Ukraine and Russia seems to be at the moments on both traditional and cyber war. We could call that hybrid warfare. We are at a cyber war. Countless examples exist of damage to infrastructure from hostile acts via computer attacks. Russia’s invasion of Ukraine has been a hybrid war from the start, a mix of conventional military strategy — traditional “boots on the ground” — and a slightly more unconventional, digital or cyberwar. On the morning of February 22, 2022, the world woke to the news that Russia had moved troops into two separatist regions of eastern Ukraine. Russia started to conduct attacks to Ukraine on February 24. Before physical attacks Russia did several cyber attacks towards IT systems in Ukraine.
Here are links to some material on the cyber side of this war:
How the Eastern Europe Conflict Has Polarized Cyberspace
https://blog.checkpoint.com/2022/02/27/how-the-eastern-europe-conflict-polarized-cyberspace/
The war between Russia and Ukraine is advancing. People everywhere are deciding who they will support. The same dynamic happens in the cyberspace. Hacktivists, cybercriminals, white hat researchers or even technology companies are picking a clear side, emboldened to act on behalf of their choices. Historically, Russia has had superiority over Ukraine in the cyberspace. And last week, Ukraine was attacked by destructive wiping malware. However, the situation is starting to change, as most of the non-nation cyber state actors are taking the side of Ukraine. To defend itself, the Ukrainian government has created an international IT army of hacktivists.
As war escalates in Europe, it’s ‘shields up’ for the cybersecurity industry
https://techcrunch.com/2022/03/02/as-war-escalates-in-europe-its-shields-up-for-the-cybersecurity-industry/
In unprecedented times, even government bureaucracy moves quickly. As a result of the heightened likelihood of cyberthreat from Russian malactor groups, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) — part of the Department of Homeland Security — issued an unprecedented warning recommending that “all organizations — regardless of size — adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.”
Digital technology and the war in Ukraine
https://blogs.microsoft.com/on-the-issues/2022/02/28/ukraine-russia-digital-war-cyberattacks/
All of us who work at Microsoft are following closely the tragic, unlawful and unjustified invasion of Ukraine. This has become both a kinetic and digital war, with horrifying images from across Ukraine as well as less visible cyberattacks on computer networks and internet-based disinformation campaigns. We are fielding a growing number of inquiries about these aspects and our work, and therefore we are putting in one place a short summary about them in this blog. This includes four areas: protecting Ukraine from cyberattacks; protection from state-sponsored disinformation campaigns; support for humanitarian assistance; and the protection of our employees.. Also:
https://threatpost.com/microsoft-ukraine-foxblade-trojan-hours-before-russian-invasion/178702/
Ukraine: Cyberwar creates chaos, ‘it won’t win the war’
https://www.dw.com/en/ukraine-cyberwar-creates-chaos-it-wont-win-the-war/a-60999197
There have been at least 150 cyberattacks in Ukraine since Russia’s invasion. Their effect is mainly psychological, and experts say they won’t decide the war.
Russia’s invasion of Ukraine has been a hybrid war from the start, a mix of conventional military strategy — traditional “boots on the ground” — and a slightly more unconventional, digital or cyberwar.
The global technology company Microsoft has said its Threat Intelligence Center (MSTIC) detected “destructive cyberattacks directed against Ukraine’s digital infrastructure” hours before the first launch of missiles or movement of tanks on February 24.
Those attacks, which Microsoft dubbed FoxBlade, included so-called wipers — malicious software or malware — that make their way inside computer networks and literally wipe the data from all connected devices.
Cybersecurity experts in Germany have said there have been over a hundred cyberattacks, in various forms, since then. But their effect has mainly been psychological.
Why Russia Hasn’t Launched Major Cyber Attacks Since the Invasion of Ukraine
https://time.com/6153902/russia-major-cyber-attacks-invasion-ukraine/
In the relatively short and rapidly evolving history of cyber conflict, perhaps nothing has been established with greater certainty and more widely accepted than the idea that Russia has significant cyber capabilities and isn’t afraid to use them—especially on Ukraine. In 2015, Russian government hackers breached the Ukrainian power grid, leading to widespread outages. In 2017, Russia deployed the notorious NotPetya malware via Ukrainian accounting software and the virus quickly spread across the globe costing businesses billions of dollars in damage and disruption.
As tensions escalated between Russia and Ukraine, many people were expecting the conflict to have significant cyber components.
But as the invasion continues with few signs of any sophisticated cyber conflict, it seems less and less likely that Russia has significant cyber capabilities in reserve, ready to deploy if needed. Instead, it begins to look like Russia’s much vaunted cyber capabilities have been neglected in recent years, in favor of developing less expensive, less effective cyber weapons that cause less widespread damage and are considerably easier to contain and defend against. For instance, many of the cyberattacks directed at Ukraine in the past month have been relatively basic distributed denial-of-service attacks.
Given Russia’s past willingness to deploy cyberattacks with far-reaching, devastating consequences, it would be a mistake to count out their cyber capabilities just because they have so far proven unimpressive. And it’s all but impossible to prove the absence of cyber weapons in a nation’s arsenal. But the longer the conflict goes on without any signs of sophisticated cyber sabotage, the more plausible it becomes that the once formidable Russian hackers are no longer playing a central role in the country’s military operations.
Crowd-sourced attacks present new risk of crisis escalation
https://blog.talosintelligence.com/2022/03/ukraine-update.html
An unpredictable and largely unknown set of actors present a threat to organizations, despite their sometimes unsophisticated techniques.
Customers who are typically focused on top-tier, state-sponsored attacks should remain aware of these highly motivated threat actors, as well. Misattribution of these actors carries the risk of nations escalating an already dangerous conflict in Ukraine. Based on data from our fellow researchers at Cisco Kenna, customers should be most concerned about threat actors exploiting several recently disclosed vulnerabilities, highlighting the importance of consistently updating software and related systems.
Russia, Ukraine and the Danger of a Global Cyberwar
https://www.securityweek.com/russia-ukraine-and-danger-global-cyberwar
On the morning of February 22, 2022, the world woke to the news that Russia had moved troops into two separatist regions of eastern Ukraine. At the time of writing, it is not yet a full invasion of Ukraine, but Russia did conduct attacks on February 24, hitting cities with airstrikes and artillery in what was called a “special military operation” by Russian President Vladamir Putin.
Russia has been waging its own cyberwar against Ukraine for many years.
Since the beginning of 2022, however, it seems that Russian cyber activity against Ukraine has increased. This includes evidence that wiper malware has again disrupted some Ukrainian government networks, and attacks from the FSB-linked Gamaredon have targeted around 5,000 entities, including critical infrastructure and government departments. So far, however, there has not been the same scale of disruption as occurred in 2015, 2016 and 2017.
The purpose of such cyber activity is to weaken critical infrastructure, damage government’s ability to respond to any aggression, and to demoralize the population.
The U.S. has been warning the rest of the world against a potential widening scope of Russian cyber activity, and that cyber defenses generally should be tightened.
“Part of the worry,” said Willett, “is that cyberattacks against Ukraine might bleed over, like NotPetya, to affect other countries and cause wider damage unintentionally. There is some concern that the Russians may intentionally do stuff more widely, but that would probably be in retaliation for something that the U.S. or NATO might do.
This raises the whole question of ‘attribution’. The received belief is it is impossible to do accurate cyber attribution. ““It would be a mistake for any one nation to think it could attack another without being known,” said Willett.That is absolutely wrong,” said Willett.
