Ukraine and Russia seems to be at the moments on both traditional and cyber war. We could call that hybrid warfare. We are at a cyber war. Countless examples exist of damage to infrastructure from hostile acts via computer attacks. Russia’s invasion of Ukraine has been a hybrid war from the start, a mix of conventional military strategy — traditional “boots on the ground” — and a slightly more unconventional, digital or cyberwar. On the morning of February 22, 2022, the world woke to the news that Russia had moved troops into two separatist regions of eastern Ukraine. Russia started to conduct attacks to Ukraine on February 24. Before physical attacks Russia did several cyber attacks towards IT systems in Ukraine.
Here are links to some material on the cyber side of this war:
How the Eastern Europe Conflict Has Polarized Cyberspace
https://blog.checkpoint.com/2022/02/27/how-the-eastern-europe-conflict-polarized-cyberspace/
The war between Russia and Ukraine is advancing. People everywhere are deciding who they will support. The same dynamic happens in the cyberspace. Hacktivists, cybercriminals, white hat researchers or even technology companies are picking a clear side, emboldened to act on behalf of their choices. Historically, Russia has had superiority over Ukraine in the cyberspace. And last week, Ukraine was attacked by destructive wiping malware. However, the situation is starting to change, as most of the non-nation cyber state actors are taking the side of Ukraine. To defend itself, the Ukrainian government has created an international IT army of hacktivists.
As war escalates in Europe, it’s ‘shields up’ for the cybersecurity industry
https://techcrunch.com/2022/03/02/as-war-escalates-in-europe-its-shields-up-for-the-cybersecurity-industry/
In unprecedented times, even government bureaucracy moves quickly. As a result of the heightened likelihood of cyberthreat from Russian malactor groups, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) — part of the Department of Homeland Security — issued an unprecedented warning recommending that “all organizations — regardless of size — adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.”
Digital technology and the war in Ukraine
https://blogs.microsoft.com/on-the-issues/2022/02/28/ukraine-russia-digital-war-cyberattacks/
All of us who work at Microsoft are following closely the tragic, unlawful and unjustified invasion of Ukraine. This has become both a kinetic and digital war, with horrifying images from across Ukraine as well as less visible cyberattacks on computer networks and internet-based disinformation campaigns. We are fielding a growing number of inquiries about these aspects and our work, and therefore we are putting in one place a short summary about them in this blog. This includes four areas: protecting Ukraine from cyberattacks; protection from state-sponsored disinformation campaigns; support for humanitarian assistance; and the protection of our employees.. Also:
https://threatpost.com/microsoft-ukraine-foxblade-trojan-hours-before-russian-invasion/178702/
Ukraine: Cyberwar creates chaos, ‘it won’t win the war’
https://www.dw.com/en/ukraine-cyberwar-creates-chaos-it-wont-win-the-war/a-60999197
There have been at least 150 cyberattacks in Ukraine since Russia’s invasion. Their effect is mainly psychological, and experts say they won’t decide the war.
Russia’s invasion of Ukraine has been a hybrid war from the start, a mix of conventional military strategy — traditional “boots on the ground” — and a slightly more unconventional, digital or cyberwar.
The global technology company Microsoft has said its Threat Intelligence Center (MSTIC) detected “destructive cyberattacks directed against Ukraine’s digital infrastructure” hours before the first launch of missiles or movement of tanks on February 24.
Those attacks, which Microsoft dubbed FoxBlade, included so-called wipers — malicious software or malware — that make their way inside computer networks and literally wipe the data from all connected devices.
Cybersecurity experts in Germany have said there have been over a hundred cyberattacks, in various forms, since then. But their effect has mainly been psychological.
Why Russia Hasn’t Launched Major Cyber Attacks Since the Invasion of Ukraine
https://time.com/6153902/russia-major-cyber-attacks-invasion-ukraine/
In the relatively short and rapidly evolving history of cyber conflict, perhaps nothing has been established with greater certainty and more widely accepted than the idea that Russia has significant cyber capabilities and isn’t afraid to use them—especially on Ukraine. In 2015, Russian government hackers breached the Ukrainian power grid, leading to widespread outages. In 2017, Russia deployed the notorious NotPetya malware via Ukrainian accounting software and the virus quickly spread across the globe costing businesses billions of dollars in damage and disruption.
As tensions escalated between Russia and Ukraine, many people were expecting the conflict to have significant cyber components.
But as the invasion continues with few signs of any sophisticated cyber conflict, it seems less and less likely that Russia has significant cyber capabilities in reserve, ready to deploy if needed. Instead, it begins to look like Russia’s much vaunted cyber capabilities have been neglected in recent years, in favor of developing less expensive, less effective cyber weapons that cause less widespread damage and are considerably easier to contain and defend against. For instance, many of the cyberattacks directed at Ukraine in the past month have been relatively basic distributed denial-of-service attacks.
Given Russia’s past willingness to deploy cyberattacks with far-reaching, devastating consequences, it would be a mistake to count out their cyber capabilities just because they have so far proven unimpressive. And it’s all but impossible to prove the absence of cyber weapons in a nation’s arsenal. But the longer the conflict goes on without any signs of sophisticated cyber sabotage, the more plausible it becomes that the once formidable Russian hackers are no longer playing a central role in the country’s military operations.
Crowd-sourced attacks present new risk of crisis escalation
https://blog.talosintelligence.com/2022/03/ukraine-update.html
An unpredictable and largely unknown set of actors present a threat to organizations, despite their sometimes unsophisticated techniques.
Customers who are typically focused on top-tier, state-sponsored attacks should remain aware of these highly motivated threat actors, as well. Misattribution of these actors carries the risk of nations escalating an already dangerous conflict in Ukraine. Based on data from our fellow researchers at Cisco Kenna, customers should be most concerned about threat actors exploiting several recently disclosed vulnerabilities, highlighting the importance of consistently updating software and related systems.
Russia, Ukraine and the Danger of a Global Cyberwar
https://www.securityweek.com/russia-ukraine-and-danger-global-cyberwar
On the morning of February 22, 2022, the world woke to the news that Russia had moved troops into two separatist regions of eastern Ukraine. At the time of writing, it is not yet a full invasion of Ukraine, but Russia did conduct attacks on February 24, hitting cities with airstrikes and artillery in what was called a “special military operation” by Russian President Vladamir Putin.
Russia has been waging its own cyberwar against Ukraine for many years.
Since the beginning of 2022, however, it seems that Russian cyber activity against Ukraine has increased. This includes evidence that wiper malware has again disrupted some Ukrainian government networks, and attacks from the FSB-linked Gamaredon have targeted around 5,000 entities, including critical infrastructure and government departments. So far, however, there has not been the same scale of disruption as occurred in 2015, 2016 and 2017.
The purpose of such cyber activity is to weaken critical infrastructure, damage government’s ability to respond to any aggression, and to demoralize the population.
The U.S. has been warning the rest of the world against a potential widening scope of Russian cyber activity, and that cyber defenses generally should be tightened.
“Part of the worry,” said Willett, “is that cyberattacks against Ukraine might bleed over, like NotPetya, to affect other countries and cause wider damage unintentionally. There is some concern that the Russians may intentionally do stuff more widely, but that would probably be in retaliation for something that the U.S. or NATO might do.
