed.” Because of this, according to The Aviation Herald, the office switched back to paper registrations and forms.
However, the biggest problem is the missing data. No backup seems to be available, so it is not possible to restore them in any way.
Attacks are multiplying
The Anonymous movement declared war on Russia at the end of February, and since then hackers have carried out thousands of attacks on the country’s computer systems. It is a conscription for the invasion of the armed forces in Ukraine.
On Monday morning, for example, hackers boasted that they had attacked the computer systems of the VGTRK radio and television company, stealing 870 GB of data.
At the end of last week, there was an attack on the Central Bank of the Russian Federation, from which more than 35,000 documents were stolen.
Already in mid-March, the Anonymous movement boasted of an attack on the computer systems of the Russian censorship office Roskomnadzor. The classified files were released by hackers on the Internet, from which anyone can download them.
Tomi Engdahl says:
Vladimir Putin’s war in Ukraine, the cost of sanction across the Russian elite and the weakened ruble took its toll on the wealth of Russia’s billionaires. There are 83 Russians on the 2022 Forbes list of the World’s Billionaires, down from 117 last year. The remaining Russian billionaires are worth a collective $320 billion–an eye-watering $263 billion less than a year ago. https://trib.al/6A45cxQ
Tomi Engdahl says:
https://yle.fi/uutiset/3-12386997
“Viasatin satelliittiyhteyden katkaiseminen vaikeutti Ukrainan armeijan viestintää. Samalla se katkaisi internet-yhteydet kymmeniltä tuhansilta ihmisiltä eri puolilla Eurooppaa. Saksassa hyökkäyksen takia lähes 6 000 tuulivoimalaa menetti yhteyden ohjauskeskukseen.
Viisi vuotta sitten Venäjän sotilastiedustelupalvelun GRU:n kehittämä NotPetya-haittaohjelma lähti leviämään Ukrainasta aiheuttaen 10 miljardin euron vahingot ympäri maailman.
Kyberhyökkäykset eivät tunne valtioiden rajoja, eikä niitä voi sotajoukkojen tavoin vetää takaisin. Hyökkäyksen seuraukset ovat usein yllätys myös iskun tekijälle.”
Analyysi: Ukrainan sota toi kyberaseet rintamalle, jolla ei ole rajoja – nyt verkkohyökkäyksiin varaudutaan kaikkialla, myös Suomessa
https://yle.fi/uutiset/3-12386997
Toistaiseksi Ukrainan sota ei ole näkynyt lisääntyneinä hyökkäyksinä Suomen verkkoympäristössä. Mutta kun kyberaseet on tuotu näyttämölle, niiden käyttö on todennäköistä, kirjoittaa Ylen toimittaja Teemu Hallamaa.
Tomi Engdahl says:
Ukraina julkaisi yli 1600:n Butshassa toimineen venäläissotilaan nimet ja tiedot https://www.is.fi/digitoday/art-2000008730284.html
UKRAINAN puolustusministeriö on julkaissut maanantaina nimilistan Butshassa toimineen Venäjän 64. moottoroidun jalkaväkiprikaatin sotilaista verkkosivuillaan. Listassa on kaikkiaan 1648 sotilaan tiedot. Sotilasarvot vaihtelevat everstistä sotamiehiin. Listalla on 4 everstiä, 15 everstiluutnanttia sekä 25 majuria. Sotilaista on listattu näiden syntymäajat, passin numerot sekä passin myöntämispaikat.
Tomi Engdahl says:
Näin tieto hyökkäyksestä Ukrainaan leviää Venäjällä https://www.tivi.fi/uutiset/tv/deb2aa60-4077-4913-bd34-ce47b91343be
Venäläiset netinkäyttäjät turvautuvat enenevissä määrin erilaisiin kiertokeinoihin päästäkseen käsiksi länsimaisiin uutislähteisiin.
Netinkäyttäjät Venäjällä pyrkivät hankkimaan tietoa erityisesti brittiläisistä, ranskalaisista ja amerikkalaisista uutislähteistä.
Ladatuimpien sovellusten joukossa on niin vpn-palveluita, Telegram-pikaviestin kuin CloudFlaren oma Warp / 1.1.1.1 -työkalu, joka ohjaa käyttäjien liikennettä yhtiön omien palvelimien kautta.
