Ukraine-Russia cyber war

Ukraine and Russia seems to be at the moments on both traditional and cyber war. We could call that hybrid warfare. We are at a cyber war. Countless examples exist of damage to infrastructure from hostile acts via computer attacks. Russia’s invasion of Ukraine has been a hybrid war from the start, a mix of conventional military strategy — traditional “boots on the ground” — and a slightly more unconventional, digital or cyberwar. On the morning of February 22, 2022, the world woke to the news that Russia had moved troops into two separatist regions of eastern Ukraine. Russia started to conduct attacks to Ukraine on February 24. Before physical attacks Russia did several cyber attacks towards IT systems in Ukraine.

Here are links to some material on the cyber side of this war:

How the Eastern Europe Conflict Has Polarized Cyberspace
https://blog.checkpoint.com/2022/02/27/how-the-eastern-europe-conflict-polarized-cyberspace/
The war between Russia and Ukraine is advancing. People everywhere are deciding who they will support. The same dynamic happens in the cyberspace. Hacktivists, cybercriminals, white hat researchers or even technology companies are picking a clear side, emboldened to act on behalf of their choices. Historically, Russia has had superiority over Ukraine in the cyberspace. And last week, Ukraine was attacked by destructive wiping malware. However, the situation is starting to change, as most of the non-nation cyber state actors are taking the side of Ukraine. To defend itself, the Ukrainian government has created an international IT army of hacktivists.

As war escalates in Europe, it’s ‘shields up’ for the cybersecurity industry
https://techcrunch.com/2022/03/02/as-war-escalates-in-europe-its-shields-up-for-the-cybersecurity-industry/
In unprecedented times, even government bureaucracy moves quickly. As a result of the heightened likelihood of cyberthreat from Russian malactor groups, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) — part of the Department of Homeland Security — issued an unprecedented warning recommending that “all organizations — regardless of size — adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.”

Digital technology and the war in Ukraine
https://blogs.microsoft.com/on-the-issues/2022/02/28/ukraine-russia-digital-war-cyberattacks/
All of us who work at Microsoft are following closely the tragic, unlawful and unjustified invasion of Ukraine. This has become both a kinetic and digital war, with horrifying images from across Ukraine as well as less visible cyberattacks on computer networks and internet-based disinformation campaigns. We are fielding a growing number of inquiries about these aspects and our work, and therefore we are putting in one place a short summary about them in this blog. This includes four areas: protecting Ukraine from cyberattacks; protection from state-sponsored disinformation campaigns; support for humanitarian assistance; and the protection of our employees.. Also:
https://threatpost.com/microsoft-ukraine-foxblade-trojan-hours-before-russian-invasion/178702/

Ukraine: Cyberwar creates chaos, ‘it won’t win the war’
https://www.dw.com/en/ukraine-cyberwar-creates-chaos-it-wont-win-the-war/a-60999197
There have been at least 150 cyberattacks in Ukraine since Russia’s invasion. Their effect is mainly psychological, and experts say they won’t decide the war.
Russia’s invasion of Ukraine has been a hybrid war from the start, a mix of conventional military strategy — traditional “boots on the ground” — and a slightly more unconventional, digital or cyberwar.
The global technology company Microsoft has said its Threat Intelligence Center (MSTIC) detected “destructive cyberattacks directed against Ukraine’s digital infrastructure” hours before the first launch of missiles or movement of tanks on February 24.
Those attacks, which Microsoft dubbed FoxBlade, included so-called wipers — malicious software or malware — that make their way inside computer networks and literally wipe the data from all connected devices.
Cybersecurity experts in Germany have said there have been over a hundred cyberattacks, in various forms, since then. But their effect has mainly been psychological.

Why Russia Hasn’t Launched Major Cyber Attacks Since the Invasion of Ukraine
https://time.com/6153902/russia-major-cyber-attacks-invasion-ukraine/
In the relatively short and rapidly evolving history of cyber conflict, perhaps nothing has been established with greater certainty and more widely accepted than the idea that Russia has significant cyber capabilities and isn’t afraid to use them—especially on Ukraine. In 2015, Russian government hackers breached the Ukrainian power grid, leading to widespread outages. In 2017, Russia deployed the notorious NotPetya malware via Ukrainian accounting software and the virus quickly spread across the globe costing businesses billions of dollars in damage and disruption.
As tensions escalated between Russia and Ukraine, many people were expecting the conflict to have significant cyber components.
But as the invasion continues with few signs of any sophisticated cyber conflict, it seems less and less likely that Russia has significant cyber capabilities in reserve, ready to deploy if needed. Instead, it begins to look like Russia’s much vaunted cyber capabilities have been neglected in recent years, in favor of developing less expensive, less effective cyber weapons that cause less widespread damage and are considerably easier to contain and defend against. For instance, many of the cyberattacks directed at Ukraine in the past month have been relatively basic distributed denial-of-service attacks.
Given Russia’s past willingness to deploy cyberattacks with far-reaching, devastating consequences, it would be a mistake to count out their cyber capabilities just because they have so far proven unimpressive. And it’s all but impossible to prove the absence of cyber weapons in a nation’s arsenal. But the longer the conflict goes on without any signs of sophisticated cyber sabotage, the more plausible it becomes that the once formidable Russian hackers are no longer playing a central role in the country’s military operations.

Crowd-sourced attacks present new risk of crisis escalation
https://blog.talosintelligence.com/2022/03/ukraine-update.html
An unpredictable and largely unknown set of actors present a threat to organizations, despite their sometimes unsophisticated techniques.
Customers who are typically focused on top-tier, state-sponsored attacks should remain aware of these highly motivated threat actors, as well. Misattribution of these actors carries the risk of nations escalating an already dangerous conflict in Ukraine. Based on data from our fellow researchers at Cisco Kenna, customers should be most concerned about threat actors exploiting several recently disclosed vulnerabilities, highlighting the importance of consistently updating software and related systems.

Russia, Ukraine and the Danger of a Global Cyberwar
https://www.securityweek.com/russia-ukraine-and-danger-global-cyberwar
On the morning of February 22, 2022, the world woke to the news that Russia had moved troops into two separatist regions of eastern Ukraine. At the time of writing, it is not yet a full invasion of Ukraine, but Russia did conduct attacks on February 24, hitting cities with airstrikes and artillery in what was called a “special military operation” by Russian President Vladamir Putin.
Russia has been waging its own cyberwar against Ukraine for many years.
Since the beginning of 2022, however, it seems that Russian cyber activity against Ukraine has increased. This includes evidence that wiper malware has again disrupted some Ukrainian government networks, and attacks from the FSB-linked Gamaredon have targeted around 5,000 entities, including critical infrastructure and government departments. So far, however, there has not been the same scale of disruption as occurred in 2015, 2016 and 2017.
The purpose of such cyber activity is to weaken critical infrastructure, damage government’s ability to respond to any aggression, and to demoralize the population.
The U.S. has been warning the rest of the world against a potential widening scope of Russian cyber activity, and that cyber defenses generally should be tightened.
“Part of the worry,” said Willett, “is that cyberattacks against Ukraine might bleed over, like NotPetya, to affect other countries and cause wider damage unintentionally. There is some concern that the Russians may intentionally do stuff more widely, but that would probably be in retaliation for something that the U.S. or NATO might do.
This raises the whole question of ‘attribution’. The received belief is it is impossible to do accurate cyber attribution. ““It would be a mistake for any one nation to think it could attack another without being known,” said Willett.That is absolutely wrong,” said Willett.
But accidents happen. The two iconic cyberweapons have been Stuxnet and NotPetya. It is assumed that the U.S. developed Stuxnet (although this has never been admitted). NotPetya has been confidently attributed to the Russian government. Both malwares escaped from their assumed targets into the wider world. This was probably accidental – but similar accidents could lead to wider implications during a period of global geopolitical tension.
On the morning of February 24, 2022, Russian troops invaded Ukraine. This was accompanied by a further increase in cyber activity.

Ukraine Digital Army Brews Cyberattacks, Intel and Infowar
https://www.securityweek.com/ukraine-digital-army-brews-cyberattacks-intel-and-infowar
Formed in a fury to counter Russia’s blitzkrieg attack, Ukraine’s hundreds-strong volunteer “hacker” corps is much more than a paramilitary cyberattack force in Europe’s first major war of the internet age. It is crucial to information combat and to crowdsourcing intelligence.
Inventions of the volunteer hackers range from software tools that let smartphone and computer owners anywhere participate in distributed denial-of-service attacks on official Russian websites to bots on the Telegram messaging platform that block disinformation, let people report Russian troop locations and offer instructions on assembling Molotov cocktails and basic first aid.
The movement is global, drawing on IT professionals in the Ukrainian diaspora whose handiwork includes web defacements with antiwar messaging and graphic images of death and destruction in the hopes of mobilizing Russians against the invasion.
The cyber volunteers’ effectiveness is difficult to gauge. Russian government websites have been repeatedly knocked offline, if briefly, by the DDoS attacks, but generally weather them with countermeasures.
It’s impossible to say how much of the disruption — including more damaging hacks — is caused by freelancers working independently of but in solidarity with Ukrainian hackers.
A tool called “Liberator” lets anyone in the world with a digital device become part of a DDoS attack network, or botnet. The tool’s programmers code in new targets as priorities change.

Ukraine Cyber Official: We Only Attack Military Targets
https://www.securityweek.com/ukraine-cyber-official-we-only-attack-military-targets
A top Ukrainian cybersecurity official said Friday a volunteer army of hundreds of hackers enlisted to fight Russia in cyberspace is attacking only what it deems military targets, prioritizing government services including the financial sector, Kremlin-controlled media and railways.
Victor Zhora, deputy chair of the state special communications service, also said that there had been about 10 hostile hijackings of local government websites in Ukraine to spread false text propaganda saying his government had capitulated. He said most of Ukraine’s telecommunications and internet were fully operational.
Zhora told reporters in a teleconference that presumed Russian hackers continued to try to spread destructive malware in targeted email attacks on Ukrainian officials and — in what he considers a new tactic — trying to infect the devices of individual citizens.