But accidents happen. The two iconic cyberweapons have been Stuxnet and NotPetya. It is assumed that the U.S. developed Stuxnet (although this has never been admitted). NotPetya has been confidently attributed to the Russian government. Both malwares escaped from their assumed targets into the wider world. This was probably accidental – but similar accidents could lead to wider implications during a period of global geopolitical tension.
On the morning of February 24, 2022, Russian troops invaded Ukraine. This was accompanied by a further increase in cyber activity.
Ukraine Digital Army Brews Cyberattacks, Intel and Infowar
https://www.securityweek.com/ukraine-digital-army-brews-cyberattacks-intel-and-infowar
Formed in a fury to counter Russia’s blitzkrieg attack, Ukraine’s hundreds-strong volunteer “hacker” corps is much more than a paramilitary cyberattack force in Europe’s first major war of the internet age. It is crucial to information combat and to crowdsourcing intelligence.
Inventions of the volunteer hackers range from software tools that let smartphone and computer owners anywhere participate in distributed denial-of-service attacks on official Russian websites to bots on the Telegram messaging platform that block disinformation, let people report Russian troop locations and offer instructions on assembling Molotov cocktails and basic first aid.
The movement is global, drawing on IT professionals in the Ukrainian diaspora whose handiwork includes web defacements with antiwar messaging and graphic images of death and destruction in the hopes of mobilizing Russians against the invasion.
The cyber volunteers’ effectiveness is difficult to gauge. Russian government websites have been repeatedly knocked offline, if briefly, by the DDoS attacks, but generally weather them with countermeasures.
It’s impossible to say how much of the disruption — including more damaging hacks — is caused by freelancers working independently of but in solidarity with Ukrainian hackers.
A tool called “Liberator” lets anyone in the world with a digital device become part of a DDoS attack network, or botnet. The tool’s programmers code in new targets as priorities change.
Ukraine Cyber Official: We Only Attack Military Targets
https://www.securityweek.com/ukraine-cyber-official-we-only-attack-military-targets
A top Ukrainian cybersecurity official said Friday a volunteer army of hundreds of hackers enlisted to fight Russia in cyberspace is attacking only what it deems military targets, prioritizing government services including the financial sector, Kremlin-controlled media and railways.
Victor Zhora, deputy chair of the state special communications service, also said that there had been about 10 hostile hijackings of local government websites in Ukraine to spread false text propaganda saying his government had capitulated. He said most of Ukraine’s telecommunications and internet were fully operational.
Zhora told reporters in a teleconference that presumed Russian hackers continued to try to spread destructive malware in targeted email attacks on Ukrainian officials and — in what he considers a new tactic — trying to infect the devices of individual citizens.
Army of Cyber Hackers Rise Up to Back Ukraine
https://www.securityweek.com/army-cyber-hackers-rise-back-ukraine
An army of volunteer hackers is rising up in cyberspace to defend Ukraine, though internet specialists are calling on geeks and other “hacktivists” to stay out of a potentially very dangerous computer war.
According to Livia Tibirna, an analyst at cyber security firm Sekoia, nearly 260,000 people have joined the “IT Army” of volunteer hackers, which was set up at the initiative of Ukraine’s digital minister Mykhailo Fedorov.
The group, which can be accessed via the encrypted messaging service Telegram, has a list of potential targets in Russia, companies and institutions, for the hackers to target.
It’s difficult to judge the effect the cyber-army is having.
Russia Releases List of IPs, Domains Attacking Its Infrastructure with DDoS Attacks
https://thehackernews.com/2022/03/russia-releases-list-of-ips-domains.html
Russia Blocks Access to Facebook Over War
https://www.securityweek.com/russia-blocks-access-facebook-over-war
Russia’s state communications watchdog has ordered to completely block access to Facebook in Russia amid the tensions over the war in Ukraine.
The agency, Roskomnadzor, said Friday it decided to cut access to Facebook over its alleged “discrimination” of the Russian media and state information resources. It said the restrictions introduced by Facebook owner Meta on the RT and other state-controlled media violate the Russian law.
Cyberattack Knocks Thousands Offline in Europe
https://www.securityweek.com/cyberattack-knocks-thousands-offline-europe
Thousands of internet users across Europe have been thrown offline after what sources said Friday was a likely cyberattack at the beginning of Russia’s offensive in Ukraine.
According to Orange, “nearly 9,000 subscribers” of a satellite internet service provided by its subsidiary Nordnet in France are without internet following a “cyber event” on February 24 at Viasat, a US satellite operator of which it is a client.
Eutelsat, the parent company of the bigblu satellite internet service, also confirmed to AFP on Friday that around one-third of bigblu’s 40,000 subscribers in Europe, in Germany, France, Hungary, Greece, Italy and Poland, were affected by the outage on Viasat.
In the US, Viasat said on Wednesday that a “cyber event” had caused a “partial network outage” for customers “in Ukraine and elsewhere” in Europe who rely on its KA-SAT satellite.
Viasat gave no further details, saying only that “police and state partners” had been notified and were “assisting” with investigations.
General Michel Friedling, head of France’s Space Command said there had been a cyberattack.
Cybercriminals Seek to Profit From Russia-Ukraine Conflict
https://www.securityweek.com/cybercriminals-seek-profit-russia-ukraine-conflict
Dark web threat actors are looking to take advantage of the tensions between Russia and Ukraine, offering network access and databases that could be relevant to those involved in the conflict, according to a new report from Accenture.
Since mid-January, cybercriminals have started to advertise compromised assets relevant to the Russia-Ukraine conflict, and they are expected to increase their offering of databases and network access, with potentially crippling effects for the targeted organizations.
Just over a month ago, soon after the destructive WhisperGate attacks on multiple government, IT, and non-profit organizations in Ukraine, threat actors started to advertise on the dark web access to both breached networks and databases that allegedly contained personally identifiable information (PII).
Amid Russian invasion, Ukraine granted formal role with NATO cyber hub https://therecord.media/amid-russian-invasion-ukraine-granted-formal-role-with-nato-cyber-hub/
Ukraine was granted the formal role of “contributing participant” to the hub, known as the Cooperative Cyber Defence Centre of Excellence (CCDCOE), by its 27-member steering committee, the organization announced. “Ukraine’s presence in the Centre will enhance the exchange of cyber expertise, between Ukraine and CCDCOE member nations, ” Col.
Jaak Tarien, the institution’s director, said in a statement.
This Ukrainian cyber firm is offering hackers bounties for taking down Russian sites https://therecord.media/this-ukrainian-cyber-firm-is-offering-hackers-bounties-for-taking-down-russian-sites/
In the days following Russia’s invasion of Ukraine, dozens of hacking groups have taken sides in the conflict, launching attacks on various organizations and government institutions. Cyber Unit Technologies, a Kyiv-based cybersecurity startup, has been particularly outspoken on Tuesday, the company started a campaign to reward hackers for taking down Russian websites and pledged an initial $100, 000 to the program.
High Above Ukraine, Satellites Get Embroiled in the War
https://www.wired.com/story/ukraine-russia-satellites/
While the Russian invasion rages on the ground, companies that operate data-collecting satellites find themselves in an awkward position.
Some researchers are worried that the reliance on satellite imagery has given too much power to the companies that control this technology. “There’s companies like Maxar and Planet that are privately owned and they have the final say on whether or not they want to share the information, ” says Anuradha Damale. The role of private companies in conflicts such as Ukraine means commercial satellites could become targets. In the days before Russia invaded, US space officials warned satellite companies that the conflict could extend into space.