This raises the whole question of ‘attribution’. The received belief is it is impossible to do accurate cyber attribution. ““It would be a mistake for any one nation to think it could attack another without being known,” said Willett.That is absolutely wrong,” said Willett.
But accidents happen. The two iconic cyberweapons have been Stuxnet and NotPetya. It is assumed that the U.S. developed Stuxnet (although this has never been admitted). NotPetya has been confidently attributed to the Russian government. Both malwares escaped from their assumed targets into the wider world. This was probably accidental – but similar accidents could lead to wider implications during a period of global geopolitical tension.
On the morning of February 24, 2022, Russian troops invaded Ukraine. This was accompanied by a further increase in cyber activity.
Ukraine Digital Army Brews Cyberattacks, Intel and Infowar
https://www.securityweek.com/ukraine-digital-army-brews-cyberattacks-intel-and-infowar
Formed in a fury to counter Russia’s blitzkrieg attack, Ukraine’s hundreds-strong volunteer “hacker” corps is much more than a paramilitary cyberattack force in Europe’s first major war of the internet age. It is crucial to information combat and to crowdsourcing intelligence.
Inventions of the volunteer hackers range from software tools that let smartphone and computer owners anywhere participate in distributed denial-of-service attacks on official Russian websites to bots on the Telegram messaging platform that block disinformation, let people report Russian troop locations and offer instructions on assembling Molotov cocktails and basic first aid.
The movement is global, drawing on IT professionals in the Ukrainian diaspora whose handiwork includes web defacements with antiwar messaging and graphic images of death and destruction in the hopes of mobilizing Russians against the invasion.
The cyber volunteers’ effectiveness is difficult to gauge. Russian government websites have been repeatedly knocked offline, if briefly, by the DDoS attacks, but generally weather them with countermeasures.
It’s impossible to say how much of the disruption — including more damaging hacks — is caused by freelancers working independently of but in solidarity with Ukrainian hackers.
A tool called “Liberator” lets anyone in the world with a digital device become part of a DDoS attack network, or botnet. The tool’s programmers code in new targets as priorities change.
Ukraine Cyber Official: We Only Attack Military Targets
https://www.securityweek.com/ukraine-cyber-official-we-only-attack-military-targets
A top Ukrainian cybersecurity official said Friday a volunteer army of hundreds of hackers enlisted to fight Russia in cyberspace is attacking only what it deems military targets, prioritizing government services including the financial sector, Kremlin-controlled media and railways.
Victor Zhora, deputy chair of the state special communications service, also said that there had been about 10 hostile hijackings of local government websites in Ukraine to spread false text propaganda saying his government had capitulated. He said most of Ukraine’s telecommunications and internet were fully operational.
Zhora told reporters in a teleconference that presumed Russian hackers continued to try to spread destructive malware in targeted email attacks on Ukrainian officials and — in what he considers a new tactic — trying to infect the devices of individual citizens.
Army of Cyber Hackers Rise Up to Back Ukraine
https://www.securityweek.com/army-cyber-hackers-rise-back-ukraine
An army of volunteer hackers is rising up in cyberspace to defend Ukraine, though internet specialists are calling on geeks and other “hacktivists” to stay out of a potentially very dangerous computer war.
According to Livia Tibirna, an analyst at cyber security firm Sekoia, nearly 260,000 people have joined the “IT Army” of volunteer hackers, which was set up at the initiative of Ukraine’s digital minister Mykhailo Fedorov.
The group, which can be accessed via the encrypted messaging service Telegram, has a list of potential targets in Russia, companies and institutions, for the hackers to target.
It’s difficult to judge the effect the cyber-army is having.
Russia Releases List of IPs, Domains Attacking Its Infrastructure with DDoS Attacks
https://thehackernews.com/2022/03/russia-releases-list-of-ips-domains.html
Russia Blocks Access to Facebook Over War
https://www.securityweek.com/russia-blocks-access-facebook-over-war
Russia’s state communications watchdog has ordered to completely block access to Facebook in Russia amid the tensions over the war in Ukraine.
The agency, Roskomnadzor, said Friday it decided to cut access to Facebook over its alleged “discrimination” of the Russian media and state information resources. It said the restrictions introduced by Facebook owner Meta on the RT and other state-controlled media violate the Russian law.
Cyberattack Knocks Thousands Offline in Europe
https://www.securityweek.com/cyberattack-knocks-thousands-offline-europe
Thousands of internet users across Europe have been thrown offline after what sources said Friday was a likely cyberattack at the beginning of Russia’s offensive in Ukraine.
According to Orange, “nearly 9,000 subscribers” of a satellite internet service provided by its subsidiary Nordnet in France are without internet following a “cyber event” on February 24 at Viasat, a US satellite operator of which it is a client.
Eutelsat, the parent company of the bigblu satellite internet service, also confirmed to AFP on Friday that around one-third of bigblu’s 40,000 subscribers in Europe, in Germany, France, Hungary, Greece, Italy and Poland, were affected by the outage on Viasat.
In the US, Viasat said on Wednesday that a “cyber event” had caused a “partial network outage” for customers “in Ukraine and elsewhere” in Europe who rely on its KA-SAT satellite.
Viasat gave no further details, saying only that “police and state partners” had been notified and were “assisting” with investigations.
General Michel Friedling, head of France’s Space Command said there had been a cyberattack.
Cybercriminals Seek to Profit From Russia-Ukraine Conflict
https://www.securityweek.com/cybercriminals-seek-profit-russia-ukraine-conflict
Dark web threat actors are looking to take advantage of the tensions between Russia and Ukraine, offering network access and databases that could be relevant to those involved in the conflict, according to a new report from Accenture.
Since mid-January, cybercriminals have started to advertise compromised assets relevant to the Russia-Ukraine conflict, and they are expected to increase their offering of databases and network access, with potentially crippling effects for the targeted organizations.
Just over a month ago, soon after the destructive WhisperGate attacks on multiple government, IT, and non-profit organizations in Ukraine, threat actors started to advertise on the dark web access to both breached networks and databases that allegedly contained personally identifiable information (PII).
Amid Russian invasion, Ukraine granted formal role with NATO cyber hub https://therecord.media/amid-russian-invasion-ukraine-granted-formal-role-with-nato-cyber-hub/
Ukraine was granted the formal role of “contributing participant” to the hub, known as the Cooperative Cyber Defence Centre of Excellence (CCDCOE), by its 27-member steering committee, the organization announced. “Ukraine’s presence in the Centre will enhance the exchange of cyber expertise, between Ukraine and CCDCOE member nations, ” Col.
Jaak Tarien, the institution’s director, said in a statement.
This Ukrainian cyber firm is offering hackers bounties for taking down Russian sites https://therecord.media/this-ukrainian-cyber-firm-is-offering-hackers-bounties-for-taking-down-russian-sites/
In the days following Russia’s invasion of Ukraine, dozens of hacking groups have taken sides in the conflict, launching attacks on various organizations and government institutions. Cyber Unit Technologies, a Kyiv-based cybersecurity startup, has been particularly outspoken on Tuesday, the company started a campaign to reward hackers for taking down Russian websites and pledged an initial $100, 000 to the program.
High Above Ukraine, Satellites Get Embroiled in the War
https://www.wired.com/story/ukraine-russia-satellites/
While the Russian invasion rages on the ground, companies that operate data-collecting satellites find themselves in an awkward position.