Army of Cyber Hackers Rise Up to Back Ukraine
https://www.securityweek.com/army-cyber-hackers-rise-back-ukraine
An army of volunteer hackers is rising up in cyberspace to defend Ukraine, though internet specialists are calling on geeks and other “hacktivists” to stay out of a potentially very dangerous computer war.
According to Livia Tibirna, an analyst at cyber security firm Sekoia, nearly 260,000 people have joined the “IT Army” of volunteer hackers, which was set up at the initiative of Ukraine’s digital minister Mykhailo Fedorov.
The group, which can be accessed via the encrypted messaging service Telegram, has a list of potential targets in Russia, companies and institutions, for the hackers to target.
It’s difficult to judge the effect the cyber-army is having.

Russia Releases List of IPs, Domains Attacking Its Infrastructure with DDoS Attacks
https://thehackernews.com/2022/03/russia-releases-list-of-ips-domains.html
Russia Blocks Access to Facebook Over War
https://www.securityweek.com/russia-blocks-access-facebook-over-war
Russia’s state communications watchdog has ordered to completely block access to Facebook in Russia amid the tensions over the war in Ukraine.
The agency, Roskomnadzor, said Friday it decided to cut access to Facebook over its alleged “discrimination” of the Russian media and state information resources. It said the restrictions introduced by Facebook owner Meta on the RT and other state-controlled media violate the Russian law.

Cyberattack Knocks Thousands Offline in Europe
https://www.securityweek.com/cyberattack-knocks-thousands-offline-europe
Thousands of internet users across Europe have been thrown offline after what sources said Friday was a likely cyberattack at the beginning of Russia’s offensive in Ukraine.
According to Orange, “nearly 9,000 subscribers” of a satellite internet service provided by its subsidiary Nordnet in France are without internet following a “cyber event” on February 24 at Viasat, a US satellite operator of which it is a client.
Eutelsat, the parent company of the bigblu satellite internet service, also confirmed to AFP on Friday that around one-third of bigblu’s 40,000 subscribers in Europe, in Germany, France, Hungary, Greece, Italy and Poland, were affected by the outage on Viasat.
In the US, Viasat said on Wednesday that a “cyber event” had caused a “partial network outage” for customers “in Ukraine and elsewhere” in Europe who rely on its KA-SAT satellite.
Viasat gave no further details, saying only that “police and state partners” had been notified and were “assisting” with investigations.
General Michel Friedling, head of France’s Space Command said there had been a cyberattack.

Cybercriminals Seek to Profit From Russia-Ukraine Conflict
https://www.securityweek.com/cybercriminals-seek-profit-russia-ukraine-conflict
Dark web threat actors are looking to take advantage of the tensions between Russia and Ukraine, offering network access and databases that could be relevant to those involved in the conflict, according to a new report from Accenture.
Since mid-January, cybercriminals have started to advertise compromised assets relevant to the Russia-Ukraine conflict, and they are expected to increase their offering of databases and network access, with potentially crippling effects for the targeted organizations.
Just over a month ago, soon after the destructive WhisperGate attacks on multiple government, IT, and non-profit organizations in Ukraine, threat actors started to advertise on the dark web access to both breached networks and databases that allegedly contained personally identifiable information (PII).
Amid Russian invasion, Ukraine granted formal role with NATO cyber hub https://therecord.media/amid-russian-invasion-ukraine-granted-formal-role-with-nato-cyber-hub/
Ukraine was granted the formal role of “contributing participant” to the hub, known as the Cooperative Cyber Defence Centre of Excellence (CCDCOE), by its 27-member steering committee, the organization announced. “Ukraine’s presence in the Centre will enhance the exchange of cyber expertise, between Ukraine and CCDCOE member nations, ” Col.
Jaak Tarien, the institution’s director, said in a statement.

This Ukrainian cyber firm is offering hackers bounties for taking down Russian sites https://therecord.media/this-ukrainian-cyber-firm-is-offering-hackers-bounties-for-taking-down-russian-sites/
In the days following Russia’s invasion of Ukraine, dozens of hacking groups have taken sides in the conflict, launching attacks on various organizations and government institutions. Cyber Unit Technologies, a Kyiv-based cybersecurity startup, has been particularly outspoken on Tuesday, the company started a campaign to reward hackers for taking down Russian websites and pledged an initial $100, 000 to the program.

High Above Ukraine, Satellites Get Embroiled in the War
https://www.wired.com/story/ukraine-russia-satellites/
While the Russian invasion rages on the ground, companies that operate data-collecting satellites find themselves in an awkward position.
Some researchers are worried that the reliance on satellite imagery has given too much power to the companies that control this technology. “There’s companies like Maxar and Planet that are privately owned and they have the final say on whether or not they want to share the information, ” says Anuradha Damale. The role of private companies in conflicts such as Ukraine means commercial satellites could become targets. In the days before Russia invaded, US space officials warned satellite companies that the conflict could extend into space.

CISA Releases Advisory on Destructive Malware Targeting Organizations in Ukraine https://www.cisa.gov/uscert/ncas/current-activity/2022/02/26/cisa-releases-advisory-destructive-malware-targeting-organizations
CISA and the Federal Bureau of Investigation have released an advisory on destructive malware targeting organizations in Ukraine. The advisory also provides recommendations and strategies to prepare for and respond to destructive malware. Additionally, CISA has created a new Shields Up Technical Guidance webpage that details other malicious cyber activity affecting Ukraine. The webpage includes technical resources from partners to assist organizations against these threats.
Alert: https://www.cisa.gov/uscert/ncas/alerts/aa22-057a

US firms should be wary of destructive malware unleashed on Ukraine, FBI and CISA warn – CNNPolitics
https://www.cnn.com/2022/02/26/politics/ukraine-malware-warning-cybersecurity-fbi-cisa/index.html
EU Activates Cyber Rapid Response Team Amid Ukraine Crisis

https://www.bankinfosecurity.com/eu-activates-cyber-rapid-response-team-amid-ukraine-crisis-a-18584

Amid rapid escalation in the Russia-Ukraine conflict derived from historical grievances and qualms with Ukraine’s plan to join the military alliance NATO, the world’s network defenders remain on high alert. And on Tuesday, the European Union confirmed that it will activate its elite cybersecurity team to assist Ukrainians if Russian cyberattacks occur.

UK alludes to retaliatory cyber-attacks on Russia
https://therecord.media/uk-alludes-to-retaliatory-cyber-attacks-on-russia/
The UK government alluded yesterday that it might launch offensive cyber operations against Russia if the Kremlin attacks UK computer systems after an invasion of Ukraine.

Amazon: Charities, aid orgs in Ukraine attacked with malware
https://www.bleepingcomputer.com/news/security/amazon-charities-aid-orgs-in-ukraine-attacked-with-malware/
Charities and non-governmental organizations (NGOs) providing critical support in Ukraine are targeted in malware attacks aiming to disrupt their operations and relief efforts seeking to assist those affected by Russia’s war. Amazon has detected these attacks while working with the employees of NGOs, charities, and aid organizations, including UNICEF, UNHCR, World Food Program, Red Cross, Polska Akcja Humanitarna, and Save the Children.

Ransomware Used as Decoy in Destructive Cyberattacks on Ukraine
https://www.securityweek.com/ransomware-used-decoy-destructive-cyberattacks-ukraine
Destructive ‘HermeticWiper’ Malware Targets Computers in Ukraine

https://www.securityweek.com/destructive-hermeticwiper-malware-targets-computers-ukraine

Just as Russia was preparing to launch an invasion of Ukraine, Ukrainian government websites were disrupted by DDoS attacks and cybersecurity firms reported seeing what appeared to be a new piece of malware on hundreds of devices in the country.
The new malware, dubbed “HermeticWiper” by the cybersecurity community, is designed to erase infected Windows devices. The name references a digital certificate used to sign a malware sample — the certificate was issued to a Cyprus-based company called Hermetica Digital.
“At this time, we haven’t seen any legitimate files signed with this certificate. It’s possible that the attackers used a shell company or appropriated a defunct company to issue this digital certificate,” explained endpoint security firm SentinelOne, whose researchers have been analyzing the new malware.
The malware has also been analyzed by researchers at ESET and Symantec. Each of the companies has shared indicators of compromise (IoCs) associated with HermeticWiper.
ESET first spotted HermeticWiper on Wednesday afternoon (Ukraine time) and the company said hundreds of computers in Ukraine had been compromised.

HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine https://www.sentinelone.com/labs/hermetic-wiper-ukraine-under-attack/
On February 23rd, the threat intelligence community began observing a new wiper malware sample circulating in Ukrainian organizations. Our analysis shows a signed driver is being used to deploy a wiper that targets Windows devices, manipulating the MBR resulting in subsequent boot failure. This blog includes the technical details of the wiper, dubbed HermeticWiper, and includes IOCs to allow organizations to stay protected from this attack. This sample is actively being used against Ukrainian organizations, and this blog will be updated as more information becomes available. Also:
https://www.welivesecurity.com/2022/02/24/hermeticwiper-new-data-wiping-malware-hits-ukraine/
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ukraine-wiper-malware-russia
https://www.bleepingcomputer.com/news/security/new-data-wiping-malware-used-in-destructive-attacks-on-ukraine/

HermeticWiper: A detailed analysis of the destructive malware that targeted Ukraine https://blog.malwarebytes.com/threat-intelligence/2022/03/hermeticwiper-a-detailed-analysis-of-the-destructive-malware-that-targeted-ukraine/
The day before the invasion of Ukraine by Russian forces on February 24, a new data wiper was unleashed against a number of Ukrainian entities. This malware was given the name “HermeticWiper” based on a stolen digital certificate from a company called Hermetica Digital Ltd. This wiper is remarkable for its ability to bypass Windows security features and gain write access to many low-level data-structures on the disk. In addition, the attackers wanted to fragment files on disk and overwrite them to make recovery almost impossible.