Alkup.
https://www.bleepingcomputer.com/news/technology/russians-bypass-website-blocks-to-access-western-news-sources/
Tomi Engdahl says:
Analyysi: Ukrainan sota toi kyberaseet rintamalle, jolla ei ole rajoja nyt verkkohyökkäyksiin varaudutaan kaikkialla, myös Suomessa https://yle.fi/uutiset/3-12386997?origin=rss
Toistaiseksi Ukrainan sota ei ole näkynyt lisääntyneinä hyökkäyksinä Suomen verkkoympäristössä. Mutta kun kyberaseet on tuotu näyttämölle, niiden käyttö on todennäköistä, kirjoittaa Ylen toimittaja Teemu Hallamaa.
Tomi Engdahl says:
Ukraine spots Russian-linked ‘Armageddon’ phishing attacks https://www.bleepingcomputer.com/news/security/ukraine-spots-russian-linked-armageddon-phishing-attacks/
The Computer Emergency Response Team of Ukraine (CERT-UA) has spotted new phishing attempts attributed to the Russian threat group tracked as Armageddon (Gamaredon). The malicious emails attempt to trick the recipients with lures themed after the war in Ukraine and infect the target systems with espionage-focused malware. CERT-UA has identified two separate cases, one targeting Ukrainian organizations and the other focusing on government agencies in the European Union.
Armageddon is a Russian state-sponsored threat actor who has been targeting Ukraine since at least 2014 and is considered part of the FSB (Russian Federal Security Service).
Tomi Engdahl says:
Verkkoon piirretty viiva
https://yle.fi/uutiset/3-12370108
Kybersota on julistettu alkaneeksi useita kertoja viime vuosikymmenien aikana. Jälkikäteen julistukset ovat paljastuneet ennenaikaisiksi. Onko nyt toisin?
Sähköt katkesivat juuri ennen puoltayötä. Joulukuussa 2016 viidennes Kiovan kaupungista pimeni tunniksi, kun kyberhyökkäys tuhosi sähkönjakelukeskuksen pääkaupungin ulkopuolella.
Kyseessä oli erittäin edistynyt haittaohjelma, joka oli suunniteltu juuri Ukrainan sähkönjakeluverkkoa varten. Se oli kehittyneempi kuin vuotta aikaisemmin Länsi-Ukrainassa sähköt yli 220 000 asukkaalta katkaissut kyberisku, jossa hakkerit manuaalisesti katkaisivat virran kulun. Nyt haittaohjelma pystyi toimimaan itsenäisesti.
Ukrainan sähköverkkoon tehdyt iskut olivat poikkeuksellisia, sillä ne kohdistuivat yhteiskunnan kriittiseen infrastruktuuriin. Poikkeuksellista oli myös se, että digitaalisilla iskuilla onnistuttiin tekemään fyysistä tuhoa.
Tomi Engdahl says:
Iso-Britannia: 60 prosenttia Putinin sotakassasta jäässä, sanktiot syöksevät Venäjän takaisin neuvostoaikaan
Ison-Britannian ulkoministeri Liz Truss vaatii sanktioiden tiukentamista entisestään.
https://www.iltalehti.fi/ulkomaat/a/1df766d5-3bc9-48cc-830e-8f639fd820dd
Tomi Engdahl says:
Maria Ponnezhath / Reuters:
Intel is suspending all business operations in Russia and says it has implemented business continuity measures to minimize disruption to its global operations — Intel Corp (INTC.O) is suspending all business operations in Russia, effective immediately, the U.S. chipmaker said on Tuesday …
Intel becomes latest Western tech firm to suspend business in Russia
https://www.reuters.com/technology/intel-suspends-business-operations-russia-2022-04-06/
April 5 (Reuters) – U.S. chipmaker Intel Corp (INTC.O) said on Tuesday it has suspended business operations in Russia, joining a slew of companies to exit the country following its invasion of Ukraine.
The company, which had last month suspended shipments to customers in Russia and Belarus, said it has implemented business continuity measures to minimize disruption to its global operations.
“Intel continues to join the global community in condemning Russia’s war against Ukraine and calling for a swift return to peace,” the company said.
International Business Machines Corp (IBM.N) too had suspended shipments as Ukraine urged U.S. cloud-computing and software companies to cut off business with Russia.
Servers from IBM, Dell Technologies Inc (DELL.N) and Hewlett Packard Enterprise Co (HPE.N) top the market in Russia
Microsoft suspends sales in Russia as Western sanctions tighten
https://www.reuters.com/business/microsoft-suspends-product-sales-services-russia-2022-03-04/
March 4 (Reuters) – Microsoft Corp (MSFT.O) said on Friday it was suspending new sales of its products and services in Russia, becoming the latest Western company to distance itself from Moscow after the Ukraine invasion.
Several major companies, including Apple Inc (AAPL.O), Nike and Dell Technologies (DELL.N), have severed connections with Russia as Western nations impose bold sanctions against Moscow following the attack.