Some researchers are worried that the reliance on satellite imagery has given too much power to the companies that control this technology. “There’s companies like Maxar and Planet that are privately owned and they have the final say on whether or not they want to share the information, ” says Anuradha Damale. The role of private companies in conflicts such as Ukraine means commercial satellites could become targets. In the days before Russia invaded, US space officials warned satellite companies that the conflict could extend into space.
CISA Releases Advisory on Destructive Malware Targeting Organizations in Ukraine https://www.cisa.gov/uscert/ncas/current-activity/2022/02/26/cisa-releases-advisory-destructive-malware-targeting-organizations
CISA and the Federal Bureau of Investigation have released an advisory on destructive malware targeting organizations in Ukraine. The advisory also provides recommendations and strategies to prepare for and respond to destructive malware. Additionally, CISA has created a new Shields Up Technical Guidance webpage that details other malicious cyber activity affecting Ukraine. The webpage includes technical resources from partners to assist organizations against these threats.
Alert: https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
US firms should be wary of destructive malware unleashed on Ukraine, FBI and CISA warn – CNNPolitics
https://www.cnn.com/2022/02/26/politics/ukraine-malware-warning-cybersecurity-fbi-cisa/index.html
EU Activates Cyber Rapid Response Team Amid Ukraine Crisis
https://www.bankinfosecurity.com/eu-activates-cyber-rapid-response-team-amid-ukraine-crisis-a-18584
Amid rapid escalation in the Russia-Ukraine conflict derived from historical grievances and qualms with Ukraine’s plan to join the military alliance NATO, the world’s network defenders remain on high alert. And on Tuesday, the European Union confirmed that it will activate its elite cybersecurity team to assist Ukrainians if Russian cyberattacks occur.
UK alludes to retaliatory cyber-attacks on Russia
https://therecord.media/uk-alludes-to-retaliatory-cyber-attacks-on-russia/
The UK government alluded yesterday that it might launch offensive cyber operations against Russia if the Kremlin attacks UK computer systems after an invasion of Ukraine.
Amazon: Charities, aid orgs in Ukraine attacked with malware
https://www.bleepingcomputer.com/news/security/amazon-charities-aid-orgs-in-ukraine-attacked-with-malware/
Charities and non-governmental organizations (NGOs) providing critical support in Ukraine are targeted in malware attacks aiming to disrupt their operations and relief efforts seeking to assist those affected by Russia’s war. Amazon has detected these attacks while working with the employees of NGOs, charities, and aid organizations, including UNICEF, UNHCR, World Food Program, Red Cross, Polska Akcja Humanitarna, and Save the Children.
Ransomware Used as Decoy in Destructive Cyberattacks on Ukraine
https://www.securityweek.com/ransomware-used-decoy-destructive-cyberattacks-ukraine
Destructive ‘HermeticWiper’ Malware Targets Computers in Ukraine
https://www.securityweek.com/destructive-hermeticwiper-malware-targets-computers-ukraine
Just as Russia was preparing to launch an invasion of Ukraine, Ukrainian government websites were disrupted by DDoS attacks and cybersecurity firms reported seeing what appeared to be a new piece of malware on hundreds of devices in the country.
The new malware, dubbed “HermeticWiper” by the cybersecurity community, is designed to erase infected Windows devices. The name references a digital certificate used to sign a malware sample — the certificate was issued to a Cyprus-based company called Hermetica Digital.
“At this time, we haven’t seen any legitimate files signed with this certificate. It’s possible that the attackers used a shell company or appropriated a defunct company to issue this digital certificate,” explained endpoint security firm SentinelOne, whose researchers have been analyzing the new malware.
The malware has also been analyzed by researchers at ESET and Symantec. Each of the companies has shared indicators of compromise (IoCs) associated with HermeticWiper.
ESET first spotted HermeticWiper on Wednesday afternoon (Ukraine time) and the company said hundreds of computers in Ukraine had been compromised.
HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine https://www.sentinelone.com/labs/hermetic-wiper-ukraine-under-attack/
On February 23rd, the threat intelligence community began observing a new wiper malware sample circulating in Ukrainian organizations. Our analysis shows a signed driver is being used to deploy a wiper that targets Windows devices, manipulating the MBR resulting in subsequent boot failure. This blog includes the technical details of the wiper, dubbed HermeticWiper, and includes IOCs to allow organizations to stay protected from this attack. This sample is actively being used against Ukrainian organizations, and this blog will be updated as more information becomes available. Also:
https://www.welivesecurity.com/2022/02/24/hermeticwiper-new-data-wiping-malware-hits-ukraine/
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ukraine-wiper-malware-russia
https://www.bleepingcomputer.com/news/security/new-data-wiping-malware-used-in-destructive-attacks-on-ukraine/
HermeticWiper: A detailed analysis of the destructive malware that targeted Ukraine https://blog.malwarebytes.com/threat-intelligence/2022/03/hermeticwiper-a-detailed-analysis-of-the-destructive-malware-that-targeted-ukraine/
The day before the invasion of Ukraine by Russian forces on February 24, a new data wiper was unleashed against a number of Ukrainian entities. This malware was given the name “HermeticWiper” based on a stolen digital certificate from a company called Hermetica Digital Ltd. This wiper is remarkable for its ability to bypass Windows security features and gain write access to many low-level data-structures on the disk. In addition, the attackers wanted to fragment files on disk and overwrite them to make recovery almost impossible.
In Ukraine, Online Gig Workers Keep Coding Through the War
https://www.wired.com/story/gig-work-in-ukraine/
Freelancers or gig workers who piece together work on online platforms are a hidden engine of the Ukrainian economyand the world’s. They work as software engineers, project managers, IT technicians, graphic designers, editors, and copywriters. And they work for everyone.
Invading Russian forces have plunged freelancers’ home offices into chaos and uncertainty. Vlad, a video editor in southern Ukraine, says he’s grown accustomed to the air alarm signal, and hiding until it has passed. Now there are battles 30 miles from his home. “But as long as there is water, electricity, and internet, I can work, ” he says.
“Because we all need to live for something, eat
Leaving Russia? Experts Say Wipe Your Phone Before You Go
https://www.forbes.com/sites/thomasbrewster/2022/03/04/russians-escaping-putins-repression-urged-to-wipe-their-phones/
Russians fleeing President Vladimir Putin’s regime as it cracks down on anti-war sentimentand rumors of martial law grow louderare being advised to wipe their phones, especially of any traces of support for Ukraine. If they don’t, experts say they may face detention. They’re starting by deleting messages on Signal, Telegram or any app that promises security. For those leaving the country, they’re deleting the apps themselves, and urging others to do the same. Russian media has first-hand accounts of lengthy interrogations at the border, along with phone and laptop searches, though Forbes could not corroborate those claims.
Why ICANN Won’t Revoke Russian Internet Domains
The organization says cutting the country off would have “devastating” effects on the global internet system.
https://www.wired.com/story/why-icann-wont-revoke-russian-internet-domains/#intcid=_wired-bottom-recirc_8e802014-a05f-48c5-89e8-9dad931361ad_text2vec1-reranked-by-vidi
Ukraine on Monday asked ICANN to revoke Russian top-level domains such as .ru, .рф, and .su; to “contribute to the revoking for SSL certificates” of those domains; and to shut down DNS root servers in Russia. Fedorov argued that the requested “measures will help users seek for reliable information in alternative domain zones, preventing propaganda and disinformation.”