In Ukraine, Online Gig Workers Keep Coding Through the War
https://www.wired.com/story/gig-work-in-ukraine/
Freelancers or gig workers who piece together work on online platforms are a hidden engine of the Ukrainian economyand the world’s. They work as software engineers, project managers, IT technicians, graphic designers, editors, and copywriters. And they work for everyone.
Invading Russian forces have plunged freelancers’ home offices into chaos and uncertainty. Vlad, a video editor in southern Ukraine, says he’s grown accustomed to the air alarm signal, and hiding until it has passed. Now there are battles 30 miles from his home. “But as long as there is water, electricity, and internet, I can work, ” he says.
“Because we all need to live for something, eat

Leaving Russia? Experts Say Wipe Your Phone Before You Go
https://www.forbes.com/sites/thomasbrewster/2022/03/04/russians-escaping-putins-repression-urged-to-wipe-their-phones/
Russians fleeing President Vladimir Putin’s regime as it cracks down on anti-war sentimentand rumors of martial law grow louderare being advised to wipe their phones, especially of any traces of support for Ukraine. If they don’t, experts say they may face detention. They’re starting by deleting messages on Signal, Telegram or any app that promises security. For those leaving the country, they’re deleting the apps themselves, and urging others to do the same. Russian media has first-hand accounts of lengthy interrogations at the border, along with phone and laptop searches, though Forbes could not corroborate those claims.

Why ICANN Won’t Revoke Russian Internet Domains
The organization says cutting the country off would have “devastating” effects on the global internet system.
https://www.wired.com/story/why-icann-wont-revoke-russian-internet-domains/#intcid=_wired-bottom-recirc_8e802014-a05f-48c5-89e8-9dad931361ad_text2vec1-reranked-by-vidi
Ukraine on Monday asked ICANN to revoke Russian top-level domains such as .ru, .рф, and .su; to “contribute to the revoking for SSL certificates” of those domains; and to shut down DNS root servers in Russia. Fedorov argued that the requested “measures will help users seek for reliable information in alternative domain zones, preventing propaganda and disinformation.”
Ukraine’s request to cut Russia off from core parts of the internet has been rejected by the nonprofit group that oversees the Internet’s Domain Name System (DNS). CEO Göran Marby of the Internet Corporation for Assigned Names and Numbers (ICANN) said the group must “maintain neutrality and act in support of the global internet.”
“Our mission does not extend to taking punitive actions, issuing sanctions, or restricting access against segments of the internet—regardless of the provocations,” Marby wrote in his response to Ukraine Vice Prime Minister Mykhailo Fedorov.
https://www.icann.org/en/system/files/correspondence/marby-to-fedorov-02mar22-en.pdf

TikTok Was Designed for War
As Russia’s invasion of Ukraine plays out online, the platform’s design and algorithm prove ideal for the messiness of war—but a nightmare for the truth.
https://www.wired.com/story/ukraine-russia-war-tiktok/#intcid=_wired-bottom-recirc_8e802014-a05f-48c5-89e8-9dad931361ad_text2vec1-reranked-by-vidi

2,362 Comments

  1. Tomi Engdahl says:

    https://mobile.twitter.com/eeriknkross/status/1511821203304030210

    “We know where you are. Passport data of the 64th motorized rifle brigade, the butchers of Bucha, on Google maps. Thanks to Estonian geeks.”

    Reply
  2. Tomi Engdahl says:

    Zack Whittaker / TechCrunch:
    In a court-authorized March operation, the FBI cut off the servers of the Cyclops Blink botnet, tied to Russia’s Sandworm, from Asus and WatchGuard routers — The Federal Bureau of Investigation has disclosed it carried out an operation in March to target a massive botnet controlled by Russian intelligence.

    FBI operation aims to take down massive Russian GRU botnet
    https://techcrunch.com/2022/04/06/fbi-operation-botnet-sandworm/

    The Federal Bureau of Investigation has disclosed it carried out an operation in March to target a massive botnet controlled by Russian intelligence.

    The operation was authorized by courts in California and Pennsylvania, allowing the FBI to copy and remove the so-called Cyclops Blink malware from its command and control servers, also known as C2s, allowing the FBI to sever the connections to thousands of compromised infected devices that were taking instructions from the servers.

    The Justice Department announced the March operation on Wednesday, describing it as “successful,” but warned that device owners should still review the initial February 23 advisory to secure their compromised devices and prevent reinfection.

    Reply
  3. Tomi Engdahl says:

    Foreign Affairs:
    Russia’s cyberattacks on government, military, logistics, and critical infrastructure have been its biggest military success to date in the war in Ukraine

    The Myth of the Missing Cyberwar
    Russia’s Hacking Succeeded in Ukraine—And Poses a Threat Elsewhere, Too
    https://www.foreignaffairs.com/articles/ukraine/2022-04-06/myth-missing-cyberwar

    After Russia invaded Ukraine, many observers initially expected cyberattacks to steal the limelight as a major instrument in Russia’s arsenal. But after a month of fighting, a host of prominent scholars and analysts of cyberconflict have reached the opposite conclusion. Russia’s activities in cyberspace, they claim, have been paltry or even nonexistent. They have dismissed the role of cyber-operations, variously proposing that digital preparations for the invasion in Ukraine never occurred, were haphazard or lacked any real impact, or were mere continuations of Russia’s long-term cyber-activity against Ukraine that fell below the threshold of outright war.

    This is a dangerous misdiagnosis. All available evidence indicates that Russia has employed a coordinated cyber-campaign intended to provide its forces with an early advantage during its war in Ukraine. The apparent disconnect between these observed incidents, on the one hand, and the public analysis that Russian cyber-operations have been minimal, on the other, is jarring. Preconceived notions of the role of cyberattacks on the battlefield have made it hard for analysts to see cyber-operations in Ukraine for what they are and for the role they play within Russia’s military campaign. Leaning on these preconceptions will only lead to future policy and intelligence failures. Cyberspace is still a nascent domain of operations, and events in Ukraine will have outsized implications not just for any appreciation of Russian cyberpower but for an understanding of the nature of cyberconflict itself.

    The belief that cyber-operations have played no role in Ukraine does not stem from a lack of real-world impact. To the contrary, the magnitude of Moscow’s pre-kinetic destructive cyber-operations was unprecedented. On the day the invasion began, Russian cyber-units successfully deployed more destructive malware—including against conventional military targets such as civilian communications infrastructure and military command and control centers—than the rest of the world’s cyberpowers combined typically use in a given year.

    The cumulative effects of these attacks were striking. In the hours prior to invasion, Russia hit a range of important targets in Ukraine, rendering the computer systems of multiple government, military, and critical infrastructure sectors inoperable. Forensic analysis by Microsoft, the cybersecurity company Symantec, and the Slovak firm ESET has found that these attacks affected numerous government agencies, military institutions, civil emergency services, and a range of other critical infrastructure sectors such as defense industrial base manufacturers, information technology services, and energy companies directly relevant to Ukraine’s military capacity.

    Cyber-enabled sabotage also knocked offline the satellite Internet provider KA-SAT, which Ukraine’s military, intelligence, and police units depend on. Victor Zhora, the deputy chief of Ukraine’s State Service of Special Communication and Information Protection, has characterized the satellite outage as “a really huge loss in communications in the very beginning of war.” U.S. defensive cyberspace operations prevented further Russian attacks from disrupting the railway networks that were being used to transport military supplies and help millions of Ukrainian citizens evacuate.

    Russia continues to draw from its wartime arsenal of cybertools, deploying additional destructive malware on a weekly basis. Cities under siege from Russian shelling, including Kharkiv and Kyiv, have experienced cyber-enabled disruptions to Internet services. Ukraine’s national cyber-authorities continue to expose intrusion attempts by Russian and Belarussian cyber-units. All of this has occurred against the backdrop of a series of website defacements, denial-of-service attacks, and other destabilizing cyber-operations intended to produce chaos and further exhaust Ukraine’s cyberdefenses.

    If observers see this cyber-offensive as a series of isolated events, its scale and strategic significance get lost in the conventional violence unfolding in Ukraine. But a full accounting of the cyber-operations reveals the proactive and persistent use of cyberattacks to support Russian military objectives. The misperception that Russia has been restrained or ineffective in the prosecution of its cyberwar on Ukraine likely stems from the fact that Russia’s cyber-operations have not had the standalone, debilitating effects that assessments before the war imagined they would have. But those assessments pose an unrealistic test of strategic value. No single domain of operations has an independent, decisive effect on the course of war.

    Nevertheless, the lack of overwhelming “shock and awe” in cyberspace has led to the flawed presumption that Russia’s cyber-units are incapable, and even worse, that cyber-operations have offered Russia no strategic value in its invasion of Ukraine.

    THUNDER RUN

    Analysts should assess the use of cyberpower in its proper context. Evaluating Russia’s cyber-operations in Ukraine is impossible without accounting for the multiple tactical and strategic errors that have bedeviled other aspects of Moscow’s military campaign. Russian planners expected a swift victory in Ukraine, but their strategy failed for multiple reasons: inadequate coordination and preparation, the underestimation of the strength and resilience of Ukraine’s military, and various intelligence lapses. Russia’s missteps and struggles have almost certainly hurt its ability to fully employ its cyber-program in support of its conventional forces.