Illustration shows small figurines and displayed Microsoft logo
Small figurines are seen in front of displayed Microsoft logo in this illustration taken February 11, 2022. REUTERS/Dado Ruvic/Ilustration
Register now for FREE unlimited access to Reuters.com
March 4 (Reuters) – Microsoft Corp (MSFT.O) said on Friday it was suspending new sales of its products and services in Russia, becoming the latest Western company to distance itself from Moscow after the Ukraine invasion.
Several major companies, including Apple Inc (AAPL.O), Nike and Dell Technologies (DELL.N), have severed connections with Russia as Western nations impose bold sanctions against Moscow following the attack.
Apple said on Tuesday it had paused all product sales in Russia. Dell made a similar move last week.
In addition to suspending new sales, Microsoft was stopping many aspects of its business in Russia in compliance with government sanctions
Tomi Engdahl says:
Vera Bergengruen / TIME:
Inside Kyiv’s IT office, whose workers have spent the past five weeks adapting and repurposing everyday tech, like the Kyiv Digital smartphone app, for wartime
‘We Became Like a Big Startup.’ How Kyiv Adapted the City’s Tech to Save Lives
https://time.com/6163708/kyiv-digital-technology-app/
For the past five weeks, Polovynko and his boss, Kyiv’s deputy mayor and chief digital transformation officer Petro Olenych, have led an exhaustive effort to adapt and repurpose everyday technology for a city that has found itself facing a 20th-century-style war. Their creative maneuvers are a key reason that most residents of the Ukrainian capital can connect to the Internet in underground bomb shelters, find open pharmacies and grocery stores, and go to sleep knowing their phone will alert them of incoming air raids before the physical sirens sound.
While President Volodymyr Zelensky and Ukrainian digital officials have been lauded for their success in galvanizing global support on social media and fending off the Kremlin’s disinformation campaigns, local officials like Olenych and Polovynko have focused on the practical.
“Every day, we wake up and we’re thinking how we can keep people in the city alive and safe,” says Olenych. The popular Kyiv Digital smartphone app, which residents previously used to pay utility bills and parking tickets, now gives them a map of the closest bomb shelters and places to get critical supplies like insulin, food or gasoline. Notifications for the closure of a local metro stop for repairs have given way to warnings of incoming air raids.
It’s hard to grasp that just two months ago, the main problem their city council faced was complaints about traffic jams downtown. Municipal IT employees now carry guns, and only leave their offices to shower and catch a few hours of sleep whenever they can. (Olenych says he’s been sleeping at Polovynko’s house since a bomb landed near his own home.) On the day they spoke to TIME, employees of the city council’s digital office were poring over mobile data to determine how to best ration food for those that remain.
“I felt like I was part of a modern world, where all of these [technologies] were part of our everyday life, and now suddenly we need to use them for such basic purposes, for life or death,” says Polovynko. “I never imagined that I would develop software in 2022 to help people stay alive, to survive things like a missile attack. But of course, we can. And now we’re using all of our IT minds in Ukraine to help our people and our soldiers.”
In recent days, there have been 6 to 10 air raid alarms shared by the app per day, according to city officials. A red alarm icon shows the time and the message “Air Warning! Head to the nearest shelter!” It’s followed by a green icon telling residents when the danger had passed, according to screenshots shared with TIME.
The chaotic first week of the invasion produced long lines for basic goods, as thousands of residents desperately tried to stock up or flee the city. So Kyiv’s digital office quickly set up online forms that allowed business owners to report if they were able to open. This information was then added to a map on the app showing which grocery stores, pharmacies and gas stations still have supplies. “Our team has readjusted to deliver new valuable services on an everyday basis,” says Victoria Itskovich, who serves as the city’s deputy IT director. “The main thing I’ve learned during this time is that there is no point in striving for the perfect solution. The best product is the one you can launch here and now.”
With residents often sheltering underground and Internet providers frequently being knocked offline, connectivity became one of the most pressing problems. “We realized we would have to spend a lot of time in these bomb shelters and there was nothing prepared for the long term,” Polovynko says.
Olenych, the deputy mayor, reached out to Kyiv’s Internet providers and organized them into a group on a messaging app. Then his office added a feature to the city’s app that allowed residents to request Internet access for their bomb shelters. More than 1,000 bomb shelters throughout the city did so. As of Thursday, city officials estimated that roughly 800 had been provided with a WiFi connection.
City officials took mobile WiFi hotspots from empty offices in Kyiv’s government buildings to use in bomb shelters. They also got a boost from SpaceX founder Elon Musk, who donated Starlink satellite terminals to provide Internet access after a request from Ukraine’s national digital office. In a March 4 photo shared with TIME, Olenych and Polovynko posed with one of Musk’s satellite dishes, flashing a thumbs-up sign.