CISA Releases Advisory on Destructive Malware Targeting Organizations in Ukraine https://www.cisa.gov/uscert/ncas/current-activity/2022/02/26/cisa-releases-advisory-destructive-malware-targeting-organizations
CISA and the Federal Bureau of Investigation have released an advisory on destructive malware targeting organizations in Ukraine. The advisory also provides recommendations and strategies to prepare for and respond to destructive malware. Additionally, CISA has created a new Shields Up Technical Guidance webpage that details other malicious cyber activity affecting Ukraine. The webpage includes technical resources from partners to assist organizations against these threats.
Alert: https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
US firms should be wary of destructive malware unleashed on Ukraine, FBI and CISA warn – CNNPolitics
https://www.cnn.com/2022/02/26/politics/ukraine-malware-warning-cybersecurity-fbi-cisa/index.html
EU Activates Cyber Rapid Response Team Amid Ukraine Crisis
https://www.bankinfosecurity.com/eu-activates-cyber-rapid-response-team-amid-ukraine-crisis-a-18584
Amid rapid escalation in the Russia-Ukraine conflict derived from historical grievances and qualms with Ukraine’s plan to join the military alliance NATO, the world’s network defenders remain on high alert. And on Tuesday, the European Union confirmed that it will activate its elite cybersecurity team to assist Ukrainians if Russian cyberattacks occur.
UK alludes to retaliatory cyber-attacks on Russia
https://therecord.media/uk-alludes-to-retaliatory-cyber-attacks-on-russia/
The UK government alluded yesterday that it might launch offensive cyber operations against Russia if the Kremlin attacks UK computer systems after an invasion of Ukraine.
Amazon: Charities, aid orgs in Ukraine attacked with malware
https://www.bleepingcomputer.com/news/security/amazon-charities-aid-orgs-in-ukraine-attacked-with-malware/
Charities and non-governmental organizations (NGOs) providing critical support in Ukraine are targeted in malware attacks aiming to disrupt their operations and relief efforts seeking to assist those affected by Russia’s war. Amazon has detected these attacks while working with the employees of NGOs, charities, and aid organizations, including UNICEF, UNHCR, World Food Program, Red Cross, Polska Akcja Humanitarna, and Save the Children.
Ransomware Used as Decoy in Destructive Cyberattacks on Ukraine
https://www.securityweek.com/ransomware-used-decoy-destructive-cyberattacks-ukraine
Destructive ‘HermeticWiper’ Malware Targets Computers in Ukraine
https://www.securityweek.com/destructive-hermeticwiper-malware-targets-computers-ukraine
Just as Russia was preparing to launch an invasion of Ukraine, Ukrainian government websites were disrupted by DDoS attacks and cybersecurity firms reported seeing what appeared to be a new piece of malware on hundreds of devices in the country.
The new malware, dubbed “HermeticWiper” by the cybersecurity community, is designed to erase infected Windows devices. The name references a digital certificate used to sign a malware sample — the certificate was issued to a Cyprus-based company called Hermetica Digital.
“At this time, we haven’t seen any legitimate files signed with this certificate. It’s possible that the attackers used a shell company or appropriated a defunct company to issue this digital certificate,” explained endpoint security firm SentinelOne, whose researchers have been analyzing the new malware.
The malware has also been analyzed by researchers at ESET and Symantec. Each of the companies has shared indicators of compromise (IoCs) associated with HermeticWiper.
ESET first spotted HermeticWiper on Wednesday afternoon (Ukraine time) and the company said hundreds of computers in Ukraine had been compromised.
HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine https://www.sentinelone.com/labs/hermetic-wiper-ukraine-under-attack/
On February 23rd, the threat intelligence community began observing a new wiper malware sample circulating in Ukrainian organizations. Our analysis shows a signed driver is being used to deploy a wiper that targets Windows devices, manipulating the MBR resulting in subsequent boot failure. This blog includes the technical details of the wiper, dubbed HermeticWiper, and includes IOCs to allow organizations to stay protected from this attack. This sample is actively being used against Ukrainian organizations, and this blog will be updated as more information becomes available. Also:
https://www.welivesecurity.com/2022/02/24/hermeticwiper-new-data-wiping-malware-hits-ukraine/
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ukraine-wiper-malware-russia
https://www.bleepingcomputer.com/news/security/new-data-wiping-malware-used-in-destructive-attacks-on-ukraine/
HermeticWiper: A detailed analysis of the destructive malware that targeted Ukraine https://blog.malwarebytes.com/threat-intelligence/2022/03/hermeticwiper-a-detailed-analysis-of-the-destructive-malware-that-targeted-ukraine/
The day before the invasion of Ukraine by Russian forces on February 24, a new data wiper was unleashed against a number of Ukrainian entities. This malware was given the name “HermeticWiper” based on a stolen digital certificate from a company called Hermetica Digital Ltd. This wiper is remarkable for its ability to bypass Windows security features and gain write access to many low-level data-structures on the disk. In addition, the attackers wanted to fragment files on disk and overwrite them to make recovery almost impossible.
In Ukraine, Online Gig Workers Keep Coding Through the War
https://www.wired.com/story/gig-work-in-ukraine/
Freelancers or gig workers who piece together work on online platforms are a hidden engine of the Ukrainian economyand the world’s. They work as software engineers, project managers, IT technicians, graphic designers, editors, and copywriters. And they work for everyone.
Invading Russian forces have plunged freelancers’ home offices into chaos and uncertainty. Vlad, a video editor in southern Ukraine, says he’s grown accustomed to the air alarm signal, and hiding until it has passed. Now there are battles 30 miles from his home. “But as long as there is water, electricity, and internet, I can work, ” he says.
“Because we all need to live for something, eat
Leaving Russia? Experts Say Wipe Your Phone Before You Go
https://www.forbes.com/sites/thomasbrewster/2022/03/04/russians-escaping-putins-repression-urged-to-wipe-their-phones/
Russians fleeing President Vladimir Putin’s regime as it cracks down on anti-war sentimentand rumors of martial law grow louderare being advised to wipe their phones, especially of any traces of support for Ukraine. If they don’t, experts say they may face detention. They’re starting by deleting messages on Signal, Telegram or any app that promises security. For those leaving the country, they’re deleting the apps themselves, and urging others to do the same. Russian media has first-hand accounts of lengthy interrogations at the border, along with phone and laptop searches, though Forbes could not corroborate those claims.
Why ICANN Won’t Revoke Russian Internet Domains
The organization says cutting the country off would have “devastating” effects on the global internet system.
https://www.wired.com/story/why-icann-wont-revoke-russian-internet-domains/#intcid=_wired-bottom-recirc_8e802014-a05f-48c5-89e8-9dad931361ad_text2vec1-reranked-by-vidi
Ukraine on Monday asked ICANN to revoke Russian top-level domains such as .ru, .рф, and .su; to “contribute to the revoking for SSL certificates” of those domains; and to shut down DNS root servers in Russia. Fedorov argued that the requested “measures will help users seek for reliable information in alternative domain zones, preventing propaganda and disinformation.”
Ukraine’s request to cut Russia off from core parts of the internet has been rejected by the nonprofit group that oversees the Internet’s Domain Name System (DNS). CEO Göran Marby of the Internet Corporation for Assigned Names and Numbers (ICANN) said the group must “maintain neutrality and act in support of the global internet.”