    But even with those limitations, Russian cyber-units successfully attacked a range of targets in accordance with Russia’s war plans. Russian cyberattacks on government and military command and control centers, logistics, emergency services, and other critical services such as border control stations were entirely consistent with a so-called thunder run strategy intended to stoke chaos, confusion, and uncertainty, and ultimately avoid a costly and protracted war in Ukraine. Indeed, Russian cyber-units have demonstrated their ability to succeed without a great deal of advance warning and direction, and despite the overarching difficulties hampering Russia’s military effort.

    The magnitude of Moscow’s cyberattacks on Ukraine has been unprecedented.

    The reason for this relative success lies in the unique nature of competition and conflict in cyberspace. Unlike troop buildups or other forms of military mobilization that are infrequent and highly visible, cyber-operations are the result of operational cycles that occur covertly and continuously through peacetime and wartime.

    The methods attackers use to establish initial footholds for espionage activities are indistinguishable from those that precede cyberattacks. For cyber-units, war does not fundamentally change the way they prepare or start to fight.

    Russia’s cyberattacks prior to the invasion suggest methodical preparations, with the attackers likely gaining access to Ukrainian networks months ago. This stands in stark contrast to the evident lack of preparation across Moscow’s other military instruments, including on the ground, in the air, and in its frequently used influence operations through media and social media. Russian cyber-units did not need direct military orders to prepare for the invasion or to generate new capabilities for the war. The operational realities of cyberspace required them to be ready well in advance.

    The emerging consensus that claims Russian cyber-operations were ineffective misses the bigger picture. Russia’s strategy failed to capitalize on the full capabilities and numerous operational successes of its cyber-units. For instance, Russian cyber-units have not yet shut down electricity or Internet connectivity on a massive scale in Ukraine. That does not mean Russia is incapable of such attacks, as some observers have suggested, but that it envisioned a swift victory and did not see the need for such widespread, indiscriminate disruptions. In all likelihood, Russian military units were reliant on Ukrainian civil infrastructure for their planned seizure of Kyiv and could not risk blowback to their own operations.

    The emerging consensus that claims Russian cyber-operations were ineffective misses the bigger picture. Russia’s strategy failed to capitalize on the full capabilities and numerous operational successes of its cyber-units. For instance, Russian cyber-units have not yet shut down electricity or Internet connectivity on a massive scale in Ukraine. That does not mean Russia is incapable of such attacks, as some observers have suggested, but that it envisioned a swift victory and did not see the need for such widespread, indiscriminate disruptions. In all likelihood, Russian military units were reliant on Ukrainian civil infrastructure for their planned seizure of Kyiv and could not risk blowback to their own operations.

    NO RESTRAINT

    The war in Ukraine is not over. Russia has been forced to change its operational approach, and Western intelligence points to Moscow shifting toward a strategy of attrition. With the likelihood that the conflict will become a protracted war, Russia will probably not exercise restraint in its use of additional disruptive and destructive cyber-actions. Russian President Vladimir Putin is most likely to double down on early cyber-successes and seek to further disrupt and undermine government, military, and civilian infrastructure, as well as defense industrial base enterprises. Russia’s recent attempts to strike the same targets it hit on the day of the invasion with additional destructive malware indicate this new phase of the conflict is well underway.

    Although less visible than cyberattacks, cyber-enabled espionage—the theft of sensitive information, in this case from Ukrainian networks—is also likely to play a grisly role in the Russian offensive. Russia’s Federal Security Service has allegedly used personal information stolen from Ukrainian federal databases to draw up kill lists of people who could lead a Ukrainian resistance movement in the event of a Russian victory.

    Western policymakers should also be prepared for cyber-operations to spread beyond the confines of Ukraine. Several Russian cyber-operations since the invasion have already had spillover effects into NATO countries, affecting critical sectors and civilian Internet connectivity across Europe. Russia knowingly accepted the risk that its cyberattacks would cause collateral damage and has a history of similar reckless behavior.

    Cyber-operations have been Russia’s biggest military success to date in the war in Ukraine. They will continue to provide Moscow a flexible tool capable of hitting a range of targets in Ukraine and beyond. Disregarding their unprecedented use will only leave policymakers and analysts unprepared for what’s next. A clear-eyed view of the role cyberwarfare has played so far in Ukraine and a better understanding of its place in modern warfare are imperatives for NATO’s collective security and for managing the risks of escalation looming in cyberspace.

    Reply
  4. Tomi Engdahl says:

    Vanha vimpain voi nousta arvoonsa, jos Venäjä lähtee internetistä https://www.is.fi/digitoday/art-2000008734191.html

    Reply
  5. Tomi Engdahl says:

    Suomalaisten toimissa Venäjää vastaan on huolestuttavia piirteitä – Mikko Hyppönen: ”Miksi kukaan tekisi tällaista?” https://www.is.fi/digitoday/tietoturva/art-2000008734166.html

    Reply
  6. Tomi Engdahl says:

    Mikko Hyppöseltä ja Jarmo Limnélliltä synkkä ennustus – ”Venäjää harmittaa länsi­maiden yhtenäisyys” https://www.is.fi/digitoday/tietoturva/art-2000008733465.html

    Reply
  7. Tomi Engdahl says:

    Russian-linked Fancy Bear was stopped by MS.

    Disrupting cyberattacks targeting Ukraine
    https://blogs.microsoft.com/on-the-issues/2022/04/07/cyberattacks-ukraine-strontium-russia/

    We recently observed attacks targeting Ukrainian entities from Strontium, a Russian GRU-connected actor we have tracked for years. This week, we were able to disrupt some of Strontium’s attacks on targets in Ukraine. On Wednesday April 6th, we obtained a court order authorizing us to take control of seven internet domains Strontium was using to conduct these attacks. We have since re-directed these domains to a sinkhole controlled by Microsoft, enabling us to mitigate Strontium’s current use of these domains and enable victim notifications.

    Strontium was using this infrastructure to target Ukrainian institutions including media organizations. It was also targeting government institutions and think tanks in the United States and the European Union involved in foreign policy. We believe Strontium was attempting to establish long-term access to the systems of its targets, provide tactical support for the physical invasion and exfiltrate sensitive information. We have notified Ukraine’s government about the activity we detected and the action we’ve taken.

    The Strontium attacks are just a small part of the activity we have seen in Ukraine.

    Reply
  8. Tomi Engdahl says:

    Nigerian social media accounts targeted in influence campaign centered on Ukraine invasion https://therecord.media/nigerian-social-media-accounts-targeted-in-influence-campaign-centered-on-ukraine-invasion/
    Owonikoko, a Nigerian web designer and development artist, appears to have been one of many bystanders in the Global South caught in the online battle to control how people perceive Russia’s invasion of Ukraine. In response to these content moderation challenges social media companies have ramped up bot and misinformation monitoring and the global media is investigating the scope of the problem.

    Reply
  9. Tomi Engdahl says:

    State-sponsored Attack Groups Capitalise on Russia-Ukraine War for Cyber Espionage https://research.checkpoint.com/2022/state-sponsored-attack-groups-capitalise-on-russia-ukraine-war-for-cyber-espionage/
    The use of the conflict as a bait is not limited to a specific region or APT group, it goes from Latin America to the Middle East and to Asia. In this article, CPR will provide an overview of several campaigns by different APT groups using the ongoing Russia-Ukraine war to increase the efficiency of their campaigns. CPR will discuss the victimology of these campaigns; the tactics used, and provide technical analysis of the observed malicious payloads and malware, specially crafted for this cyber-espionage.

    Reply
  10. Tomi Engdahl says:

    Facebook Battles Cyber Campaigns Targeting Ukraine
    https://www.securityweek.com/facebook-battles-cyber-campaigns-targeting-ukraine

    Facebook’s parent company Meta on Thursday said Russian state actors and others are relentlessly trying to use the social network against the Ukraine with deception, hacking and coordinated bullying campaigns.

    Social media networks have become one of the fronts in Russia’s invasion of Ukraine, home to sometimes misleading information but also real-time monitoring of one of the biggest geopolitical crises in decades.

    “Since the start of the Russian invasion of Ukraine, our teams have been on high alert to detect and disrupt threats and platform abuse, including attempts to come back by networks we removed before,” Meta said in its latest threat report.

    A spike in activity aimed at Ukraine shortly before it was invaded by Russia in February has become an entrenched battle, according to Meta influence operations threat intelligence team leader Ben Nimmo.

    Tactics have included using bogus accounts to spread false stories such as Ukrainian troops surrendering or call for a street protest in Warsaw against the Polish government.

    Meta said it disrupted a network of about 200 Facebook accounts in Russia that were working together to falsely accuse people of violating the social network’s policies to get posts about Ukraine removed.

    Those involved tried to disguise their collaboration as a cooking-themed group, according to the social network.

    “The majority of these fictitious reports focused on people in Ukraine and Russia,” Meta said in the report.

    “The people behind this activity relied on fake, authentic, and duplicate accounts to submit hundreds – in some cases, thousands – of complaints against their targets.”

    Such coordinated bullying campaigns are referred to as “mobbing.”

    Reply
  11. Tomi Engdahl says:

    Russian Comms in Ukraine: A World of Hertz
    https://rusi.org/explore-our-research/publications/commentary/russian-comms-ukraine-world-hertz

    Evidence of Russian communications in Ukraine indicates that the modernisation of the Russian Armed Forces has been troubled, causing operational and tactical challenges.

    Russia’s war in Ukraine has been marked by its apparent lack of coordination and an ostensibly flawed plan. Russian forces have been observed moving deep into Ukraine, only to be cut off by a lack of fuel, vehicle breakdowns, and ultimately Ukrainian forces. Open-source intelligence and Ukrainian reports suggest that radio communications across the Russian forces are poor, leading to makeshift solutions including the use of unencrypted high frequency (HF) radio for long-range communications and mobile phones to communicate.