Other Western companies have come to their aid as well. Cloudflare, a San Francisco-based cybersecurity firm, offered the Kyiv city council its services for free, helping them to recover and protect from ongoing cyberattacks. “Cloudflare is appalled by the Russian invasion of Ukraine,” spokesperson Laurel Toney told TIME. “Since the run up to the invasion, Cloudflare has worked to protect Ukrainian websites and networks [and] helped Ukrainian government websites come back online while under active cyberattack.”
Kyiv’s digital office has also been working with Ukrainian mobile operators to arrange free roaming coverage for residents, no matter which provider they use. In recent days, they have also worked with providers on grimmer matters, using analytics of mobile users in Kyiv to get an approximate number of how many people are in the city in order to conserve food rations.
“We really were like Alice in Wonderland—we lived in another world, which was peaceful, friendly, and open,” Polovynko says of his work in Kyiv’s digital office before the war. “Now we’re in a new IT age, where we need to put all of our technology minds towards military goals.”
The city’s digital office has divided residents into two groups: those who are staying to fight, and those who are staying because they are old, sick, or have no way to escape. Both are relying on their digital services to keep them safe—and prepared for what may come next.
“Our main focus is to use any options that can help us save lives, to use the technology to first of all to protect our people – and to kill another people,” says Polovynko. “It’s sad, but unfortunately this is the situation we’re now in. We cannot lose. Ukrainians will never, never give up, and you feel it when you’re here in Kyiv, we will really fight to the end.”
Tomi Engdahl says:
Vadim Smyslov / TechCrunch:
Tech workers describe interrogations as they flee Russia; recruitment service HeadHunter says the government demand for IT workers in Russia has increased 100%
Tech workers describe detentions and interrogations as they flee Russia
The mass exodus of IT specialists has been met with hostility from Moscow
https://techcrunch.com/2022/04/04/russia-tech-workers-detentions-interrogations/
“He gave his verdict to the nation and, indirectly, declared war,” Smirnov said. “My whole family watched that vicious speech and trembled.”
It’s one thing to know that war has been declared. It’s quite another to wake up on February 24 to the news of bombings.
On the very same morning, Smirnov was in no doubt that he needed to leave Russia. Having dressed, he went to take a COVID-19 test so he could fly to neighboring Georgia as soon as possible, after which he would travel on to Ireland.
Nik Shevchenko, the 22-year-old chief executive of the startup WeLoveNoCode, also decided to leave Russia. Fearing that martial law would be introduced in Russia, forcing the borders shut, Shevchenko bought a plane ticket to Portugal, where he remains now. “First they close the borders,” Shevchenko said, “and then they force you to kill. I’m fit for military service, unfortunately, but I don’t want to kill innocent people.”
Tomi Engdahl says:
“IT people who have fled Russia do not want to waste their abilities on war and other crap that negatively affects humanity. IT is the internet, and the internet is freedom.”
Tomi Engdahl says:
‘No one will ever listen to Russia:’ Why Ukraine is winning the propaganda war
https://www.cbc.ca/news/world/ukraine-russia-information-war-1.6408380
Analysts say Russia showing unexpected weakness at influencing foreign opinion
On the very first day of Russia’s invasion, a tiny island along Ukraine’s Black Sea coast became an early target. It was a minor military loss that Kyiv would turn into a major propaganda victory, in a narrative aimed at a Western audience as much as a domestic one.
Ukraine was about to show its strength at information warfare in the global arena; Russia, to reveal its unexpected weakness at influencing foreign opinion in this conflict, especially in the West.
“Its standing in the world is damaged, probably beyond repair,” said Ilya Metveev, a St. Petersburg-based political analyst. Moscow “understands now that it is useless to push Russia’s narrative in the West. Whatever they try, this will not work.”
Tomi Engdahl says:
Mitchell Clark / The Verge:
Twitter begins “drastically” reducing the reach of Russian government accounts and will remove tweets from government-affiliated accounts with prisoners of war — It’ll ‘ask government or state-affiliated media accounts’ to take down pictures featuring prisoners of war
Twitter takes a harder line on POW photos and shadowbans Russian government accounts
https://www.theverge.com/2022/4/5/23012046/twitter-prisoner-of-war-pow-photos-rules-russian-government-accounts?scrolla=5eb6d68b7fedc32c19ef33b4
It’ll ‘ask government or state-affiliated media accounts’ to take down pictures featuring prisoners of war
Twitter announced on Tuesday that it will “require the removal of Tweets posted by government or state-affiliated media accounts” if they contain images or videos that show prisoners of war from the Russian invasion of Ukraine. The company also said it would “drastically” reduce the chances of people seeing posts from Russian government accounts.