Ukraine’s request to cut Russia off from core parts of the internet has been rejected by the nonprofit group that oversees the Internet’s Domain Name System (DNS). CEO Göran Marby of the Internet Corporation for Assigned Names and Numbers (ICANN) said the group must “maintain neutrality and act in support of the global internet.”
“Our mission does not extend to taking punitive actions, issuing sanctions, or restricting access against segments of the internet—regardless of the provocations,” Marby wrote in his response to Ukraine Vice Prime Minister Mykhailo Fedorov.
https://www.icann.org/en/system/files/correspondence/marby-to-fedorov-02mar22-en.pdf
TikTok Was Designed for War
As Russia’s invasion of Ukraine plays out online, the platform’s design and algorithm prove ideal for the messiness of war—but a nightmare for the truth.
https://www.wired.com/story/ukraine-russia-war-tiktok/#intcid=_wired-bottom-recirc_8e802014-a05f-48c5-89e8-9dad931361ad_text2vec1-reranked-by-vidi
2,362 Comments
Tomi Engdahl says:
https://coderoasis.com/hacktivism-social-justice-through-data-leaks-and-defacements/
Tomi Engdahl says:
SpaceX shut down a Russian electromagnetic warfare attack in Ukraine last month — and the Pentagon is taking notes
https://news.yahoo.com/spacex-shut-down-russian-electromagnetic-190254556.html
Tomi Engdahl says:
SpaceX beating Russian jamming attack was ‘eyewatering’: DoD official
https://breakingdefense.com/2022/04/spacex-beating-russian-jamming-attack-was-eyewatering-dod-official/
“The way that Starlink was able to upgrade when a threat showed up, we need to be able to have that ability,” said Dave Tremper, the Pentagon’s director of electronic warfare. “We have to be able to change our electromagnetic posture, to be able to change very dynamically what we’re trying to do without losing capability along the way.”
Tomi Engdahl says:
Kaj Stenvallin töissä Putin kylpee veressä ja ottaa selfieitä – Suomalaistaiteilijan teokset leviävät nyt maailmalla
Kaj Stenvall yrittää löytää satiirisissa töissään harmaan alueen, sillä Putinin kritisointiin sisältyy riskejä.
https://www.hs.fi/kulttuuri/art-2000008765446.html
Tomi Engdahl says:
https://techthelead.com/russian-developers-get-their-github-accounts-suspended-lose-work-without-warning/
Tomi Engdahl says:
https://www.cbsnews.com/news/russia-cyberattacks-60-minutes-2022-04-17/#l23x6z8f2ia9dj38n4n
Tomi Engdahl says:
https://www.thedefensepost.com/2022/04/13/russia-electronic-warfare-failure-ukraine/
Tomi Engdahl says:
https://thehackernews.com/2022/04/new-hacking-campaign-targeting.html
Tomi Engdahl says:
https://www.verkkouutiset.fi/a/tama-saa-sotilaan-hyokkaamaan-siviileja-vastaan/#ea96f32c
Tomi Engdahl says:
https://www.rferl.org/a/soviet-monument-destroyed-war-ukraine-russia/31823629.html
Statues and memorials built to glorify and commemorate the Soviet Union and the Red Army have been torn down — in one case illegally, in several countries amid outrage at the Russian invasion of Ukraine.
On the same day workers in Kyiv dismantled a Soviet-era monument to friendship between Ukraine and Russia, far to the north in Latvia a Red Army memorial stone was being pulled out of the ground.
The following photos show the destruction of Soviet monuments — which many see as symbolic of historical Kremlin oppression — that has taken place across Europe since Russia launched its invasion of Ukraine on February 24.
Tomi Engdahl says:
The hybrid war in Ukraine
https://blogs.microsoft.com/on-the-issues/2022/04/27/hybrid-war-ukraine-russia-cyberattacks/
Today, we released a report detailing the relentless and destructive Russian cyberattacks weve observed in a hybrid war against Ukraine, and what weve done to help protect Ukrainian people and organizations.. full report https://aka.ms/ukrainespecialreport
Tomi Engdahl says:
US offers $10 million reward for tips on Russian Sandworm hackers https://www.bleepingcomputer.com/news/security/us-offers-10-million-reward-for-tips-on-russian-sandworm-hackers/
The U.S. is offering up to $10 million to identify or locate six Russian GRU hackers who are part of the notorious Sandworm hacking group.
BRONZE PRESIDENT Targets Russian Speakers with Updated PlugX https://www.secureworks.com/blog/bronze-president-targets-russian-speakers-with-updated-plugx
The threat groups targeting shift could reflect a change in Chinas intelligence collection requirements due to the war in Ukraine.
Tomi Engdahl says:
Assembling the Russian Nesting Doll: UNC2452 Merged into APT29
https://www.mandiant.com/resources/unc2452-merged-into-apt29
Mandiant has gathered sufficient evidence to assess that the activity tracked as UNC2452, the group name used to track the SolarWinds compromise in December 2020, is attributable to APT29.
Tomi Engdahl says:
Russian govt impersonators target telcos in phishing attacks https://www.bleepingcomputer.com/news/security/russian-govt-impersonators-target-telcos-in-phishing-attacks/
A previously unknown and financially motivated hacking group is impersonating a Russian agency in a phishing campaign targeting entities in Eastern European countries.
Tomi Engdahl says:
A deeper look at hacking groups and malware targeting Ukraine https://therecord.media/a-deeper-look-at-hacking-groups-and-malware-targeting-ukraine/
Ukraines main cybersecurity incident response team released a list on Friday of the five most persistent hacking groups and malware families attacking Ukraines critical infrastructure. . According to the Computer Emergency Response Team of Ukraine (CERT-UA), the country has recorded 802 cyberattacks since Russia invaded the country earlier this year. That compares to just 362 documented attacks during the same time last year, CERT-UA said
Tomi Engdahl says:
Miksi venäläisten panssarivaunujen tornit lentävät kuin korkit? ”Kyseessä on suunnitteluvika”, sanoo tutkija CNN:lle
https://www.hs.fi/ulkomaat/art-2000008779671.html
Automaattinen ammusten latausjärjestelmä säästää miehistön määrässä, mutta se voi heikentää panssarivaunujen turvallisuutta.
Tomi Engdahl says:
Cyberattacks Rage in Ukraine, Support Military Operations https://threatpost.com/cyberwar-ukraine-military/179421/
At least five APTs are believed involved with attacks tied ground campaigns and designed to damage Ukraine’s digital infrastructure.
Tomi Engdahl says:
Ukraine targeted by DDoS attacks from compromised WordPress sites https://www.bleepingcomputer.com/news/security/ukraine-targeted-by-ddos-attacks-from-compromised-wordpress-sites/
Ukraine’s computer emergency response team (CERT-UA) has published an announcement warning of ongoing DDoS (distributed denial of service) attacks targeting pro-Ukraine sites and the government web portal.
Tomi Engdahl says:
A Chilling Russian Cyber Aim in Ukraine: Digital Dossiers
https://www.securityweek.com/chilling-russian-cyber-aim-ukraine-digital-dossiers
Russia’s relentless digital assaults on Ukraine may have caused less damage than many anticipated. But most of its hacking is focused on a different goal that gets less attention but has chilling potential consequences: data collection.