    There is some evidence that Russian soldiers have deployed with more advanced software-defined radios (SDR) such as the R-187P1 Azart and R-168-5UN-2 tactical radios that were carried by a Russian airborne soldier captured near Kyiv. However, the impression provided by the Russian Ministry of Defence (MoD) over the years has been that this equipment was widespread and that the majority of the Russian Armed Forces (RuAF) were operating digital radios and systems designed to facilitate planning and decision-making.

    The R-187P1 Azart is a sixth-generation digital tactical SDR with built-in encryption designed to provide Russian troops with secure and jam-resistant communications. It operates in the very high frequency (VHF)/ultra high frequency (UHF) bands, has a range of 18 km in ground communications depending on configuration, can be used as a repeater station and can utilise GLONASS or GPS to provide positioning. The radios appear to have been delivered for the first time in 2017 to the 90th Guards Tank Division and were provided to other units thereafter, with claims of 300 radios delivered to a unit in the Leningrad region.

    The R-187P1 serves alongside the R-168 Akveduk family of fifth-generation tactical digital radios, which is also designed to provide uninterrupted communications in an electromagnetically challenging environment. The family has many variants, including HF and VHF systems designed to provide communications up to 350 km and 20 km respectively while mounted in a command vehicle. The radios were introduced by 2000, and deliveries were reported through to 2016 and beyond.

    It is possible that the delivery of the Azart radios has been troubled by corruption. Reports from 2021 observed that senior military figures and the Azart’s manufacturer were under investigation for fraud and embezzlement. At least some of the radios had been manufactured in China before elements were added in Russia, the defendants claimed.

    The current operations in Ukraine suggest that Russia does not have as many modern radios in service as it has claimed, and that it may not have adequately considered its communication needs for the range and scale of operations conducted.

    In addition, there is the question of Russian forces using their mobile phones to communicate. This is not unusual for modern warfare; accounts of Ukrainian soldiers doing the same are plentiful.

    It seems bizarre that units advancing into Ukraine during this dangerous phase of the operation would not be outfitted with the best equipment, including radios, that Russia’s defence industry has to offer

    Vulnerabilities
    One of the most striking images from Russia’s war in Ukraine so far has been the photograph of a civilian handheld radio. Although impossible to confirm, sources on social media said this radio had been captured by Ukrainian troops. Further inquiry hinted that the radio in question, a BaoFeng UV-82HP, had been purchased from suppliers in the People’s Republic of China. The radio uses V/UHF wavebands and lacks military-grade encryption. Why it was reportedly in the possession of Russian troops is unknown. However, this triggered immediate speculation on the health and performance of RuAF radio communications.

    Are new military radios being delivered to units in fits and starts, forcing them to improvise? Or worse, are these new military radios considered substandard? That troops may feel more confident using a cheap Chinese handheld radio would say much about the quality of Russian equipment.

    Important clues are emerging regarding RuAF communications, hinting at potentially serious weaknesses. Radios like the BaoFeng UV-82HP will be relatively easy for electronic warfare (EW) practitioners to exploit. Firstly, their lack of discernible military-grade COMSEC/TRANSEC means the radios should be relatively susceptible to straightforward jamming. Secondly, this lack of COMSEC/TRANSEC could make it easy to feed false or misleading traffic into networks depending on these radios. This could pay tactical dividends for the Ukrainians, allowing them to sow disorganisation, doubt and demoralisation into Russian units. It is highly likely these radios are being used for squad communications at the tactical edge by dismounted infantry.

    Once these transmissions are detected, COMINT systems could be used to follow the movement of the transmissions, and hence the movements of troops. Armed with this knowledge, Ukrainian forces could have a reasonable real-time picture of Russian dismounted troops moving within range of their COMINT equipment. This depends on those troops keeping their radios switched on and in regular use. Given the apparently lax communications discipline sources have said some Russian units have exhibited to date, this may well be the case. As noted above, open-source evidence also suggests that Russian troops are using mobile phones for tactical communications.

    While Ukrainian forces may be numerically inferior on the battlefield, they have an opportunity to be superior in the electromagnetic spectrum

    US sources expressed surprise after the invasion that Russian EW had not been more heavily employed.

    On paper, the RuAF can jam civilian V/UHF communications including two-way radios and mobile phone networks. The force’s RB-314V Leer-3 EW system deployed at the operational/tactical level can reportedly target mobile phone transmissions. V/UHF transmissions can also be targeted by the RP-377U/UA EW systems that the RuAF deploys at the tactical level

    The discernible lack of COMSEC/TRANSEC is mirrored in the HF domain. Unlike V/UHF, HF can perform beyond line-of-sight communications.

    The RuAF in general place a high premium on HF. It is a favourite mechanism for long-range trunk communications, having a similar importance to SATCOM in NATO forces. The RuAF do have access to domestic military-grade SATCOM. However, the preference for HF is said to be due to the fact that high frequency radio is difficult – although not impossible – to jam

    Online sources reveal not only that Russian military HF radio transmissions are relatively easy to find, but that they are made en clair without encryption. This appears seemingly oblivious to the danger that these transmissions may be intercepted and exploited for intelligence. This raises three possibilities. The first is that Russian military HF users may simply not care if eavesdropping takes place. The second possibility is that HF may be used to deliberately transmit false information; however, anecdotal evidence from the Ukraine theatre hints that intercepted traffic has correlated with Russian tactical actions. The third possibility is that the RuAF cannot encrypt their HF traffic.

    Either way, Russia military HF is out there in the spectrum. With the right HF COMINT/COMJAM equipment, it can be detected, intercepted and the source of transmissions determined. While HF jamming is difficult, it is not impossible. Much like V/UHF radio, Ukrainian EW cadres could exploit Russian HF nets and jam them to impede command and control, or use them as a conduit for false, misleading and demoralising traffic. Determining the location of HF transmission sources could also let Ukrainian forces determine the position of Russian units.

    With the possibility of the war moving into a prolonged insurgency should Russia complete its occupation, Ukraine should look at utilising volunteers with radio, telecommunications and broadcasting expertise and experience. These cadres can be rapidly trained in EW techniques and thrown into the electromagnetic battle. EW is unlikely to defeat the RuAF by itself. Nonetheless, it is a valuable centre of gravity that Ukrainian forces should continue to exploit as a means of attacking Russian battlefield cohesion.

    Reply
  12. Tomi Engdahl says:

    Pink Floyd osoittaa tukensa Ukrainalle uudella kappaleellaan – ensimmäinen julkaisu liki 30 vuoteen
    Pink Floyd on julkaissut uutta musiikkia, sitten vuoden 1994. Uusi Hey hey rise up -kappale on tehty tukemaan sodan keskellä olevaa Ukrainaa.
    https://www.iltalehti.fi/musiikki/a/c7fd3429-538c-4f4e-88ef-22e4515a5b18

    Pink Floyd – Hey Hey Rise Up (feat. Andriy Khlyvnyuk of Boombox)
    https://www.youtube.com/watch?v=saEpkcVi1d4

    Reply
  13. Tomi Engdahl says:

    Onko tässä ensimmäinen kuva Venäjän hyökkäyksestä Ukrainaan? Dramaattinen valvontakameramateriaali rajanylityspaikalta leviää
    https://www.mtvuutiset.fi/artikkeli/onko-tassa-ensimmainen-kuva-venajan-hyokkayksesta-ukrainaan-dramaattinen-valvontakameramateriaali-rajanylityspaikalta-leviaa/8388536

    Näyttää hyvin paljon rajanylityspaikalta – Kuvasarjan täyttä aitoutta ei voi kuitenkaan todistaa

    Reply
  14. Tomi Engdahl says:

    Sergiu Gatlan / BleepingComputer:
    Microsoft says it obtained a court order on April 6 to take control of seven domains and disrupt Russia-linked hacking group Strontium’s attacks against Ukraine — Microsoft has successfully disrupted attacks against Ukrainian targets coordinated by the Russian APT28 hacking group after taking …

    Microsoft takes down APT28 domains used in attacks against Ukraine
    https://www.bleepingcomputer.com/news/microsoft/microsoft-takes-down-apt28-domains-used-in-attacks-against-ukraine/

    Microsoft has successfully disrupted attacks against Ukrainian targets coordinated by the Russian APT28 hacking group after taking down seven domains used as attack infrastructure.

    Strontium (also tracked as Fancy Bear or APT28), linked to Russia’s military intelligence service GRU, used these domains to target multiple Ukrainian institutions, including media organizations.

    The domains were also used in attacks against US and EU government institutions and think tanks involved in foreign policy.

    “On Wednesday, April 6th, we obtained a court order authorizing us to take control of seven internet domains Strontium was using to conduct these attacks,” said Tom Burt, Corporate Vice President of Customer Security & Trust at Microsoft.

    “We have since re-directed these domains to a sinkhole controlled by Microsoft, enabling us to mitigate Strontium’s current use of these domains and enable victim notifications.