In its most recent updates to a post detailing how the company is responding to the conflict, Twitter says this decision is meant to ensure its platform isn’t used to spread content that violates the Geneva Conventions, one of which requires prisoners of war be protected from “acts of violence or intimidation and against insults and public curiosity.” This comes after the government of Ukraine has been criticized for posting images of dead soldiers, as well as videos of captured soldiers being interrogated.
While Twitter will ask government accounts to remove media showing prisoners of war, there will be some exceptions for “compelling public interest or newsworthy POW content,”
Governments sharing media depicting POWs is a controversial subject, especially in a conflict where one side is a clear aggressor.
Others disagree. Slate spoke to Adil Haque, a law professor and legal ethicist, about the media being posted, and he argued that context wasn’t particularly important in this kind of conflict. “Even if a particular instance of recording a POW might seem harmless, especially if they’re actually being portrayed in a sympathetic light, the idea is we need a broad prohibition so we don’t have to debate on a case-by-case basis whether this is a good or bad subjection to public curiosity,” he told the publication. In other words, the Conventions should be used as a blanket policy.
A paper written by Gordon Risius and Michael Meyer (pdf) as part of the Red Cross’ international review argues that there could be other downsides to governments sharing media of POWs. It says that the media could be used against the prisoners or their families by their governments and that pictures can be staged, making it hard to rely on them as evidence of humane treatment (especially when they’re taken explicitly to be viewed by the general public).
“Article 13 of the convention does not draw a clear dividing line between what is acceptable and what is a breach of its provisions.”
This debate isn’t new. The Red Cross paper from Risius and Meyer was written in the 1990s following the Gulf War and argues that the Geneva Conventions need to be updated for the age of mass media.
In addition to its rules around POWs, Twitter is de facto shadowbanning Russian government accounts by removing them from follow recommendations and ensuring they won’t be “amplified” on peoples’ timelines or on the Explore and Search pages. Roth says in his tweet thread that this action will be taken against any “states that limit access to free information and are engaged in armed interstate conflict.”
Tomi Engdahl says:
Nestlé’s Data Leak Shows War-Related Hacktivism Risks
https://www.wsj.com/articles/nestles-data-leak-shows-war-related-hacktivism-risks-11649151002
Food giant denied being hacked, says exposed data was related to information that was unintentionally posted on a business test website
Companies, already warned to remain alert to potential Russian cyberattacks, are battling operations by online activists aiming to bruise corporate reputations amid the war in Ukraine.
Recent public campaigns by the hacker collective Anonymous against Nestlé SA and other companies continuing to operate in Russia underline the increasing business risks. The high visibility of hacktivists requires extra efforts from companies in internal response and outward crisis communication, cybersecurity and risk experts said.
“The claim of a breach can cause a significant disruption of operations in a business because they need to put resources into investigating it,” said Scott Algeier, executive director of the Information Technology Information Sharing and Analysis Center.
In a short period of time, he added, a lot of incident response, including public relations and internal communication between the network security team and legal teams, has to be done.
In the Nestlé incident, KelvinSecurity, which describes itself as a hacker group that “joins the virtual community to transmit important information,” obtained the exposed data through a flawed configuration of a cloud server used by the food giant, a representative for the group told the Journal. The original plan was to sell the data, the Kelvin representative said. Instead, the group “decided to release it to collaborate with the hacking operation against Russia,” the person said, adding that Kelvin worked with Anonymous to get the word out.
Anonymous said in a tweet on March 22 that it released 10 gigabytes of Nestlé’s internal data, including emails, passwords and customer information, in “retaliation for continuing the company’s business in Russia.”
In a statement to the Journal, a Nestlé representative denied the company was hacked, saying the claim had “no foundation.”
Nestlé said the exposed data are related to an incident in February in which information was unintentionally posted online on a business test website.
After the Anonymous tweet, Nestlé deployed resources to investigate the claims, craft a response and communicate with the public and clients.
Nestlé had already been subject to immense pressure from politicians, employees and consumers about its Russian operations. Ukrainian President Volodymyr Zelensky had earlier mentioned Nestlé by name in several speeches calling for Western businesses to pull out of Russia. On March 23, the company said it would scale back its business in Russia, suspending the production of pet food, coffee and confectionery.
A Twitter account linked to Anonymous, @YourAnonTV, has warned a long list of businesses operating in Russia to withdraw and threatened to hack them if they continue operations in the country. “We give you 48 hours to reflect and withdraw from Russia,” one tweet from March 20 said, “or else you will be under our target!”