“Our mission does not extend to taking punitive actions, issuing sanctions, or restricting access against segments of the internet—regardless of the provocations,” Marby wrote in his response to Ukraine Vice Prime Minister Mykhailo Fedorov.
https://www.icann.org/en/system/files/correspondence/marby-to-fedorov-02mar22-en.pdf
TikTok Was Designed for War
As Russia’s invasion of Ukraine plays out online, the platform’s design and algorithm prove ideal for the messiness of war—but a nightmare for the truth.
https://www.wired.com/story/ukraine-russia-war-tiktok/#intcid=_wired-bottom-recirc_8e802014-a05f-48c5-89e8-9dad931361ad_text2vec1-reranked-by-vidi
2,362 Comments
Tomi Engdahl says:
Finnish network kitmaker Nokia quits Russia over Ukraine invasion https://www.theregister.com/2022/04/12/finnish_network_kit_maker_nokia/
“It has been clear for Nokia since the early days of the invasion of Ukraine that continuing our presence in Russia would not be possible,”
the Finnish organization said this morning in a statement.
Tomi Engdahl says:
Anonymous Hits 3 Russian Entities, Leaks 400 GB Worth of Emails https://www.hackread.com/anonymous-hits-russian-entities-leaks-400-gb-emails/
Anonymous has taken Operation OpRussia a step further by targeting Aerogas, Forest, and Petrovsky Fort, which happened to be giants in their respective industries..
Also
https://securityaffairs.co/wordpress/130106/hacktivism/anonymous-hacked-russia-ministry-of-culture.html
Tomi Engdahl says:
Ukrainalaisviranomaiset: Venäjä yritti katkaista maasta sähköt massiivisella kyberiskulla https://www.is.fi/digitoday/art-2000008748186.html
Venäjä yritti katkaista sähköt noin kahdelta miljoonalta ukrainalaiselta kyberoperaatiossa, jonka oli määrä toteutua perjantai-iltana 8. huhtikuuta.
Järjestelmiin istutettu kyberase neutraloitiin torstaina 7.4. Sen oli määrä aktivoitua seuraavana päivänä eli perjantai-iltana 8.4. viikonloppuvapaiden alkaessa. Onnistuessaan hyökkäys olisi pimentänyt sähköt noin kahdelta miljoonalta ukrainalaiselta.
Ukrainalaisten mukaan kyberaseen oli määrä aiheuttaa fyysistä tuhoa. Sen tarkoitus oli tuhota sekä Windows-työsemia että sähköverkon laitteita. Se olisi aktivoituessaan saattanut työntekijät hengenvaaraan.
Nimen Industroyer2 saanut viritetty kyberase oli räätälöity lähettämään ohjauskomentoja korkeajänniteverkon syöttöasemiin, jotka oli kartoitettu ja yksilöity etukäteen.
Zhoran mukaan haittaohjelma joulukuussa 2016 nähdyn, Industroyeriksi nimetyn kyberaseen merkittävästi kehittyneempi versio. Joulukuussa 2016 tapahtuneessa kyberhyökkäyksessä pimennettiin viides Kiovasta tunnin ajaksi.
Maailmanlaajuisesti on ihmetelty, miksi Venäjä ei ole kyennyt tehokkaampiin iskuihin Ukrainan infrastruktuuria vastaan. Apulaisministeri Safarovin mukaan syy on suurilta osin siinä, että järeät ja monimutkaiset kyberoperaatiot ovat edellyttävät paljon valmisteluja ja vievät aikaa.
Lisäksi Ulkraina on saanut paljon apua kyberpuolustukseensa ulkomailta. Zhora kiitti nimeltä Microsoftia ja tietoturvayhtiö Esetiä, jotka olivat mukana vastaoperaatiossa.
– Venäläisiä hakkereita on yliarvioitu. Heillä on silti paljon potentiaalia, Zhora sanoi.
Translation:
Russia tried to cut off electricity to about two million Ukrainians in a cyber operation scheduled to take place on Friday night, April 8th.
The cyberase implanted in the systems was neutralized on Thursday 7.4. It was due to be activated the next day, Friday night 8.4. at the start of the weekend holidays. If successful, the attack would have blackouted some two million Ukrainians.
According to Ukrainians, cyber weapons were to be physically destroyed. Its purpose was to destroy both Windows workstations and networked devices. It would have put workers at risk of death if activated.
Named Industroyer2, the tuned cyberase was customized to send control commands to high-voltage network input stations that had been mapped and identified in advance.
According to Zhora, the malware is a significantly more advanced version of the cyber weapon seen in December 2016, called Industroyer. In a cyber attack in December 2016, the Fifth of Kiev was blacked out for an hour.
Globally, it has been wondered why Russia has not been able to make more effective attacks on Ukraine’s infrastructure. According to Deputy Minister Safarov, the reason is largely that robust and complex cyber operations are time-consuming and time-consuming.
In addition, Ukraine has received a lot of help in its cyber defense from abroad. Zhora thanked Microsoft and security company Eset for their involvement in the counter-operation.
- Russian hackers have been overestimated. They still have a lot of potential, Zhora said.
More:
Sandworm hackers fail to take down Ukrainian energy provider
https://www.bleepingcomputer.com/news/security/sandworm-hackers-fail-to-take-down-ukrainian-energy-provider/
The Russian state-sponsored hacking group known as Sandworm tried on Friday to take down a large Ukrainian energy provider by disconnecting its electrical substations with a new variant of the Industroyer malware for industrial control systems (ICS) and a new version of the CaddyWiper data destruction malware.
The threat actor used a version of the Industroyer ICS malware customized for the target high-voltage electrical substations and then tried to erase the traces of the attack by executing CaddyWiper and other data-wiping malware families tracked as Orcshred, Soloshred, and Awfulshred for Linux and Solaris systems.
In an announcement today, CERT-UA notes that the threat actor’s goal was “decommissioning of several infrastructural elements.”
The ICS malware used in the attack is now tracked as Industroyer2 and ESET assesses “whith high confidence” that it was built using the source code of Industroyer used in 2016 to cut the power in Ukraine and attributed to the state-sponsored Russian hacking group Sandworm.
CERT-UA says that “the implementation of [Sandworm's] malicious plan has so far been prevented” while ESET notes in a technical report on the malware used in this attack that “Sandworm attackers made an attempt to deploy the Industroyer2 malware against high-voltage electrical substations in Ukraine.”
ESET researchers say that Industroyer2 is highly configurable and comes with hardcoded detailed configuration, which requires it to be recompiled for each new victim environment.
Tomi Engdahl says:
Sandworm rolls out Industroyer2 malware against Ukraine
A second generation of the Sandworm-linked Industroyer malware has been identified by ESET researchers and Ukraine’s national CERT
https://www.computerweekly.com/news/252515855/Sandworm-rolls-out-Industroyer2-malware-against-Ukraine
A new variant of the Industroyer malware, used to great effect against the Ukrainian energy sector by Russia’s Sandworm or Voodoo Bear advanced persistent threat (APT) group in 2016, has been identified by researchers from ESET, working in tandem with Ukraine’s national Computer Emergency Response Team, CERT-UA.
Predictably dubbed Industroyer2, it was used in an attempted cyber attack on a Ukraine-based energy company on the evening of Friday 8 April 2022. The attack used an ICS-capable malware and disk wipers against Windows, Linux and Solaris operating systems at the target’s high-voltage electrical substations.
The Industroyer2 malware was compiled on 23 March, suggesting the attack had been planned for some time, and the initial compromise took place in February according to CERT-UA.
Sandworm also used a number of other destructive malwares in its attack, including the recently identified CaddyWiper, Orcshred, Soloshred and Awfulshred.
“Ukraine is once again at the centre of cyber attacks targeting their critical infrastructure,” said ESET’s research team in a disclosure notice. “This new Industroyer campaign follows multiple waves of wipers that have been targeting various sectors in Ukraine. ESET researchers will continue to monitor the threat landscape in order to better protect organisations from these types of destructive attacks.”