    Reply
  15. Tomi Engdahl says:

    Naomi Nix / Washington Post:
    Meta disrupts covert influence operations by Belarus- and Russia-linked actors targeting Ukrainians, like hacking Ukrainian military staff’s Facebook accounts
    https://www.washingtonpost.com/technology/2022/04/07/facebook-covert-influence-ukraine/

    Reply
  16. Tomi Engdahl says:

    Pink Floyd reunite for Ukraine protest song
    https://lm.facebook.com/l.php?u=https%3A%2F%2Fwww.bbc.co.uk%2Fnews%2Fentertainment-arts-61037080%3Fat_custom4%3DD1D430CC-B725-11EC-B36C-E95A0EDC252D%26at_campaign%3D64%26at_medium%3Dcustom7%26at_custom1%3D%255Bpost%2Btype%255D%26at_custom2%3Dfacebook_page%26at_custom3%3DBBC%2BNews&h=AT3Pk6-5py_EQJf4M9OHC-13ikzcLuGvxMmafa8Ho9zQMcniN40Yshi0SRCrySRg0Z1vPgsLFEi-kdwZaf66M41jAIz8bYVYqIdlqmoHWZbfHGnOJVL5JERWGor38t1fxQ7VaHeYqfLhrD962w

    Reply
  17. Tomi Engdahl says:

    Every russian soldier will bring a piece of Chornobyl home. No matter alive or dead, says German Galushchenko
    https://www.kmu.gov.ua/en/news/kozhen-rosijskij-soldat-priveze-chastinku-chornobilya-dodomu-zhivim-abo-mertvim-german-galushchenko

    Reply
  18. Tomi Engdahl says:

    Anonymous Publish 28 GB Data Dump Stolen From Russia Central Bank Detailing Secret Agreements and High Profile Client Information
    https://www.cpomagazine.com/cyber-security/anonymous-publish-28-gb-data-dump-stolen-from-russia-central-bank-detailing-secret-agreements-and-high-profile-client-information/

    Hacktivist group Anonymous claims to have hacked the Russia Central Bank and accessed 35,000 files promising a data dump within 48 hours. The anonymous hacker claims the documents contain “secret agreements” that would affect Russian politics.

    “The Central Bank of Russian Federation leak (28 GB) has been published by Anonymous,” the account tweeted.

    The group hacked the Central Bank of Russia in retaliation for the invasion of Ukraine, declaring cyber war on Vladimir Putin in a video released about a month ago.

    The hacktivist group shared links to the Russia Central Bank data dump, promising more download sources if the previous ones were blocked.

    Similarly, the non-profit group Distributed Denial of Secrets (DDoSecrets) announced it had archived the data dump on its website.

    Anonymous claims that the data dump contains economic secrets that would shake Russian politics if exposed. The data dump contains names of high-profile clients, internal communications, bank statements, invoices, and other documents. The records go back as far as 1999, according to cyber security experts who have waded through the data dump. The Russia Central Bank has not responded to multiple media requests for comments and neither confirmed nor denied the allegations.

    Reply
  19. Tomi Engdahl says:

    Reuters:
    YouTube blocks Duma TV, which broadcasts from Russia’s lower house of parliament; Russian officials warn that the site could face restrictions in response — YouTube has blocked Duma TV which broadcasts from Russia’s lower house of parliament, drawing an angry response from officials …

    https://www.reuters.com/world/europe/youtube-blocks-russian-parliament-channel-drawing-ire-officials-2022-04-09/

    Reply
  20. Tomi Engdahl says:

    Lawrence Abrams / BleepingComputer:
    Hacking group NB65 claims it altered Conti’s leaked ransomware to attack Russian entities, including space agency Roscosmos and TV and radio broadcaster VGTRK — A hacking group used the Conti’s leaked ransomware source code to create their own ransomware to use in cyberattacks against Russian organizations.

    Hackers use Conti’s leaked ransomware to attack Russian companies
    https://www.bleepingcomputer.com/news/security/hackers-use-contis-leaked-ransomware-to-attack-russian-companies/

    Reply
  21. Tomi Engdahl says:

    Hackers use Conti’s leaked ransomware to attack Russian companies https://www.bleepingcomputer.com/news/security/hackers-use-contis-leaked-ransomware-to-attack-russian-companies/
    A hacking group used the Conti’s leaked ransomware source code to create their own ransomware to use in cyberattacks against Russian organizations. [...] a hacking group known as NB65 now targeting Russian organizations with ransomware attacks.

    Reply
  22. Tomi Engdahl says:

    Microsoft rampautti Venäjän sotilas­tiedustelun verkko-operaation https://www.is.fi/digitoday/tietoturva/art-2000008743633.html

    Reply
  23. Tomi Engdahl says:

    Microsoft Disrupts Infrastructure Used by Russia’s Hackers in Ukraine Attacks
    https://www.securityweek.com/microsoft-disrupts-infrastructure-used-russias-hackers-ukraine-attacks

    Microsoft on Thursday said it has attempted to disrupt cyberattacks launched by the Russian government against Ukraine by seizing some of the domains leveraged by a notorious state-sponsored threat group.

    Microsoft said it seized seven domains used by the group known as Strontium, APT28, Fancy Bear, Pawn Storm, Sednit, and Tsar Team. The cyberespionage group, linked to Russia’s GRU military intelligence service, has conducted operations targeting many organizations around the world over the past years.

    The tech giant obtained a court order on April 6 that allowed it to sinkhole the domains, which had allegedly been used to target media and other organizations in Ukraine. Government institutions and think tanks in the US and the EU — particularly ones involved in foreign policy — were also targeted, the company said.

    https://blogs.microsoft.com/on-the-issues/2022/04/07/cyberattacks-ukraine-strontium-russia/

    Reply
  24. Tomi Engdahl says:

    Pranshu Verma / Washington Post:
    A look at an international group of 1,300 librarians, historians, teachers, and children using open-source tools and Slack to back up Ukraine’s digital archives — In early March, two weeks into Russia’s invasion of Ukraine, Carrie Pirmann stumbled upon a website dedicated to Ivan Mazepa …
    https://www.washingtonpost.com/technology/2022/04/08/ukraine-digital-history/

    Reply
  25. Tomi Engdahl says:

    Ukraine War: Russia warns Sweden and Finland against Nato membership
    https://www.bbc.com/news/world-europe-61066503

    Russia has warned Finland and Sweden against joining Nato, arguing the move would not bring stability to Europe.

    Kremlin spokesman Dmitry Peskov told reporters that “the alliance remains a tool geared towards confrontation”.

    It comes as US defence officials said Moscow’s invasion of Ukraine has been a “massive strategic blunder” which is likely to bring Nato enlargement.

    Reply
  26. Tomi Engdahl says:

    Elon Musk’s Starlink internet ‘likely to be attacked by Russian hackers’ seeking Ukraine military intel
    ‘If a state hacker wants to hack into a company, they’re probably going to do it’
    https://inews.co.uk/news/world/elon-musk-starlink-internet-vulnerable-hackers-seeking-ukraine-intel-1530370

    Ukrainians have downloaded Elon Musk’s Starlink, a satellite-based internet service, in their droves to stay online amid the conflict.

    But Starlink satellites, which are operated by SpaceX, are likely to be attacked by Russian cyber attacks seeking sensitive military intel, a cyber analyst has warned.

    “If a state hacker wants to hack into a company, they’re probably going to do it,” Hans Horan, a cyber analyst at intelligence consultancy Sibylline, said. “I think it’s best to assume Russian hackers are always probing systems.”

    Gaining access to the satellites could yield information that would be helpful to Moscow, such as which Western Governments are supporting Kyiv or weaknesses in Ukraine’s defence.

    Following Russia’s invasion of Ukraine, Mr Musk gave the country dozens of low-orbit satellites, part of a system designed to get underserved areas online.

    The arrival of Starlink allowed Ukraine to diversify its communications network and make it more difficult for Russia to completely shut it down – although Mr Musk warned the probability of Starlink being targeted was high given it “is the only non-Russian communications system still working in some parts of Ukraine”.

    He later said SpaceX had begun repriotising to “cyber defence [and] overcoming signal jamming”.

    Since the invasion, the Starlink app has become the most downloaded in Ukraine with 100,000 downloads.

    Parts of Ukraine’s infrastructure, such as telecommunications and government agencies, appear to be at least partially supported by Starlink, “meaning that any attacks against this system could present notable logistical concerns [and] constraints on Kyiv,” said Mr Horan.

    NOVA SCOTIA
    Why I’m Hacking SpaceX Starlink
    https://www.youtube.com/watch?v=56avlESqsGw

    What would it take to hack into SpaceX’s StarLink Constellation. See what’s involved and what I’m doing.

    Reply
  27. Tomi Engdahl says:

    Amid Russia-Ukraine War, Elon Musk Says ‘hackers Tried To Hack Starlink Internet System’
    Tesla chief Elon Musk said on Friday that since the start of the war in Ukraine, hackers have tried to hack into the global internet system.
    https://www.republicworld.com/world-news/russia-ukraine-crisis/amid-russia-ukraine-war-elon-musk-says-hackers-tried-to-hack-starlink-internet-system-articleshow.html

    Amid the ongoing Russia-Ukraine war, Tesla chief Elon Musk said on Friday that since the start of the war in Ukraine, hackers have tried to hack into the global internet system. Musk said that his satellite internet constellation has resisted all the hacking and jamming attacks.

    Elon Musk, the CEO of SpaceX, took to Twitter to address the hacking attacks on Starlink. Starlink is a satellite internet constellation operated by Musk’s SpaceX that provides satellite internet access coverage to several countries on Earth. Musk’s Starlink internet system aims to extend internet coverage to the whole world.

    Elon Musk tweeted, “Starlink, at least so far, has resisted all hacking and jamming attempts.”

    https://hackaday.com/tag/starlink/

    Reply
  28. Tomi Engdahl says:

    “Starlink has so far successfully resisted all hacking and jamming attempts,” Elon Musk on the situation in Ukraine
    https://digitnews.in/starlink-has-so-far-successfully-resisted-all-hacking-and-jamming-attempts-elon-musk-on-the-situation-in-ukraine/

    The founder of SpaceX and Tesla, Elon Musk, said that they are trying to hack and jam the Starlink satellite Internet system in Ukraine, but the hackers are not succeeding.

    “Starlink, at least so far, has successfully resisted all attempts of hacking and jamming,” Elon Musk said today on his Twitter page.

    Are Starlink satellites attractive to hackers?
    https://www.techerati.com/news-hub/are-starlink-satellites-attractive-to-hackers/

    Thanks to the launch of satellites by companies like SpaceX, countless innovations have been made possible. People will be able to access an Internet connection from virtually anywhere in the world, hard-to-reach environments can be monitored remotely and, most recently, internet access can be offered to residents in war-torn Ukraine.