Companies such as Bridgestone Corp. and Dunkin’ Brands, promptly replied to the tweet saying they had already withdrawn from Russia.
Cyberexperts said hacktivists can be harder to deal with than hackers out for financial gain because their primary motive is to draw attention and are often less fearful of prosecution.
The Anonymous collective has participated in hacking operations related to political movements around the world, including the 2011 Syrian uprising, 2019 Hong Kong protests and 2020 Black Lives Matter movement.
Publicity is the goal for hacktivists
“[They] will react in public forums to anything the victimized company says or does.”
While hacktivists usually don’t have the advanced tooling and techniques of nation-states or financially motivated hackers, they also care less about hiding their online tracks
“That allows them to be a bit louder, very much louder,” he said. “A financially motivated threat actor that gets caught early, is obviously not making any money.”
Tomi Engdahl says:
Venäjä uhkaa Wikipediaa sakoilla: “Tiedot Ukrainasta vääriä ja laittomia”
https://www.mtvuutiset.fi/artikkeli/venaja-uhkaa-wikipediaa-sakoilla-tiedot-ukrainasta-vaaria-ja-laittomia/8395766#gs.wizrm5
Tomi Engdahl says:
U.S. Says It Secretly Removed Malware Worldwide, Pre-empting Russian Cyberattacks
https://www.nytimes.com/2022/04/06/us/politics/us-russia-malware-cyberattacks.html?referringSource=articleShare
The operation is the latest effort by the Biden administration to thwart actions by Russia by making them public before Moscow can strike.
WASHINGTON — The United States said on Wednesday that it had secretly removed malware from computer networks around the world in recent weeks, a step to pre-empt Russian cyberattacks and send a message to President Vladimir V. Putin of Russia.
The move, made public by Attorney General Merrick B. Garland, comes as U.S. officials warn that Russia could try to strike American critical infrastructure — including financial firms, pipelines and the electric grid — in response to the crushing sanctions that the United States has imposed on Moscow over the war in Ukraine.
The malware enabled the Russians to create “botnets”
it is unclear what the malware was intended to do, since it could be used for everything from surveillance to destructive attacks.
An American official said on Wednesday that the United States did not want to wait to find out. Armed with secret court orders in the United States and the help of governments around the world, the Justice Department and the F.B.I. disconnected the networks from the G.R.U.’s own controllers.
“Fortunately, we were able to disrupt this botnet before it could be used,” Mr. Garland said.
The court orders allowed the F.B.I. to go into domestic corporate networks and remove the malware, sometimes without the company’s knowledge.
The operation that was revealed on Wednesday showed a willingness to disarm the main intelligence unit of the Russian military from computer networks inside the United States and around the world. It is also the latest effort by the Biden administration to frustrate Russian actions by making them public before Moscow can strike.
Even as the United States works to prevent Russian attacks, some American officials fear Mr. Putin may be biding his time in launching a major cyberoperation that could strike a blow at the American economy.
Until now, American officials say, the primary Russian cyberactions have been directed at Ukraine — including “wiper” malware designed to cripple Ukrainian government offices and an attack on a European satellite system called Viasat.
The Biden administration has instructed critical infrastructure companies in the United States to prepare to fend off Russian cyberattacks, and intelligence officials in Britain have echoed those warnings. And while Russian hackers have sometimes preferred to quietly infiltrate networks and gather information, researchers said that recent malware activity in Ukraine demonstrated Russia’s increasing willingness to cause digital damage.
“They are engaged in a cyberwar there that is pretty intense, but it is targeted,”
In January, as diplomats from the United States prepared to meet with their Russian counterparts in an attempt to avoid military conflict in Ukraine, Russian hackers already were putting the finishing touches on a new piece of destructive malware.
The code was designed to delete data and render computer systems inoperable. In its wake, the malware left a note for victims, taunting them about losing information. Before U.S. and Russian representatives met for a final attempt at diplomacy, hackers had already begun using the malware to attack Ukrainian critical infrastructure, including government agencies responsible for food safety, finance and law enforcement.
January attacks and linked the group to Russia, said the group intended to cause damage and aid Russian military objectives.
“It’s a relatively new group, clearly purpose-built with a disruptive capability in mind,”
Another attack occurred on Feb. 24, the day that Russia invaded Ukraine, when hackers knocked Viasat offline. The attack flooded modems with malicious traffic and disrupted internet services for several thousand people in Ukraine and tens of thousands of other customers across Europe, Viasat said in a statement. The attack also spilled over into Germany, disrupting operations of wind turbines there.