Ukrainian agencies breached on the eve of the Feb. 24 invasion include the Ministry of Internal Affairs, which oversees the police, national guard and border patrol. A month earlier, a national database of automobile insurance policies was raided during a diversionary cyberattack that defaced Ukrainian websites.
The hacks, paired with prewar data theft, likely armed Russia with extensive details on much of Ukraine’s population, cybersecurity and military intelligence analysts say. It’s information Russia can use to identify and locate Ukrainians most likely to resist an occupation, and potentially target them for internment or worse.
“Fantastically useful information if you’re planning an occupation,” Jack Watling, a military analyst at the U.K. think tank Royal United Services Institute, said of the auto insurance data, “knowing exactly which car everyone drives and where they live and all that.”
As the digital age evolves, information dominance is increasingly wielded for social control, as China has shown in its repression of the Uyghur minority. It was no surprise to Ukrainian officials that a prewar priority for Russia would be compiling information on the citizenry.
“The idea was to kill or imprison these people at the early stages of occupation,” Victor Zhora, a senior Ukrainian cyber defense official, alleged.
Aggressive data collection accelerated just ahead of the invasion, with hackers serving Russia’s military increasingly targeting individual Ukrainians, according to Zhora’s agency, the State Service for Special Communications and Information Protection.
Tomi Engdahl says:
Defending Your Business Against Russian Cyberwarfare
https://www.securityweek.com/defending-your-business-against-russian-cyberwarfare
We are likely to see Russian state sponsored attacks escalate as the West continues to increase sanctions and support Ukraine
The eyes of the world are focused on the war in Ukraine. As expected, Russia has targeted Ukraine with cyberattacks first, and much of the West is wondering when Russia will also retaliate against countries supporting Ukraine. Most agree that some attacks are already in progress, and the attacks against western entities are sure to escalate as the war continues and more sanctions are put in place.
The first wave of companies targeted by the Russian state, and threat actors it supports, will be those that suspend Russian operations or take direct action to support Ukraine. Information operations and subversion against these companies will likely ensue. In the event of Russian cyberwarfare, reviewing the industries, styles, and objectives of their attacks can help organizations to prepare and implement more robust defenses. These defenses include actions both inside and outside an enterprise’s perimeter.
Common Types of Cyber Attacks
Russia-led cyberattacks have increased since the Russian invasion of Ukraine, and Russian cyber threat actors will likely use one or more of the following means to retaliate against companies and people on opposing sides of the war:
● Ransomware – The most used type of cyber threat to attack private industry since 2021
● Email Phishing – A commonly used technique to gain access to privileged information and networks
● Credential Stuffing – Another commonly used technique, which largely targets C-Suite executives and gamers for access to their accounts to gain access to privileged information and for financial gain
While these attacks are not new, they are increasingly concerning.
Objectives of High Profile Cyber Attacks By Russian Cyber Actors
The Russian government and Russian cyber criminals targeted private industry in multiple incidents over the past year. Historically, these APT actors have used common but effective tactics—including spear phishing, brute force, and exploiting known vulnerabilities against accounts and networks with weak security—to gain initial access to target networks. We believe there are three primary objectives that will drive Russian cyber actors, both criminal and government, to target those networks:
● Influence – This involves preparing a target for military or economic combat and creating a social media environment where non-Russian companies and entities look weak so that the Russian economic environment and Russian companies can look comparatively strong.
● Retribution – In response to the support of the Ukrainian resistance, ransomware could increase, and in some cases, it is possible that ransom will no longer be a means of resolution. Businesses that have withdrawn operations from Russia may be threatened with an attack unless they agree to resume Russian operations.
● Gain – As sanctions increase and expand, Russian corporations may choose to ignore global intellectual property laws and pay cyber threat actors to target non-Russian corporate IP, in a style similar to that seen with Chinese threat actors.”
Russia will try to inflict economic damage similar to the GRU-backed 2017 NotPetya attacks that resulted in worldwide revenue losses greater than $10 billion. Although Russia has not yet escalated cyberattacks– likely due to their focus on Ukrainian operations – we are likely to see Russian state sponsored attacks escalate as the West continues to increase sanctions and support Ukraine.
Tomi Engdahl says:
https://blogs.microsoft.com/on-the-issues/2022/04/27/hybrid-war-ukraine-russia-cyberattacks/
https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4Vwwd
Tomi Engdahl says:
Chinese Cyberspies Targeting Russian Military
https://www.securityweek.com/chinese-cyberspies-targeting-russian-military
A China-linked state-sponsored cyberespionage group has started targeting the Russian military in recent attacks, which aligns with China’s interests in the Russia-Ukraine war, Secureworks reports.
Tracked as Mustang Panda, Bronze President, RedDelta, and TA416, the government-backed hacking group previously focused mainly on the Southeast Asian region, with some attacks targeting Europe and the United States.
Over the past several months, however, in line with the escalating tensions between Russia and Ukraine, Mustang Panda switched to targeting European diplomats with an updated variant of the PlugX backdoor.
According to Secureworks, a recently captured malicious file shows that Mustang Panda has started targeting Russian military personnel close to the Chinese border.
The malicious file has the Russian name of “Blagoveshchensk – Blagoveshchensk Border Detachment,” uses a PDF icon for credibility, but has an EXE extension.
“Blagoveshchensk is a Russian city close to the China border and is home to the 56th Blagoveshchenskiy Red Banner Border Guard Detachment. This connection suggests that the filename was chosen to target officials or military personnel familiar with the region,” a new Secureworks report reads.
Tomi Engdahl says:
A Chilling Russian Cyber Aim in Ukraine: Digital Dossiers
https://www.securityweek.com/chilling-russian-cyber-aim-ukraine-digital-dossiers
Russia’s relentless digital assaults on Ukraine may have caused less damage than many anticipated. But most of its hacking is focused on a different goal that gets less attention but has chilling potential consequences: data collection.
Ukrainian agencies breached on the eve of the Feb. 24 invasion include the Ministry of Internal Affairs, which oversees the police, national guard and border patrol. A month earlier, a national database of automobile insurance policies was raided during a diversionary cyberattack that defaced Ukrainian websites.
The hacks, paired with prewar data theft, likely armed Russia with extensive details on much of Ukraine’s population, cybersecurity and military intelligence analysts say. It’s information Russia can use to identify and locate Ukrainians most likely to resist an occupation, and potentially target them for internment or worse.
“Fantastically useful information if you’re planning an occupation,” Jack Watling, a military analyst at the U.K. think tank Royal United Services Institute, said of the auto insurance data, “knowing exactly which car everyone drives and where they live and all that.”