    Earlier this year SpaceX became the operator of the world’s largest active satellite constellation, with more than 240 Starlink satellites in operation today and plans are in place to launch as much as 42,000. Despite these ambitious goals, concerns have been raised around the security of these satellites in recent years.

    As Starlink satellites were received by Ukraine in recent weeks, John Scott-Railton, a senior researcher at the University of Toronto’s Citizen Lab project, warned that these terminals may become Russian targets.

    “Re: @elonmusk’s starlink donation. Good to see. But remember: if #Putin controls the air above #Ukraine, users’ uplink transmissions become beacons … for airstrikes,” he tweeted.

    Scott-Railton points out that as these satellites require a clear view of the sky to work and are best placed on top of high buildings, they may become easy targets for Russia.

    In 2020, researchers at the University of Surrey published an article that identified major cyber security threats against future satellite control and communications systems. The main weakness the team found were around a lack of comprehensive security analysis of deployed systems and a ‘security-by-obscurity’ mentality.

    Reply
  29. Tomi Engdahl says:

    Hacking Russian sites, bringing Elon Musk’s Starlink to Ukraine: How software developers are fighting the war
    https://nationalpost.com/news/world/hacking-russian-sites-bringing-elon-musks-starlink-to-ukraine-how-software-developers-are-fighting-the-war

    Russians who go to Google to look up popular restaurants in Moscow might find pictures of destruction instead of photos of the restaurant

    Reply
  30. Tomi Engdahl says:

    Elon Musk warns Russia may now be SPYING on Starlink internet gifted to Ukraine – and urges ‘cautious use’
    https://www.thesun.co.uk/tech/17841075/elon-musk-starlink-satellites-russia-spying-ukraine/

    ELON Musk has warned Ukrainians using his emergency satellite internet that there is a “high” chance Russia will try to spy on them.

    The billionaire donated a truck load of dishes to the war-torn country, which has seen its communications battered by Russian forces.

    But the Starlink owner has alerted Ukraine to “use with caution”.

    “Important warning,” he tweeted.

    “Starlink is the only non-Russian communications system still working in some parts of Ukraine, so probability of being targeted is high.”

    Starlink uses thousands of satellites in space to beam internet back down to Earth, instead of traditional cables on the ground.

    Mr Musk offered to help after receiving a desperate plea from Ukraine’s deputy prime minister.

    Reply
  31. Tomi Engdahl says:

    “Solar panels + battery pack better than generator, as no heat signature or smoke & doesn’t run out of fuel,” he said.

    But the SpaceX founder urged people to only turn on Starlink when needed and to place dishes “as far away from people as possible”.

    “Place light camouflage over antenna to avoid visual detection,” he added.

    https://www.thesun.co.uk/tech/17841075/elon-musk-starlink-satellites-russia-spying-ukraine/

    Reply
  32. Tomi Engdahl says:

    Russian hackers try to attack Starlink satellite terminals in Ukraine
    On Mar 26, 2022 09:32 38 0
    https://sundries.com.ua/en/russian-hackers-try-to-attack-starlink-satellite-terminals-in-ukraine/

    According to media reports, Russian hackers attempted to attack Ukrainian communication systems. Elon Musk said that the Starlink satellite terminals that he handed over to Ukraine were also attacked.

    Reply
  33. Tomi Engdahl says:

    Hacking the Rectangular Starlink Dishy Cable
    https://gist.github.com/darconeous/8c7899c4d2f849b881d6c43be55066ee

    In general, if you can get away with using the original 75′ cable (or the official 150′ long replacement cable), then that is ultimately preferable to doing any of this stuff. If you don’t already know why you would want to do this then you definitely shouldn’t do it. If you run into trouble, the first thing Starlink Support is going to ask is if the cable between your dishy and router has any modifications, and for good reason.

    Power

    Despite the connectors being proprietary, the underlying technology connecting the router and the rectangular dishy is gigabit ethernet with non-standard PoE(The orange and green pairs are positive, the blue and brown pairs are negative). The cable itself is plain stranded STP CAT5e, suitable for outdoor use. The router acts as a 48V, 2A PoE power supply, so 96 watts are available at the port the router.

    Stick with the original router (and possibly the ethernet port dongle) unless you have a good reason to try something else. You cannot power dishy with a standard PoE injector, but if you are enterprising enough you can rearrange the wires (swap blue/green, terminate as Type-B) going into and out-of a passive 4-pair PoE Injector and get it working with a sufficiently large 48V or 52V DC power supply.

    Note that most 48V 2A power supplies on Amazon are insufficient! I recommend this 52V power supply, as I have confirmed that it works and I am using it on my own 200+ft run.

    Resistance

    Resistance is the primary limiting factor you will run into. As you increase the length of the cable and add additional terminations/connectors, resistance increases. If the resistance is too high, the voltage at the dishy will (perhaps only occasionally) drop too low, causing it to spuriously reboot or not boot at all.

    The exact maximum round-trip power resistance that the cable can have before Dishy’s stability suffers isn’t immediately clear, but 1.8Ω round-trip (~88 watts available for Dishy) appears to be stable while 2.5Ω round-trip is just barely unstable.

    If you cannot easily measure resistance, you will need to be as conservative as possible:

    Keep the length of your entire run as short as possible and your connectors as few as possible. Continuous runs are almost always preferable to runs with connectors.
    Use outdoor-rated cable for outdoor runs. If riser cable is all you have, paint it.
    Don’t directly bury the cable unless it is rated for direct burial. Otherwise, water intrusion will eventually make your connection unreliable. The original cable is NOT rated for direct burial.
    Use 23AWG (or larger) CAT6/CAT6A cable, which will contribute around 0.03Ω/meter for a continuous run.
    The original cable was only 24AWG, so if you are using 23AWG cable then the less length you use from the original cable the better.
    It would appear that connectors will each contribute ~0.02-0.1Ω to the round-trip resistance, but more research is required.
    Avoid unnecessary use of patch panels, they introduce additional connectors and add resistance.
    150′ is likely the most distance you are going to get without changing your approach (like splitting out the power into larger guage wires, etc), but if you use a specialty low-resistance cable (like this) then you might be able to almost double that with some careful terminations.
    Once you get everything set up, try turning on snow pre-heat mode:
    If you can run a few speed tests in a row without problems, then you are likely golden.
    If your dishy reboots (either immediately or after running a few speed tests), your cable resistance is too high.

    For longer runs you may need to use a power supply with a larger voltage. I can confirm that the rectangular dishy works fine on 52V.

    Grounding

    With a longer run, proper grounding and surge protection becomes more important. Dishy must be grounded in some way. With the unmodified original cable, that grounding comes from the router. Since we are cutting that wire, we need to make sure that we provide that grounding.

    Reply
  34. Tomi Engdahl says:

    Ukraine now faces cyber threats through Telegram messages https://www.cybersecurity-insiders.com/ukraine-now-faces-cyber-threats-through-telegram-messages/
    For the past three days, a group of government officials from Ukraine are getting telegram alerts urging them to look at the security of their respective accounts, as some unlawful login into their accounts was being noticed by Russia.. The cybercriminals further coaxed the SMS to refer to click on the embedded link to key in critical information. And once done, the account ownership goes into the hands of the criminals who later can use it for malevolent purposes.

    Reply
  35. Tomi Engdahl says:

    Osa venäläisten “huipputekniikasta” on paljastunut sodan myötä jeesusteipillä kasassa pysyviksi virityksiksi. Tässä hauskalla videolla ukrainalainen sotilas purkaa venäläisen Orlan-10 tiedusteludronen. Sisältä löytyy mm. muovipullo korkkeineen ja Canonin aloittelijatason EOS 750D järjestelmäkamera ja japanilainen 1 × Saito FA-62B moottori.

    Näitä tiedusteludroneja on Wikipedian mukaan valmistettu yli 1000 kpl ja hinta on n. $87,000 – $120,000. Niiden operointiin tarvitaan 3 miestä ja sinällään alkeellisesta designista huolimatta nämä voivat täyttää tehtävänsä eli antaa sitä tarpeellista tiedustelutietoa.

    https://en.m.wikipedia.org/wiki/Orlan-10

    Ukrainian soldier dismantled the Russian Orlan drone, debunking the Russian drone myth.
    https://mobile.twitter.com/Ninja998998/status/1513420781073489922

    Reply
  36. Tomi Engdahl says:

    https://www.uusiteknologia.fi/2022/04/12/nokia-vetaytyy-ericssonin-tavoin-venajalta/

    Reply
  37. Tomi Engdahl says:

    https://www.lightreading.com/5g/russian-telcos-left-with-huawei-as-ericsson-and-nokia-down-tools/d/d-id/775746

    Reply
  38. Tomi Engdahl says:

    https://www.theregister.com/2022/03/28/ashley_yablon_zte_whistleblower_interview/

    Reply
  39. Tomi Engdahl says:

    https://arstechnica.com/tech-policy/2022/04/huawei-faces-dilemma-over-russia-links-that-risk-further-us-sanctions/?amp=1

    Reply
  40. Tomi Engdahl says:

    Näin Venäjä voisi uhata Natoon pyrkivää Suomea – Pekka Toveri arvioi mahdollisia seurauksia
    Kenraalimajuri Pekka Toverin mukaan Venäjän kyky on kuitenkin pahasti heikentynyt Ukrainan tappioista.
    https://www.is.fi/kotimaa/art-2000008739557.html

    Uhataanko Suomea kohta? Venäjällä voisi olla mahdollisuuksia heittäytyä hankalaksi maalla, merellä ja ilmassa. Ukrainan sota on kuitenkin syönyt sen voimia.