ESET said it had been unable to establish how the victim was compromised, nor how Sandworm, which is part of the Russian GRU intelligence service’s Main Centre for Special Technologies, or GTsST, moved laterally from the victim’s IT network to the separate ICS network.
Industroyer2: Industroyer reloaded
This ICS-capable malware targets a Ukrainian energy company
https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/
Key points:
ESET researchers collaborated with CERT-UA to analyze the attack against the Ukrainian energy company
The destructive actions were scheduled for 2022-04-08 but artifacts suggest that the attack had been planned for at least two weeks
The attack used ICS-capable malware and regular disk wipers for Windows, Linux and Solaris operating systems
We assess with high confidence that the attackers used a new version of the Industroyer malware, which was used in 2016 to cut power in Ukraine
We assess with high confidence that the APT group Sandworm is responsible for this new attack
In this case, the Sandworm attackers made an attempt to deploy the Industroyer2 malware against high-voltage electrical substations in Ukraine.
In addition to Industroyer2, Sandworm used several destructive malware families including CaddyWiper, ORCSHRED, SOLOSHRED and AWFULSHRED. We first discovered CaddyWiper on 2022-03-14 when it was used against a Ukrainian bank – see our Twitter thread about CaddyWiper. A variant of CaddyWiper was used again on 2022-04-08 14:58 against the Ukrainian energy provider previously mentioned.
At this point, we don’t know how attackers compromised the initial victim nor how they moved from the IT network to the Industrial Control System (ICS) network.
Tomi Engdahl says:
Energy Provider in Ukraine Targeted With Industroyer2 ICS Malware
https://www.securityweek.com/energy-provider-ukraine-targeted-industroyer2-ics-malware
An energy provider in Ukraine was recently targeted with a new piece of malware designed to cause damage by manipulating industrial control systems (ICS).
The attack, which targeted high-voltage electrical substations and reportedly failed, has been analyzed by Ukraine’s Computer Emergency Response Team (CERT-UA), cybersecurity firm ESET, and Microsoft.
The operation has been linked to Sandworm, a threat group believed to operate on behalf of Russia’s GRU military intelligence agency.
According to ESET, the attack, whose likely goal was to carry out destructive actions in the targeted energy facility and cause power outages on April 8, involved the deployment of several pieces of malware, in both the ICS network and systems running Solaris and Linux.
Sandworm rolls out Industroyer2 malware against Ukraine
https://www.computerweekly.com/news/252515855/Sandworm-rolls-out-Industroyer2-malware-against-Ukraine
A second generation of the Sandworm-linked Industroyer malware has been identified by ESET researchers and Ukraine’s national CERT
A new variant of the Industroyer malware, used to great effect against the Ukrainian energy sector by Russia’s Sandworm or Voodoo Bear advanced persistent threat (APT) group in 2016, has been identified by researchers from ESET, working in tandem with Ukraine’s national Computer Emergency Response Team, CERT-UA.
Predictably dubbed Industroyer2, it was used in an attempted cyber attack on a Ukraine-based energy company on the evening of Friday 8 April 2022. The attack used an ICS-capable malware and disk wipers against Windows, Linux and Solaris operating systems at the target’s high-voltage electrical substations.
The Industroyer2 malware was compiled on 23 March, suggesting the attack had been planned for some time, and the initial compromise took place in February according to CERT-UA.
Sandworm also used a number of other destructive malwares in its attack, including the recently identified CaddyWiper, Orcshred, Soloshred and Awfulshred.
Tomi Engdahl says:
Industroyer2: The Worst Sequel
https://medium.com/@RoseSecurity/industroyer2-the-worst-sequel-9103a8998ee9
Background:
Industroyer, also referred to as Crashoverride, is a malware framework considered to have been used in the cyberattack on Ukraine’s power grid on December 17, 2016. The attack cut a fifth of Kiev, the capital, off power for one hour and is considered to have been a large-scale test. The Kiev incident was the second cyberattack on Ukraine’s power grid in two years. The first attack occurred on December 23, 2015. Industroyer is the first ever known malware specifically designed to attack electrical grids.
The Sequel:
On April 12, 2022, ESET researchers collaborated with CERT-UA analysts to dissect malware targeting the Ukrainian energy sector. CERT-UA, the Governmental Computer Emergency Response Team of Ukraine, said the attack used Industroyer to target “several infrastructural elements” including high-voltage electrical substations, computers at the facility, network equipment and server equipment running Linux operating systems.
Industroyer2 was deployed as a single Windows executable named 108_100.exe and executed using a scheduled task on 2022–04–08 at 16:10:00 UTC. It was compiled on 2022–03–23, according to the PE timestamp, suggesting that attackers had planned their attack for more than two weeks. Industroyer2 only implements the IEC-104 (aka IEC 60870–5–104) protocol to communicate with industrial equipment. This includes protection relays, used in electrical substations. This is a slight change from the 2016 Industroyer variant that is a fully-modular platform with payloads for multiple ICS protocols. Industroyer2 is highly configurable. It contains a detailed configuration hardcoded in its body, driving the malware actions. This is different from Industroyer, stores configuration in a separate .INI file. Thus, attackers need to recompile Industroyer2 for each new victim or environment. However, given that the Industroyer* malware family has only been deployed twice, with a five year gap between each version, this is probably not a limitation for Sandworm operators. The configuration contains values that are used during communication via IEC-104 protocol, such as ASDU (Application Service Data Unit) address, Information Object Addresses (IOA), timeouts, etc.
Before connecting to the targeted devices, the malware terminates a legitimate process that is used in standard daily operations.
Tomi Engdahl says:
Ukraine energy grid hit by Russian Indestroyer2 malware
The 2016 malware known as “Indestroyer” has resurfaced in a new series of targeted attacks against industrial controller hardware at a Ukraine power company.
https://www.techtarget.com/searchsecurity/news/252515899/Ukraine-energy-grid-hit-by-Russian-Indestroyer2-malware
A notorious piece of malware has been rehashed as an agent of cyberwar in Russia’s invasion of Ukraine.
Security researchers working with the Ukraine government say that a new variant of the “Indestroyer” malware has been detected in power stations in the Ukraine and is likely being used by the Russian government to sabotage industrial controller systems (ICS). Industroyer was first detected in 2016 cyber attacks against Ukraine’s power grid, which substantial blackouts in the country.
Researchers with threat detection vendor ESET reported Tuesday that Russian attackers have been targeting energy plants in Ukraine with the aim of shutting down critical infrastructure. The Industroyer2 malware targets the controller hardware that manages the flow of water, use of cleaning agents, and other embedded machines that keep water systems running efficiently.
Tomi Engdahl says:
Myös Huawei lopettaa Venäjällä
https://etn.fi/index.php/13-news/13430-myoes-huawei-lopettaa-venaejaellae
Länsimaiset yritykset ovat lopettaneet toimensa Venäjällä sen jälkeen, kun maa hyökkäsi Ukrainaan puolitoista kuukautta sitten. Nyt Gizchina-sivusto kertoo, että myös Huawei on ajamassa alas toimintoaan Venäjällä. Pakotteiden takia toimiminen Venäjälle katsotaan liian riskaabeliksi.
Toiminnan lopettaminen Venäjällä ei ole mikään triviaali päätös yrityksille. Esimerkiksi Applen on sanottu menettävän kolme miljoonaa dollari päivässä, kun iPhone- ja iPad-myynti Venäjällä loppui.
Nyt Gizchina kertoo Huawein sisältä tulevien tietojen perusteella, että yhtiö aikoo sulkea Venäjän toimistonsa kokonaan. Yritys on lopettanut tilausten vastaanottamisen ja valmistautuu sulkemaan tietoliikenne- ja verkkolaitteita käsittelevän konttorinsa Venäjällä.