Tomi Engdahl says:
Russia Coordinating Cyberattacks With Military Strikes in Ukraine: Microsoft
https://www.securityweek.com/russia-coordinating-cyberattacks-military-strikes-ukraine-microsoft
Tomi Engdahl says:
Same malicious traffic pushing the freedom rallies, rebel media and trying to influence rolling thunder currently.
https://www.theguardian.com/world/2022/may/01/troll-factory-spreading-russian-pro-war-lies-online-says-uk?fbclid=IwAR38_rnSelObRIAlrpHZzA4uSftwYLE5A1Ka60kUeZqLi81n82niqnkxZJI
Tomi Engdahl says:
Fake USA for UNHCR site wants your Ukraine donations in Bitcoin https://blog.malwarebytes.com/social-engineering/2022/04/fake-usa-for-unhcr-site-wants-your-ukraine-donations-in-bitcoin/
There’s a spam campaign encouraging you to donate to or support Ukraine
Tomi Engdahl says:
Russian hacktivists launch DDoS attacks on Romanian govt sites https://www.bleepingcomputer.com/news/security/russian-hacktivists-launch-ddos-attacks-on-romanian-govt-sites/
The Romanian national cyber security and incident response team, DNSC, has issued a statement about a series of distributed denial-of-service
(DDoS) attacks targeting several public websites managed by the state entities.
Tomi Engdahl says:
A YouTuber is promoting DDoS attacks on Russia how legal is this?
https://www.bleepingcomputer.com/news/security/a-youtuber-is-promoting-ddos-attacks-on-russia-how-legal-is-this/
A YouTube influencer with hundreds of thousands of subscribers is encouraging followers to conduct cyber warfare against Russia.
A YouTube influencer with hundreds of thousands of subscribers is encouraging followers to conduct cyber warfare against Russia.
In a plea made this week on his channel, the YouTuber demonstrated how viewers could download a free pen-testing (DDoS) tool called Liberator and “stop that Russian propaganda machine.”
Albeit the cause might seem worthwhile and appealing, how legal is DDoS, and can users get in trouble?
The YouTube video in question has thus far generated over 86,000 views and counting at the time of writing.
“I need your help to support Ukraine! For the past few weeks, there have been numerous disinformation campaigns and fake news from the Russian government,” says the YouTuber.
“These fake news flooded the media and had different effects around the globe.”
“Very rarely do I ask people for help, but this is a situation where you can join the cyber warfare against Russia to stop that Russian propaganda machine,” continued Boxmining.
Without wasting time, Boxmining quickly demonstrates how can you download an offensive security tool called ‘Liberator’ and partake in conducting cyber warfare against Russia using nothing other than your own computers and a VPN connection.
Created by the hacktivist group, ‘disBalancer,’ the Liberator app works by using your computer to attack Russian websites that spread misinformation related to current events.
Of all cyberattacks, DDoS can be fairly easy to conduct as it involves no “hacking” or breaching the target—merely flooding the servers with repeated web requests (packets) can cause them to “freeze” for some time and cease serving webpages.
This is probably why, both hacktivist groups and threat actors including ransomware and extortion gangs, have leveraged DDoS attacks against their targets at some point.
More recently, Russian hacktivist group “Killnet” has launched DDoS attacks on Romanian government sites.
YouTube’s policies generally prohibit content that demonstrates how to use computers and IT equipment to conduct hacking, but the policy appears to more specifically apply to instructions on stealing credentials, compromising personal data, and causing “serious harm to others,” by hacking their social media accounts.
And, that makes DDoS videos a gray area—at least on YouTube.
The legality of it all: are you at risk?
Russia’s ongoing invasion of Ukraine has now lasted well over two months and the war is having devastating consequences on the Ukrainian people and their families.
However, when conducting cyber warfare, how much are you legally in the clear, and could it backfire?
The YouTuber behind the video says he’s spoken to one of disBalancer’s advisors, Dyma Budorin, and explains:
“This is nothing related to anything malicious that’s being done on the app but rather because of the actions of what the bot is gonna do it will start attacking Russian websites so yeah it gets flagged,” Boxmining articulates his understanding of Liberator, but we are not quite sure of this claim.
Conducting DDoS attacks is a criminal offense in most jurisdictions.
Under the U.S. Computer Fraud and Abuse Act (CFAA), those found guilty of engaging in DDoS can face up to 10 years in prison. UK’s Computer Misuse Act of 1990 outlaws DDoS attacks as well. And, Dutch law includes similar legislation.
Even the use of “booter services and stressers” violates these acts.
These words are not taken lightly, as the US Department of Justice has sentenced numerous people for conducting DDoS attacks in the past, including attacks against gamers, using IoT devices to conduct attacks, and for running DDoS services.
No encryption: your identity may be at risk
While the video has been praised by many, who appreciated the effort, some have raised concerns that this could be a “dangerous use” of the YouTuber’s audience reach and put viewers in jeopardy.
A user calls out the illegality of Liberator
And it seems, the YouTube user Junk, may actually be right.
Last month, cyber security researchers at Avast Threat Labs warned against joining DDoS attacks against Russia as compelling as the cause may seem, and specifically looked at disBalancer’s app:
“The first thing this program does is register the user, including personal information like location (derived from the IP address) and username. When the user starts the attack, this registration runs in the background without their knowledge,” explains Michal Salát, Avast’s threat intel director and malware analyst.
“This information runs over the unencrypted HTTP protocol to the C&C server, which means it can be easily intercepted. Additionally, there’s no way to know what site you’re attacking, so you have to trust the author about the sites they claim to target.”
A worst-case scenario surmised by Avast Threat Labs is, should the C&C server be compromised, everyone taking part in the DDoS attack could be identified by their username and location.
“That not only would put them in danger, but they could also be tricked into attacking a different target,” further explain Avast’s researchers.
Radware’s director of threat intelligence, Pascal Geenens also weighed in on the matter.
“Hacktivists have been anonymously promoting and educating members on how to use DDoS attack tools in the darker corners of YouTube, but an influencer with over 250k subscribers posting a professionally edited video is bringing hacktivism into a new era,” Geenens told BleepingComputer in an email.
“People around the globe are volunteering their systems to be turned it into a mass DDoS weapon of destruction leveraged in a cyber conflict between nations.”
“I’m sympathizing with the people who oppose war propaganda, but I’m concerned how this will evolve beyond the current conflict.”
“Rules are being rewritten. Is DDoS a crime? A word of caution. Depending on the perspective, DDoS will be considered and prosecuted as a crime.”
Therefore, prior to engaging in risky activities online, including hacktivism, users are advised to conduct their own research to ensure they are not violating any laws and not exposing themselves to other risks.
Tomi Engdahl says:
Joseph Menn / Washington Post:
Hacking Russian targets was once considered off-limits by some, but after invading Ukraine the country has been hit by an unprecedented wave of cyberattacks
Hacking Russia was off-limits. The Ukraine war made it a free-for-all.
https://www.washingtonpost.com/technology/2022/05/01/russia-cyber-attacks-hacking/
Experts anticipated a Moscow-led cyber-assault; instead, unprecedented attacks by hacktivists and criminals have wreaked havoc in Russia
For more than a decade, U.S. cybersecurity experts have warned about Russian hacking that increasingly uses the labor power of financially motivated criminal gangs to achieve political goals, such as strategically leaking campaign emails.
Prolific ransomware groups in the last year and a half have shut down pandemic-battered hospitals, the key fuel conduit Colonial Pipeline and schools; published sensitive documents from corporate victims; and, in one case, pledged to step up attacks on American infrastructure if Russian technology was hobbled in retribution for the invasion of Ukraine.
Yet the third month of war finds Russia, not the United States, struggling under an unprecedented hacking wave that entwines government activity, political voluntarism and criminal action.