But senior U.S. officials said all evidence suggested Russia was responsible, and security researchers at SentinelOne said the malware used in the Viasat attack was similar to code that has been linked to the G.R.U. The United States has not formally named Russia
In late March, a cyberattack again disrupted communications services in Ukraine. This time, the attack focused on Ukrtelecom, a telephone and internet service provider, knocking the company’s services offline for several hours. The attack was “an ongoing and intensifying nation-scale disruption to service, which is the most severe registered since the invasion by Russia,” according to NetBlocks, a group that tracks internet outages.
Ukrainian officials believe that Russia was most likely responsible for the attack, which has not yet been traced to a particular hacking group.
“Russia was interested in cutting off communication between armed forces, between our troops, and that was partially successful in the very beginning of the war,”
Ukrainian officials said Russia had also been behind attempts to spread disinformation about a surrender.
In the United States, officials fear similar cyberattacks could hit critical infrastructure companies. Some executives said they hoped the federal government would offer funding for cybersecurity.
“I am perfectly well aware that if Russia as a nation-state decided it wanted to attack the national infrastructure of the U.S., including what I’m responsible for, I don’t have much chance of stopping them,” said Peter Fletcher, the information security officer for the San Jose Water Company, which is part of a group that manages water services in several states. “The entire Russian nation-state versus Peter? I’m going to lose.”
Mr. Fletcher said that he was prepared but that smaller water companies than his own often struggled to keep up with cybersecurity demands. Many of them rely on outdated technology to pump and treat water, which could make them attractive hacking targets, he said.
Community Electric Cooperative, a utility provider that serves about 12,000 customers in Virginia, estimated that it needed $50,000 to upgrade cybersecurity systems.
“If we don’t have the capabilities to prevent this stuff and we are the grid, it could be quite detrimental,” said Jessica Parr, Community Electric Cooperative’s communications director.
Despite the challenges, critical infrastructure providers said they were accustomed to handling disasters. “We deal with hurricanes and ice storms all year,” Ms. Parr said. “This is just a different type of storm.”
Tomi Engdahl says:
Mikko Hyppöseltä ja Jarmo Limnélliltä synkkä ennustus “Venäjää harmittaa länsimaiden yhtenäisyys”
https://www.is.fi/digitoday/tietoturva/art-2000008733465.html
Tietoturva-asiantuntijat ennustavat Venäjän kybersodan laajenevan Ukrainasta maailmanlaajuiseksi.
Tomi Engdahl says:
Beware Ukraine-themed fundraising scams
https://blog.malwarebytes.com/scams/2022/04/beware-ukraine-themed-fundraising-scams/
Unfortunately scammers continue to focus on the invasion of Ukraine to make money. A flurry of bogus domains and scam techniques are spreading their wings. They appear to focus on donation fakeouts but there’s a few other nasty surprises lying in wait too.
Tomi Engdahl says:
Ukraine Warns of Cyber attack Aiming to Hack Users’ Telegram Messenger Accounts https://thehackernews.com/2022/04/ukraine-warns-of-cyber-attack-aiming-to.html
Ukraine’s technical security and intelligence service is warning of a new wave of cyber attacks that are aimed at gaining access to users’
Telegram accounts. “The criminals sent messages with malicious links to the Telegram website in order to gain unauthorized access to the records, including the possibility to transfer a one-time code from SMS, ” the State Service of Special Communication and Information Protection (SSSCIP) of Ukraine said in an alert.
Tomi Engdahl says:
US disrupts prolific botnet controlled by Russian military, DOJ says https://therecord.media/us-disrupts-prolific-botnet-controlled-by-russian-military-doj-says/
US Attorney General Merrick Garland announced Wednesday that US officials have disrupted a global botnet of thousands of infected devices allegedly controlled by the Russian military. Garland said the court-authorized operation was directed at Sandworm a cyber-unit of the GRU Russian military intelligence service and Cyclops Blink, an advanced modular botnet linked to the group. In a statement, the Justice Department said the operation “copied and removed malware from vulnerable internet-connected firewall devices that Sandworm used for command and control (C2) of the underlying botnet.”. “Although the operation did not involve access to the Sandworm malware on the thousands of underlying victim devices worldwide, referred to as bots, ‘ the disabling of the C2 mechanism severed those bots from the Sandworm C2 devices’ control, ” the DOJ explained.
Tomi Engdahl says:
Intel suspends all operations in Russia “effective immediately”
https://arstechnica.com/tech-policy/2022/04/intel-suspends-business-operations-in-russia-over-ukraine-war/
Intel, one of the world’s largest semiconductor companies, is suspending business operations in Russia “effective immediately, ” the company announced on Tuesday.