Tomi Engdahl says:
Ukraine Says Potent Russian Hack Against Power Grid Thwarted
https://www.securityweek.com/ukraine-says-potent-russian-hack-against-power-grid-thwarted
Russian military hackers attempted to knock out power to millions of Ukrainians last week in a long-planned attack but were foiled, Ukrainian government officials said Tuesday.
At one targeted high-voltage power station, the hackers succeeded in penetrating and disrupting part of the industrial control system, but people defending the station were able to prevent electrical outages, the Ukrainians said.
“The threat was serious, but it was prevented in a timely manner,” a top Ukrainian cybersecurity official, Victor Zhora, told reporters through an interpreter. “It looks that we were very lucky.”
Tomi Engdahl says:
Russia’s FSB malign activity: factsheet
https://www.gov.uk/government/publications/russias-fsb-malign-cyber-activity-factsheet/russias-fsb-malign-activity-factsheet
Russia is one of the world’s most prolific cyber actors and dedicate significant resource into conducting cyber operations around the globe. The UK government has publicly attributed malign cyber activity to parts of three Russian Intelligence services: the FSB, SVR and GRU, with each having their own remits.
Tomi Engdahl says:
Industroyer2: Industroyer reloaded
https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/
The blogpost presents the analysis of a cyberattack against a Ukrainian energy provider..
Also https://www.wired.com/story/sandworm-russia-ukraine-blackout-gru/
Tomi Engdahl says:
https://petapixel.com/2022/04/11/ukraine-opens-russian-drone-finds-canon-dslr-inside/
Tomi Engdahl says:
Taloustutkijat: Kaasun katkaisu maksaisi Saksalle 220 miljardia
klo 15:46: Viisi saksalaista taloustutkimuslaitosta varoittaa, että venäläisen kaasun katkaisu maksaisi Saksalle jopa 220 miljardia euroa sekä vuonna 2022 että vuonna 2033. Se voisi aiheuttaa jyrkän taantuman.
Tutkimuslaitokset ovat laskeneet Saksan talouskasvun ennustetta. Aiemmin bruttokansantuotteen arvioitiin kasvavan 4,8 prosenttia tänä vuonna. Nyt ennustetta on laskettu 2,7 prosenttiin Ukrainan sodan ja sen talousvaikutusten vuoksi.
Laitokset odottavat inflaation nousevan 6,1 prosenttiin. Jos kaasuhanat suljetana, se voi nousta jopa 7,3 prosenttiin. Se olisi Saksan korkein sitten toisen maailmansodan.
https://www.iltalehti.fi/ulkomaat/a/fac86480-df24-41b8-be6c-6ab6ff6476e4
Tomi Engdahl says:
Ukraina: Näin totaalisesti venäläiset sekoilivat Tšernobylin säteilyalueella – vahinkoja paikkaillaan edelleen
Ukraina ei ole vieläkään pystynyt palauttamaan säteilytasojen seurantaa Tšernobylin ydinvoimalan alueella.
https://www.iltalehti.fi/ulkomaat/a/7bdeed13-2ad4-4696-9a3c-ddeee8f1a4aa
Venäläiset ovat poistuneet Tšernobylin ydinvoimalan alueelta. Ukrainalaiset korjaavat hyökkääjän aiheuttamia vahinkoja edelleen. Muun muassa säteilytasojen seurantaa ei olla onnistuttu palauttamaan toimintakykyiseksi.
Tšernobylin ydinvoimalan alueesta vastaavan järjestön johtaja Yevgen Kramarenko on kertonut uutta tietoa, kuinka pahasti venäläisjoukot sekoilivat maailman tuhoisimman ydinvoimalaonnettomuuden tapahtumapaikalla. Asiasta uutisoi muun muassa AFP.
– Miehittäjät kaivelivat monissa paikoissa. He kaivoivat raskasta kalustoa maahan, rakensivat korsuja ja jopa maanalaisia keittiöitä, telttapaikkoja ja linnoituksia.
Kramarenkon mukaan yksi linnoitus sijaitsi radioaktiivisen jätteen väliaikaisen varastointipaikan lähellä Punaisen metsän alueella. Kyseessä on Tšernobylin alueen saastunein paikka.
Kramarenkon mukaan säteilytasojen seuranta ei toimi muun muassa siksi, että informaatiota käsittelevät palvelimet ovat kadonneet.
– Emme voi tällä hetkellä sanoa, onko alue täysin turvallinen.
Ukrainalaiset selvittävät edelleen, millaista vahinkoa venäläisjoukot aiheuttivat.
– Kunnes sähkö on palautettu ja työntekijät saavat asevoimilta luvan vierailla säteilyn mittauspisteillä, emme voi tietää, kuinka paljon vahinkoa on tehty, Kramarenko kommentoi toimittajille.
Säteilyvaikutukset epävarmoja
Iltalehti on uutisoinut aiemminkin venäläisjoukkojen itsetuhoisesta ja välinpitämättömästä toiminnasta alueella. Työntekijät olivat kommentoineet Reutersille, että venäläisillä ei ollut minkäänlaisia suojavarusteita ja osa ei ollut kuullutkaan Tšernobylin räjähdyksestä vuonna 1986.
Sosiaalisessa mediassa ja kansainvälisessä lehdistössä on liikkunut vahvistamattomia huhuja, joiden mukaan säteilystä kärsineitä venäläisiä olisi kuljetettu sairaalahoitoon.
Tomi Engdahl says:
Selonteon seitsemän syytä liittyä Natoon
Ajankohtaisselonteko turvallisuusympäristön muutoksesta suitsuttaa Nato-jäsenyyttä monin tavoin.
https://www.iltalehti.fi/politiikka/a/4da06739-3778-4305-b395-9abd69aad60d
Selonteon riskit Nato-jäsenyydelle – ”Tulisi varautua jännitteiden kasvuun Suomen ja Venäjän rajalla”
Ajankohtaisselonteossa turvallisuusympäristön muutoksesta listataan myös Suomen Nato-hakemuksen riskejä.
https://www.iltalehti.fi/politiikka/a/4b414365-3849-4f8e-8728-690cfe418d75
Tomi Engdahl says:
Lue koko odotettu selonteko: ”Suomen turvallisuustilanne on vakavampi ja vaikeammin ennakoitavissa kuin kertaakaan kylmän sodan jälkeen”
Ajankohtaisselonteko turvallisuusympäristön muutoksesta on julki.
https://www.iltalehti.fi/politiikka/a/6397f4fd-3cde-41c0-bce0-0b6b40cb9bd7
Tomi Engdahl says:
Study finds TikTok’s ban on uploads in Russia failed, leaving it dominated by pro-war content
https://techcrunch.com/2022/04/13/study-finds-tiktiks-ban-on-uploads-in-russia-failed-leaving-it-dominated-by-pro-war-content/?tpcc=tcplusfacebook
Tracking Exposed found pro-war content dominates on TikTok in Russia after poor implementation of ban
With Facebook, Twitter and Instagram banned by the Kremlin, TikTok is the last global social media platform still operating in Russia. In response to the Russian invasion of Ukraine, it announced it had banned new uploads on March 6 to protect users from Russian “fake news” law.
But a new report has found that the ban was applied inconsistently; that new content uploads related to the war outnumbered anti-war content by 10-1; and that these pro-war posts now dominate TikTok’s war-related content. This has left the platform – after the ban was fully applied – effectively frozen in time, and Russian TikTokers none-the-wiser about new developments.