Digital assailants have plundered the country’s personal financial data, defaced websites and handed decades of government emails to anti-secrecy activists abroad. One recent survey showed more passwords and other sensitive data from Russia were dumped onto the open Web in March than information from any other country.
The published documents include a cache from a regional office of media regulator Roskomnadzor that revealed the topics its analysts were most concerned about on social media — including antimilitarism and drug legalization — and that it was filing reports to the FSB federal intelligence service, which has been arresting some who complain about government policies.
A separate hoard from VGTRK, or All-Russia State Television and Radio Broadcasting Co., exposed 20 years of emails from the state-owned media chain and is “a big one” in expected impact, said a researcher at cybersecurity firm Recorded Future who spoke on the condition of anonymity to discuss his work on dangerous hacking circles.
The broadcasting cache and some of the other notable spoils were obtained by a small hacktivist group formed as the war began looking inevitable, called Network Battalion 65.
“Federation government: your lack of honor and blatant war crimes have earned you a special prize,” read one note left on a victim’s network. “This bank is hacked, ransomed and soon to have sensitive data dumped on the Internet.”
In its first in-depth interview, the group told The Washington Post via encrypted chat that it gets no direction or assistance from government officials in Ukraine or elsewhere.
“We pay for our own infrastructure and dedicate our time outside of jobs and familial obligations to this,” an unnamed spokesperson said in English. “We ask nothing in return. It’s just the right thing to do.”
Christopher Painter, formerly the top U.S. diplomat on cyber issues, said the surge in such activity risked escalation and interference with covert government operations. But so far, it appears to be helping U.S. goals in Russia.
“Are the targets worthy? Yes,” Painter said. “It’s an interesting trend that they are now being the target of all this.”
Painter warned that Russia still has offensive capabilities, and U.S. officials have urged organizations to prepare for an expected Russian cyber-assault, perhaps held to be deployed in a moment of maximum leverage.
Tomi Engdahl says:
Space X’s Starlink internet constellation has angered Russiα as it was reported that the Starlink satellite constellation was used to guide the fire on Moskva.
Russiα Announces Space Wαr On Elon Musk’s Starlink Satellites, Accepts Moskva Was Attαcked
https://theupdatepost.com/russi-announces-space-wr-on-elon-musks-starlink-satellites-accepts-moskva-was-attcked/
Space X’s Starlink internet constellation has angered Russiα as it was reported that the Starlink satellite constellation was used to guide the fire on Moskva
Space X’s Starlink internet constellation has angered Russiα as it was reported that the Starlink satellite constellation was used to guide and modify fire on the Black Sea Fleet’s flagship, the cruiser Moskva and it sank because of that.
This was revealed by new data from the Russiαn Federation’s General Staff.
Dmitry Medvedev, who has ordered to destroy the Starlink satellite constellation located over Russiαn Federation territory, the special military operation zone and the Black Sea basin in order to ensure the security of all units participating in the special military operation.
He further stated that Russiα has no intentions to militarize outer space but it will also not allow others to do so suggesting that it will take action against whoever tries to militarize outer space.
Starlink satellite technology assisting Ukrαiniαn drone units
Earlier, it was reported that Elon Musk’s Starlink satellite technology is assisting an elite Ukrαiniαn drone unit in destroying Russiαn weapons, according to the Times of London.
The Aerorozvidka, which is a unit of the Ukrαiniαn Ground Forces specialising in aerial reconnaissance and drone warfare uses drones equipped with infrared cameras to observe Russiαn military equipment such as tanks and command vessels at night.
Moskva’s loss comes as serious blow to Russiα
Moskva’s loss comes as a serious blow to the Russiαn military as it was no ordinary ship, it was the Russiαn Black Sea fleet’s flagship.
The sinking of this ship has left a big hole in Russiαn air defence in the Black Sea, exposing all Russiαn ships operating near Odesa.
Tomi Engdahl says:
“Me emme ammu, mutta voimme tehdä jotain aivoillamme” – ukrainalaisinsinöörit rakentavat ja korjaavat droneja, mikropiireissä on viesti Venäjän sotilaille
https://ilkkapohjalainen.fi/ulkomaat/me-emme-ammu-mutta-voimme-tehda-jotain-aivoillamme-ukrainalaisinsinoorit-rakentavat-ja-korjaavat-droneja-mikropiireissa-on-viesti-venajan-sotilaille
Toimistopöytien ääressä toistakymmentä nuorta miestä työskentelee keskittyneesti pienten komponenttien ja tietokoneiden parissa. Yhdellä pöydällä on mikropiirejä, joihin Venäjän sotilaille kirjoitetaan terveiset: “painu vittuun”.
Insinööri Maksim Sheremet, 27, kertoo, että huoneessa rakennetaan ryhmän itse kehittämää kuvauskopteria. Pienikokoisessa kopterissa on sekä tavallinen että lämpökamera.
– Siinä on kiinalaiset komponentit, mutta meidän runko, patterit ja ohjelmisto.
Nyt droneja muunnellaan siten, että ne voivat kuljettaa ja pudottaa ammuksia. Sheremet näyttää. Hän kiinnittää kopterin pohjaan tarranauhoilla riippumaan noin puolentoista litran pullon kokoisen putkilon. Napista painetaan, drone vapauttaa remmit ja putkilo putoaa.
Tomi Engdahl says:
Ukraine has formally closed its four Black and Azov sea ports, which Russian forces have captured, the Ukrainian agriculture ministry said
https://www.reuters.com/world/europe/ukraine-formally-closes-seaports-captured-by-russia-2022-05-02/?utm_medium=Social&utm_source=Facebook
Tomi Engdahl says:
Venäjä peukaloi miehitetyn alueen verkkoja dramaattinen muutos internetin käytössä https://www.is.fi/digitoday/art-2000008788268.html
Venäjä korvasi ukrainalaisen teleoperaattorin yhteyden omillaan Hersonissa.
Tomi Engdahl says:
Venäjä peukaloi miehitetyn alueen verkkoja – dramaattinen muutos internetin käytössä
Venäjä korvasi ukrainalaisen teleoperaattorin yhteyden omillaan Hersonissa.
https://www.is.fi/digitoday/art-2000008788268.html
Venäjä on alkanut reitittää miehittämänsä ukrainalaisalueen internet-liikennettä omien tietoverkkojensa kautta, kertoo verkkoliikennettä tarkkaileva NetBlocks.
Hersontelekom-teleoperaattorin Skynet-verkkoyhteydet katkesivat Hersonissa eteläisessä Ukrainassa kuun vaihteessa, ja ne palautettiin osittain toimimaan noin vuorokauden viiveellä venäläisen Rostelekomin verkon kautta.
Tietoliikenneammattilaisten sosiaalisessa mediassa esittämissä kommenteissa asiaa on tulkittu siten, että Venäjä pyrkii korvaamaan ukrainalaisen verkkoinfrastruktuurin omallaan. Tämän on tulkittu olevan todiste siitä, että Venäjä aikoo liittää Hersonin alueen itseensä.
Verkkoliikenteen reitittäminen Venäjän kautta tarkoittaa myös sitä, että alueen asukkaat joutuvat Venäjän internet-kuplaan. Verkossa sotasensuuri tarkoittaa muun muassa Facebookin, Instagramin, Twitterin, BBC:n ja Ilta-Sanomien kaltaisten läntisten sosiaalisen median ja uutispalveluiden estämistä.