Tomi Engdahl says:
FBI Disables “Cyclops Blink” Botnet Controlled by Russian Intelligence Agency
https://www.securityweek.com/fbi-disables-cyclops-blink-botnet-controlled-russian-intelligence-agency
The U.S. government on Wednesday announced that it had neutralized a massive botnet of hardware devices controlled by Russia’s main intelligence agency (GRU).
In the court-approved operation, the Federal Bureau of Investigation (FBI) partnered with Watchguard to copy and remove the “Cyclops Blink” malware that serves as the hub for a large-scale botnet targeting firewall appliances and SOHO networking devices.
Cyclops Blink, which maintains persistence throughout the legitimate device firmware update process, has been directly linked to APT groups associated with the Russian government.
In a statement Wednesday, the U.S. Justice Department said the operation was conducted last month “to disrupt a two-tiered global botnet of thousands of infected network hardware devices under the control of a threat actor known to security researchers as Sandworm.”
Tomi Engdahl says:
US Charges Russian Oligarch, Dismantles Cybercrime Operation
https://www.securityweek.com/us-charges-russian-oligarch-dismantles-cybercrime-operation
The Biden administration charged a Russian oligarch linked to the Kremlin with violating U.S. government sanctions and disrupted a cybercrime operation launched by a Russian military intelligence agency, officials said Wednesday.
The actions came as the Justice Department said it was accelerating efforts to track down illicit Russian assets and as U.S. prosecutors helped European counterparts gather evidence on potential war crimes committed by Russia during its war on Ukraine.
FBI and Justice Department officials announced the moves as the U.S. separately revealed sanctions against the two adult daughters of Russian President Vladimir Putin and toughened penalties against Russian banks.
“We have our eyes on every dollar and jet. We have our eyes on every piece of art and real estate purchased with dirty money and on every bitcoin wallet filled with proceeds of theft and other crimes,” Deputy Attorney General Lisa Monaco said, adding that “our goal is to ensure that sanctioned Russian oligarchs and cyber criminals will not find safe haven.”
Tomi Engdahl says:
”for decades Lukashenka has repeated the same mantra to Belarusians: “While I am your president, there will be no war in Belarus.” In a country that throughout its entire history has frequently suffered as a result of someone else’s conflicts, this promise previously proved persuasive. However, commented Filipenko, Lukashenka’s obligations to Putin have now turned Belarus into an aggressor, leaving his own people completely bewildered.”
Belarusian railway rebellion disrupts Vladimir Putin’s Ukraine War
https://www.atlanticcouncil.org/blogs/belarusalert/belarusian-railway-rebellion-disrupts-vladimir-putins-ukraine-war/
The video calls on Belarusians not only to demonstrate against the war, but also to deny Russia the assets they need to prosecute it from Belarusian territory. “Blockade the aggressor at bases and supply routes. Deny them food, fuel, and freedom of movement,” it says.
In fact, this is more than a call for action. It is actually describing something that is already happening. Since Putin’s Ukraine War began on February 24, at least 52 Belarusians including 30 railway workers have been arrested on charges of treason, terrorism and espionage for disrupting the movement of Russian troops and military hardware, according to the Belarusian human rights group Viasna.
This railway rebellion is the most dramatic example of how Putin’s war against Ukraine is changing the political dynamic in Belarus. Lukashenka’s slavish submission to Putin, allowing the Kremlin leader to use his country as a staging ground for Russia’s assault on Ukraine, has unnerved and angered this nation of 9.4 million people.
Belarusians are deeply averse to war, have long had warm feelings toward Ukrainians and, like much of the world, are disturbed by atrocities like the mass executions of civilians in the Kyiv suburb of Bucha.
Lukashenka’s enabling of Putin’s aggression has also subjected Belarus to Western sanctions which are battering its already fragile economy and causing living standards to plummet. Moreover, the poor performance of the Russian armed forces and Lukashenka’s erratic and inconsistent statements about whether or not Belarusian troops would join the offensive are undermining the dictator’s carefully curated image as a strong leader.
In addition to the railway rebellion, a Belarusian hacking collective called the Cyber Partisans has been attacking the country’s railway network in an effort to prevent Russian troops from reaching Ukraine. The group has also distributed videos urging Belarusian soldiers not to take part in Russia’s war.
Meanwhile, hundreds of Belarusian volunteers have joined Ukraine’s struggle to defend itself against Russia by signing up for a paramilitary group called the Kastus Kalinouski Battalion, named after the nineteenth century Belarusian leader of an uprising against the Russian Empire.