Tomi Engdahl says:
Railway damaged in Russia’s Belgorod region
https://english.nv.ua/nation/railway-damaged-in-russia-s-belgorod-region-50233211.html
Railway lines in Russia’s Belgorod region, near the Ukrainian border have been damaged, regional governor Vyacheslav Gladkov said via Telegram messenger on April 12.
“Railways (were) damaged in Shebekino district of Belgorod oblast; no casualties,” said Gladkov.
“Only rails are destroyed; repair crew is on site; (I) will report later on what caused (the damage).”
Tomi Engdahl says:
Ukraine’s $10,000 Drones Are Dropping Tiny Bombs On Russian Troops
https://lm.facebook.com/l.php?u=https%3A%2F%2Ftrib.al%2FRhOlQlu&h=AT1tS5bvMgoUsXTF79GfEX1WyLl2wL-QE9NtBiTNSHU37AZhzXHep3amDk0jcsqcV4SMuuyqRSLRiTrpsBjcTvkRU7U5HRSzUALu7spxzAUFZ24PYtey-w-9sVIwKJaQNQ
Tomi Engdahl says:
Wind of Changesta muodostui kylmän sodan loppumisen hymni – Venäjän hyökättyä Ukrainaan Scorpions päätti muuttaa superhittinsä sanat https://www.is.fi/viihde/art-2000008751578.html
Tomi Engdahl says:
Näin ulkomaalaisissa medioissa on kirjoitettu Suomen mahdollisesta Nato-jäsenyydestä – Putin työnsi Suomen Naton syliin https://www.is.fi/politiikka/art-2000008751823.html
Tomi Engdahl says:
Matt Burgess / Wired:
Ukraine, its allies, and hactivists have made public hundreds of gigabytes of files and millions of emails on the Russian state, including doxing Russian troops
Russia Is Leaking Data Like a Sieve
https://www.wired.com/story/russia-ukraine-data/
Ukraine claims to have doxed Russian troops and spies, while hacktivists are regularly leaking private information from Russian organizations.
Names, birthdays, passport numbers, job titles—the personal information goes on for pages and looks like any typical data breach. But this data set is very different. It allegedly contains the personal information of 1,600 Russian troops who served in Bucha, a Ukrainian city devastated during Russia’s war and the scene of multiple potential war crimes.
Tomi Engdahl says:
In a surprising twist….
Anonymous-affiliated hacking group which claimed it hacked Moscow’s space agency last month used Russia’s own ransomware against it
https://www.dailymail.co.uk/news/article-10716479/Anonymous-affiliated-hacking-group-used-Russias-ransomware-against-space-agency.html?ito=social-facebook
A group of Anonymous-affiliated hackers turned Russia’s own ransomware against its national space agency, security experts have said.
Network Battalion 65 last month claimed it had stolen files from Roscosmos
It also claimed it had taken down satellites operated by Russia’s space agency
Vladimir Putin’s ally Dmitry Rogozin – who is the chief of Roscosmos – denied that it had lost control of its systems and called the group ‘scammers’
Now, analysts say NB65 used ransomware ‘Conti’ from a Russian cyber-crime group of the same name against its own space agency
Network Battalion 65 – or NB65 – last month claimed in a series of posts on Twitter that the group had stolen files from Roscosmos, and taken down satellites.
NB65 shared a series of images of what it said was Roscosmos server information, that it said demonstrated it had shut down a monitoring system operated by the Russian space agency.
The group claimed Russian President Vladimir Putin ‘no longer had control over spy satellites’ and said it had downloaded and deleted confidential files related to the space agency’s satellite imaging and Vehicle Monitoring System.
Analysts who delved into a file containing the source code behind the hack have now claimed it shared code with ransomware used by a Russian cyber crime group, according to The Daily Telegraph.
The experts said they found it matched 66 percent of the same code as Conti – a Russian crime group and its ransomware with the same name – that extorted millions of dollars from western companies.
This suggested that NB65 turned Russian ransomware against itself in its cyber attack on Roscosmos last month.
Tomi Engdahl says:
“We have a significant presence of our engineering talent with around 14,000 people spread from around east to west [Ukraine] and it’s obvious the current events are impacting [us],” says Arkadiy Dobkin, CEO and chairman of EPAM.
Russian Invasion Of Ukraine’s ‘Silicon Valley’ Hits Tech Everywhere – But Especially Inside The Stricken Country
https://www.forbes.com/sites/iainmartin/2022/03/01/russian-invasion-of-ukraines-silicon-valley-hits-tech-everywhere–but-especially-inside-the-stricken-country/?utm_campaign=socialflowForbesMainFB&utm_medium=social&utm_source=ForbesMainFacebook&sh=14b9e948380a
Tomi Engdahl says:
https://suomensotilas.fi/2022/04/12/suunniteltiin-erikoisoperaatio-tulikin-sota/#.YlcOVfybBSY.whatsapp
Tomi Engdahl says:
“Destroying a country’s cultural heritage is the fastest way to erase their national identity.”
UKRAINE IS 3D SCANNING ITS PRECIOUS ARTIFACTS BEFORE RUSSIA DESTROYS THEM
https://futurism.com/the-byte/ukraine-3d-scanning-artifacts-russia?utm_campaign=trueanthem_manual&utm_medium=social&utm_source=facebook
Scanning Culture
People in Ukraine are using 3D modeling tech to preserve cultural heritage sites — before they risk being destroyed by the Russian invasion.
It’s a bleak use of the tech, making digital backups of statues and other public important artifacts that could soon be turned into piles of rubble.
The project, called Backup Ukraine, was organized by smartphone camera capture app Polycam, which partnered with The United Nations Educational, Scientific and Cultural Organization (UNESCO), Vice Media Group, Danish non-profit Blue Shield Danmark, Ukraine’s Heritage Emergency Rescue Initiative, and the National Museum of the History of Ukraine.
“Destroying a country’s cultural heritage is the fastest way to erase their national identity,” the project’s website reads. “In light of Russia’s false denial of Ukrainian sovereign and unique national identity, we take the destruction of the country’s history extremely seriously.”
Digital Preservation
The goal is to scan pretty much anything of cultural value.
The company is actively looking for volunteers who can use their smartphones and the Polycam app — now free to use in Ukraine — to turn practically anything into three dimensional reconstructions.
“We want to put this new technology in the hands of the citizens of Ukraine so that they may capture anything and everything that they deem culturally significant to preserve forever in 3D,” the website reads.
Polycam has agreed to provide hosting for all scans for at least the next five years, which can all be viewed here. So far, local citizens have scanned a variety of objects, from Russian tanks to simple Jenga block towers.
https://poly.cam/ukraine
Tomi Engdahl says:
Venäläislehti: Tunnettuja fontteja ei voi enää ladata Venäjällä, listalla muun muassa Helvetica ja Times New Roman
https://www.hs.fi/kulttuuri/art-2000008752206.html
Venäläislehti Vedomosti kertoo, että amerikkalaisyhtiön hallinnoimaan fonttikirjastoon ei olisi pääsyä venäläisistä ip-osoitteista.
VENÄLÄISEN Vedomosti-uutissivuston mukaan yhdysvaltalainen Monotype-yhtiö olisi estänyt pääsyn hallinnoimaansa fonttikirjastoon venäläisistä ip-osoitteista.
Monotype omistaa Arialin, Helvetican, Tahoman, Times New Romanin sekä Verdanan kaltaisia suosittuja kirjasintyyppejä eli fontteja.
Uutinen fonttikirjaston käytön epäämisestä on levinnyt torstaina laajasti Venäjän mediassa.