    Todennäköisyys sille, että Suomi jättää Nato-hakemuksen kasvaa koko ajan. Ukrainan hirvittävät tapahtumat ovat kääntäneet kansan mieltä. Hallitus antaa tällä viikolla eduskunnalle selonteon turvallisuusympäristön muutoksesta.

    Reply
  41. Tomi Engdahl says:

    Video väittää: Venäjä tuo Suomen rajalle puolustusjärjestelmän – voi liittyä uhkailukampanjaan
    Sosiaalisessa mediassa leviää video, jossa venäläinen rannikkopuolustusjärjestelmä lähestyy Suomen rajaa kahden sotilasajoneuvon kuljettamana. Pekka Toverin mukaan vastaavia videoita voi tulla Nato-keskustelujen edetessä vielä lisää.
    https://www.iltalehti.fi/ulkomaat/a/2dd0d343-a2fb-4326-91c6-59b6d2c0283d

    Reply
  42. Tomi Engdahl says:

    Nämä luvut selittävät suomalaisten Nato-intoa – valtaosa pitää Venäjää merkittävänä sotilaallisena uhkana
    Suomalaisten käsitykset Venäjästä ovat synkkiä Evan tuoreessa arvo- ja asennetutkimuksessa.
    https://www.iltalehti.fi/kotimaa/a/8a84c211-b52e-4b65-866a-cd728da0cd0e

    84 prosenttia suomalaisista pitää Venäjää merkittävänä sotilaallisena uhkana.

    Tämä käy ilmi Elinkeinoelämän valtuuskunnan Evan tiistaina julkaisemasta arvo- ja asennetutkimuksesta, jossa selvitettiin suomalaisten suhtautumista Venäjään.

    Venäjää uhkana pitävien osuus on kasvanut vuodessa 25 prosenttiyksikköä.

    Suomalaisten käsitykset itänaapurista ovat kyselytutkimuksen mukaan muutenkin valtaosin synkkiä.

    Venäjää pitää epävakaana ja arvaamattomana 94 prosenttia ja laajentumishaluisena suurvaltana 92 prosenttia vastaajista.

    Epäluotettavana sopimuskumppanina Venäjää pitää puolestaan 74 prosenttia vastaajista, kun vielä vuosi sitten osuus oli 34 prosenttiyksikköä pienempi.

    – Suomalaisten näkemykset Venäjästä ovat hyvin synkkiä. Ne myös selittävät sitä, miksi suomalaisten selvä enemmistö on kääntynyt kannattamaan Nato-jäsenyyttä. Suomalaisten mielestä Venäjän ongelma ei kuitenkaan ole sen kansa, vaan maan johto. Selvä enemmistö pitää venäläisiä ihmisinä miellyttävinä ja arvostaa venäläistä kulttuuria, kommentoi Evan tutkimuspäällikkö Ilkka Haavisto tiedotteessa.

    https://www.eva.fi/blog/2022/04/12/suomalaiset-arvostavat-venalaisia-mutta-pitavat-venajaa-sotilaallisena-uhkana/

    Reply
  43. Tomi Engdahl says:

    Suomalaiset arvostavat venäläisiä, mutta pitävät Venäjää sotilaallisena uhkana
    https://www.eva.fi/blog/2022/04/12/suomalaiset-arvostavat-venalaisia-mutta-pitavat-venajaa-sotilaallisena-uhkana/

    Venäjän hyökkäys Ukrainaan on tehnyt Venäjästä suomalaisten silmissä epäluotettavan naapurin. Suomalaiset suhtautuvat naapuriinsa nyt voimakkaan kielteisesti ja pitävät Venäjää yksiselitteisen uhkaavana ja arvaamattomana diktatuurina. Synkästä kehityksestä ei kuitenkaan haluta syyttää tavallisia venäläisiä, joita kohtaan suomalaisten suhtautuminen on säilynyt arvostavana, käy ilmi EVAn Arvo- ja asennetutkimuksesta.

    Reply
  44. Tomi Engdahl says:

    Ukrainalaisviranomaiset: Venäjä yritti katkaista maasta sähköt massiivisella kyberiskulla https://www.is.fi/digitoday/art-2000008748186.html

    Reply
  45. Tomi Engdahl says:

    Jooga matot lämpökamerasuojina

    https://www.talouselama.fi/uutiset/te/b9f3be15-97db-4907-a545-d8d0f291f93b?utm_medium=Social&utm_source=Facebook#Echobox=1649660807

    Reply
  46. Tomi Engdahl says:

    https://www2.helsinki.fi/fi/uutiset/talous-yhteiskunta/veli-pekka-tynkkysen-venaja-energiavalta-teos-selvittaa-kuinka-oljy-ja-kaasu-kytkeytyvat-venajalla-yhteen-vakivallan-kanssa?utm_source=facebook&utm_medium=social_owned&utm_campaign=ilmasto&fbclid=IwAR0V9_12DhixyCd5unSehr_CXkmYD6-FWBo8ixL4AA2mGJEd5woNqs8qS-c

    Reply
  47. Tomi Engdahl says:

    Sandworm hackers fail to take down Ukrainian energy provider
    https://www.bleepingcomputer.com/news/security/sandworm-hackers-fail-to-take-down-ukrainian-energy-provider/

    The Russian state-sponsored hacking group known as Sandworm tried on Friday to take down a large Ukrainian energy provider by disconnecting its electrical substations with a new variant of the Industroyer malware for industrial control systems (ICS) and a new version of the CaddyWiper data destruction malware.

    The threat actor used a version of the Industroyer ICS malware customized for the target high-voltage electrical substations and then tried to erase the traces of the attack by executing CaddyWiper and other data-wiping malware families tracked as Orcshred, Soloshred, and Awfulshred for Linux and Solaris systems.

    In an announcement today, CERT-UA notes that the threat actor’s goal was “decommissioning of several infrastructural elements.”

    The ICS malware used in the attack is now tracked as Industroyer2 and ESET assesses “whith high confidence” that it was built using the source code of Industroyer used in 2016 to cut the power in Ukraine and attributed to the state-sponsored Russian hacking group Sandworm.

    CERT-UA says that “the implementation of [Sandworm's] malicious plan has so far been prevented” while ESET notes in a technical report on the malware used in this attack that “Sandworm attackers made an attempt to deploy the Industroyer2 malware against high-voltage electrical substations in Ukraine.”

    ESET researchers say that Industroyer2 is highly configurable and comes with hardcoded detailed configuration, which requires it to be recompiled for each new victim environment.

    Reply
  48. Tomi Engdahl says:

    Ilmastointiteippiä, vesipullo ja kuluttajatason järjestelmäkamera. Niistä on Orlan-10-drooni tehty. Mutta sitä ei kannata aliarvioida.

    Tämä drooni on avain Venäjän tarkkaan tykistötuleen – Ukraina sai haltuunsa niistä yhden ja paljasti ”modernin” Orlan-10:n kotikutoiset salaisuudet
    https://tekniikanmaailma.fi/tama-drooni-on-avain-venajan-tarkkaan-tykistotuleen-ukraina-sai-haltuunsa-niista-yhden-ja-paljasti-modernin-orlan-10n-kotikutoiset-salaisuudet/?utm_medium=Social&utm_source=Facebook#Echobox=1649759472

    Venäjän hyökkäyssota Ukrainaan on paljastanut selkeän eron Venäjän esittelemässä edistyksellisessä sotakalustossa ja siinä, minkälaista kalustoa se käyttää taistelukentällä. Ukrainan sodan aikana ovat ihmetyttäneet erityisesti Venäjän ajoneuvojen ”amatöörimäinen” naamiointi ja improvisoidut panssaroinnit. Nyt venäläisestä kotikutoisuudesta on taas saatu uusi esimerkki, kun ukrainalaiset ovat esitelleet sosiaalisessa mediassa alas ammutun Orlan-10-droonin tekniikkaa.

    Orlan-10 on vuonna 2010 esitelty modulaarinen tiedusteludrooni, jota Venäjä on käyttänyt Ukrainassa tykistötulen kohdistamiseen.

    Ukrainan puolustusministeriön sunnuntaina jakamassa videossa ukrainalaissotilas esittelee alas ammutun Orlan-10-droonin tekniikkaa, joka on ”moderniksi” drooniksi huomattavan yksinkertaista. Erikoisvalmisteisen kamerajärjestelmän sijaan droonin pääkamerana on kuluttajakäyttöön suunniteltu Canon DSLR -järjestelmäkamera, joka on kiinnitetty droonin koteloon tarranauhalla. Kameran valitsin on liimattu haluttuun asentoon, ettei kuvaustila vahingossa muutu lennon aikana.

    Tavanomaisen kameran lisäksi puretussa droonissa on lämpökamera ja toissijainen kamera. Orlan-10-drooneissa on usein myös videokamera sekä radiolähetin ja -vastaanotin, Business Insider kirjoittaa.

    Droonissa on sitä esittelevän sotilaan mukaan myös ”tekninen oikotie”, jota ilman yksikään moderni venäläinen asejärjestelmä ei voi toimia: muovipullo. Droonin polttoainetankkina – tai ainakin sen korkkina – on siis aivan tavallinen vesipullo.

    https://www.businessinsider.com/video-ukraine-soldier-disassembles-russian-drone-reveals-unsopisticated-handiwork-2022-4?r=US&IR=T

    Reply
  49. Tomi Engdahl says:

    https://blog.malwarebytes.com/ransomware/2022/04/conti-ransomware-offshoot-targets-russian-organizations/

    Reply
  50. Tomi Engdahl says:

    https://www.verkkouutiset.fi/a/ukrainaan-vieva-rautatie-tuhottiin-venajan-puolella/#3a6f9f42

    https://www.opendemocracy.net/en/odr/why-belarus-is-yet-to-join-russias-invasion-of-ukraine/
    Belarus’ underground resistance campaign is disrupting Russian military transports – and preventing Lukashenka from joining the invasion of Ukraine directly

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*