Vedomosti oli omissa selvityksissään todennut, että Monotypen sivusto kyllä toimi Venäjällä, mutta fonttikirjasto ei ollut käytettävissä. Fonttikirjasto oli kuitenkin käytettävissä, jos sivustoon otti yhteyttä VPN-yhteyden avulla eli jos käyttäjä piilotti tietokoneensa sijainnin Venäjällä.
Fontit ovat Vedomostin mukaan edelleen käytössä myös amerikkalaisen Microsoftin ohjelmistopaketeissa Venäjällä, mutta maaliskuun alussa Microsoft keskeytti tuotteidensa myynnin maassa.
VEDOMOSTIN tulkinnan mukaan latauksen estäminen ei kuitenkaan estä fonttien käyttöä Venäjällä, vaikkakin käyttö saattaa tulevaisuudessa vaikeutua ja jopa estyä. Lehti myös muistutti Venäjän lainsäädännöstä, jonka mukaan fonttien käyttöä olisi mahdollista jatkaa haltijan kiellosta huolimatta, jos on tarpeen suojella valtion ja kansalaisten etuja.
Monotype ei ole kommentoinut käyttörajoitusta.
MONOTYPE rajoitti fonttiensa käyttöä Venäjällä jo vuosia sitten Krimin valtauksen jälkeen.
Maaliskuun lopussa Venäjä kielsi ulkomaisten ohjelmistojen hankinnan yhteiskunnan keskeisille toimialueille ilman erillistä hyväksyntää.
MONOTYPE kuuluu nimenä olennaisena osana median ja sanomalehdistön kansainväliseen historiaan. Monotypellä tarkoitettiin alun perin kirjoitus- ja latomakonetta, joka nopeutti ja mullisti painatusta 1900-luvun alussa.
Suomeen ensimmäinen monotypelaite saatiin vuonna 1906.
Tomi Engdahl says:
NEW DELHI
Intialainen it-alan jätti Infosys on kertonut vetäytyvänsä Venäjältä ja lopettavansa toimintansa maassa. Samalla se ilmoitti tukevansa hätää tarvitsevia ukrainalaisia miljoonan dollarin hätäavulla.
Infosys on ensimmäinen intialaisyhtiö, joka aikoo vetäytyä Venäjältä. Yrityksen toimitusjohtaja Salil Parekh kertoi asiasta sijoittajille suunnatussa tulosinfossa.
https://www.kauppalehti.fi/uutiset/infosys-vetaytyy-venajalta-ensimmaisena-intialaisyhtiona/7ada1cc1-3ff6-433b-ae4c-be120827c063
Tomi Engdahl says:
Elon Musk ‘donated’ Starlink terminals to Ukraine. U.S. taxpayers paid SpaceX millions for it.
SpaceX previously claimed the U.S. didn’t give them any money to send Starlink to Ukraine.
https://mashable.com/article/elon-musk-spacex-ukraine-starlink-government-funding
Tomi Engdahl says:
Full embargo on oil could stop war – ex-Putin aide
https://www.bbc.com/news/business-61040424
Tomi Engdahl says:
The “Rules-Based International Order” Is Dead. Washington Killed It.
https://mises.org/wire/rules-based-international-order-dead-washington-killed-it#.YlEWcrbOjgc.facebook
Tomi Engdahl says:
https://www.iflscience.com/technology/the-nuclear-missile-and-bomb-market-is-set-to-boom-this-decade/
Tomi Engdahl says:
How the Wayback Machine Is Saving Digital Ukraine The Internet Archive’s Mark Graham explains the rush to protect Ukranian digital resources—and some Russian ones, too
https://spectrum.ieee.org/internet-archive-ukraine?share_id=6988105
Tomi Engdahl says:
Uutismedialla tärkeä rooli kamppailussa väärää tietoa vastaan
https://www.helsinki.fi/fi/uutiset/demokratia/uutismedialla-tarkea-rooli-kamppailussa-vaaraa-tietoa-vastaan
Uutismedian ja journalismin merkitys demokratialle korostuu entisestään kriisiaikoina. Vaikka digitaaliset alustat ovat mullistaneet mediamarkkinoita kaikkialla, tutkimus osoittaa, että uutismedialla on edelleen vahva asema ja sen rooli erityisesti harhaanjohtavan tiedon torjumisessa nähdään korvaamattomana.
Tomi Engdahl says:
Sotauutisia kaninkolosta
https://yle.fi/uutiset/3-12374536
Jäljitimme Venäjän propagandaa sen alkulähteiltä suomalaisiin sosiaalisen median ryhmiin asti. Selvisi, että osa terveysvaikuttajista jakaa hyvin outoja väitteitä Ukrainan sodasta
Tomi Engdahl says:
https://www.theverge.com/2022/4/9/23018258/microsoft-control-russian-domains-ukraine-war-cyberattack-fancy-bear-apt28-strontium
Tomi Engdahl says:
https://www.engadget.com/ukraine-russia-hack-energy-provider-eset-microsoft-162847785.html
Tomi Engdahl says:
Analyysi: Ukrainan sota toi kyberaseet rintamalle, jolla ei ole rajoja – nyt verkkohyökkäyksiin varaudutaan kaikkialla, myös Suomessa
https://yle.fi/uutiset/3-12386997
Toistaiseksi Ukrainan sota ei ole näkynyt lisääntyneinä hyökkäyksinä Suomen verkkoympäristössä. Mutta kun kyberaseet on tuotu näyttämölle, niiden käyttö on todennäköistä, kirjoittaa Ylen toimittaja Teemu Hallamaa.
Tomi Engdahl says:
https://www.bloomberg.com/opinion/articles/2022-04-03/niall-ferguson-7-worst-case-scenarios-from-putin-s-ukraine-war
Tomi Engdahl says:
The drone operators who halted Russian convoy headed for Kyiv
Special IT force of 30 soldiers on quad bikes is vital part of Ukraine’s defence, but forced to crowdfund for supplies
https://www.theguardian.com/world/2022/mar/28/the-drone-operators-who-halted-the-russian-armoured-vehicles-heading-for-kyiv
Tomi Engdahl says:
https://www.dw.com/en/ukraine-is-using-elon-musks-starlink-for-drone-strikes/a-61270528
Tomi Engdahl says:
Food Delivery Leak Unmasks Russian Security Agents
https://www.bellingcat.com/news/rest-of-world/2022/04/01/food-delivery-leak-unmasks-russian-security-agents/
Tomi Engdahl says:
https://www.engadget.com/russia-suspends-iss-cooperation-153506829.html
Tomi Engdahl says:
https://www.zdnet.com/article/ukrainian-software-developers-share-their-stories-and-photos-from-the-war-zone/
Tomi Engdahl says:
https://www.indy100.com/viral/ukraine-cartoon-tractor-russian-tank#Echobox=1648536941
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/hacked-wordpress-sites-force-visitors-to-ddos-ukrainian-targets/
Tomi Engdahl says:
Hackers Increasingly Using ‘Browser-in-the-Browser’ Technique in Ukraine Related Attacks
https://thehackernews.com/2022/03/hackers-increasingly-using-browser-in.html
Tomi Engdahl says:
https://suomivenajaseura.fi/sosiaalinen-media-tavoittaa-tavalliset-venalaiset/
Tomi Engdahl says:
Data-harvesting code in mobile apps sends user data to “Russia’s Google”
Data from apps on Apple- and Google-powered mobile devices is sent to Russian servers.
https://www.ft.com/content/c02083b5-8a0a-48e5-b850-831a3e6406bb
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/oldgremlin-ransomware-gang-targets-russia-with-new-malware/