Venäläisoperaattoreilla on myös laajat tiedonkeruuvelvoitteet käyttäjistään.
Tomi Engdahl says:
https://etn.fi/index.php/13-news/13514-putin-heikentaeae-teknologia-alan-naekymiae
Tomi Engdahl says:
For Once, The Long Arm Of John Deere Presses The Right Button
https://hackaday.com/2022/05/02/for-once-the-long-arm-of-john-deere-presses-the-right-button/
Over many years now we’ve covered right-to-repair stories, and among them has been a constant bête noire. The American farm machinery manufacturer John Deere whose instantly recognisable green and yellow tractors have reliably tilled the soil for over a century, have become the poster child for inappropriate use of DRM. It’s enough to make any farmer see red, but there’s a story from CNN which shows another side to manufacturer control. A Deere dealership in Melitopol, Ukraine, was looted by invading Russian forces, who took away an estimated $5m worth of farm machinery. The perfect crime perhaps, save for the Deere computer system being used to remotely disable them leaving the crooks with combine harvesters they can’t even start.
It makes for a good news story showing the Ukranians getting one over on the looters, and since on-farm thefts are a hot topic anywhere in the world it’s not entirely unexpected that Deere would have incorporated a kill-switch in their products.
Russians plunder $5M farm vehicles from Ukraine — to find they’ve been remotely disabled
https://edition.cnn.com/2022/05/01/europe/russia-farm-vehicles-ukraine-disabled-melitopol-intl/index.html
CNN)Russian troops in the occupied city of Melitopol have stolen all the equipment from a farm equipment dealership — and shipped it to Chechnya, according to a Ukrainian businessman in the area.
But after a journey of more than 700 miles, the thieves were unable to use any of the equipment — because it had been locked remotely.
Over the past few weeks there’s been a growing number of reports of Russian troops stealing farm equipment, grain and even building materials – beyond widespread looting of residences. But the removal of valuable agricultural equipment from a John Deere dealership in Melitopol speaks to an increasingly organized operation, one that even uses Russian military transport as part of the heist.
Tomi Engdahl says:
Hakkerit iskivät arkaan paikkaan – kohteena Venäjän viinanmyynti https://www.is.fi/digitoday/tietoturva/art-2000008790052.html
Tomi Engdahl says:
Hakkerit iskivät arkaan paikkaan kohteena Venäjän viinanmyynti https://www.is.fi/digitoday/tietoturva/art-2000008790052.html
Ukrainan johtama vapaaehtoisten hakkerien joukko häiritsee Venäjän alkoholin myynnin ja valmistuksen raportointijärjestelmää
Tomi Engdahl says:
Länsimaat pitävät yhä huolen, ettei Putinin sotakassa hupene – ja rahaa seuraamalla voi löytää todellisen syntipukin
Rahan seuraaminen ei ole helppoa, mutta yritetään, kirjoittaa Riku Rantala kolumnissaan.
https://www.hs.fi/hyvinvointi/art-2000008782265.html?share=95a6361ae96fbc1601305e9ab4babfa2
Tomi Engdahl says:
Ukraine has lost up to $600 billion as a result of Russia’s invasion, with $92 billion of damage to its infrastructure, according to a study released by the Kyiv School of Economics on Tuesday. https://trib.al/XIfb61E
Tomi Engdahl says:
Ukraine War Themed Files Become the Lure of Choice for a Wide Range of Hackers
https://thehackernews.com/2022/05/ukraine-war-themed-files-become-lure-of.html
A growing number of threat actors are using the ongoing Russo-Ukrainian war as a lure in various phishing and malware campaigns, even as critical infrastructure entities continue to be heavily targeted.
“Government-backed actors from China, Iran, North Korea and Russia, as well as various unattributed groups, have used various Ukraine war-related themes in an effort to get targets to open malicious emails or click malicious links,” Google Threat Analysis Group’s (TAG) Billy Leonard said in a report.
“Financially motivated and criminal actors are also using current events as a means for targeting users,” Leonard added.
Tomi Engdahl says:
DATA AS A WEAPON: PSYCHOLOGICAL OPERATIONS IN THE AGE OF IRREGULAR INFORMATION THREATS
https://mwi.usma.edu/data-as-a-weapon-psychological-operations-in-the-age-of-irregular-information-threats/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/russian-hackers-compromise-embassy-emails-to-target-governments/
Tomi Engdahl says:
Pro-Ukraine hackers use Docker images to DDoS Russian sites https://www.bleepingcomputer.com/news/security/pro-ukraine-hackers-use-docker-images-to-ddos-russian-sites/
Docker images with a download count of over 150, 000 have been used to run distributed denial-of-service (DDoS) attacks against a dozen Russian and Belarusian websites managed by government, military, and news organizations. [Source https://www.crowdstrike.com/blog/compromised-docker-honeypots-used-for-pro-ukrainian-dos-attack/
Tomi Engdahl says:
Russian Invasion of Ukraine and Sanctions Portend Rise in Card Fraud https://www.recordedfuture.com/russian-invasion-of-ukraine-and-sanctions-portend-rise-in-card-fraud/
The Russian invasion of Ukraine has created a humanitarian crisis and caused immeasurable human suffering. In response, Western countries have imposed sanctions on Russia, and many global companies have chosen to cease or severely limit the scope of their operations in Russia. These measures have drastically limited the flow of financial transactions between Russia and the West. Unfortunately, from the perspective of card fraud one of the most pervasive forms of financially motivated cybercrime these measures do not prevent Russia-based threat actors from compromising payment cards or monetizing cards through cashout schemes.
Tomi Engdahl says:
Russia-Ukraine Cyber Activity Makes Security Best Practices Imperative https://www.paloaltonetworks.com/blog/2022/03/russia-ukraine-cyber-activity-best-practices/
The White House and U.S. Cybersecurity and Infrastructure Security Agency (CISA) have recently warned that Russia could launch disruptive cyberattacks against organizations in the U.S., NATO member countries and allies that support Ukraine. Unit 42 has documented related cyberattacks in Ukraine over the past month. Given that U.S. officials note that evolving intelligence points to potentially destructive cyberattacks, we feel it is essential to encourage all organizations, as soon as possible, to review your cybersecurity policies and incident response plans, as well as to enhance your security posture.
The article contains recommendations that organizations can quickly employ to put protections in place now, as well as some long-term ongoing cyber hygiene best practices.
Tomi Engdahl says:
German Finance Watchdog Sees ‘Very Big’ Risk of Cyberattacks
By AFP on May 03, 2022
https://www.securityweek.com/german-finance-watchdog-sees-very-big-risk-cyberattacks
Germany’s financial regulator BaFin warned Tuesday of the “very big” risk of cyberattacks targeting the financial sector, a threat it said had become “more likely” since Russia’s war on Ukraine.
“The risk that companies in the financial sector will fall victim to cyberattacks or that internal IT security incidents will occur is very big and very present,” BaFin president Mark Branson told a press conference.
In extreme cases, “such incidents could damage the stability of the financial system”, he said.
“Are we prepared for a really serious security incident? If we are honest, we don’t know,” Branson added.
Ukraine and its Western allies have been on heightened alert for potential Russian hacking attempts since Moscow invaded its neighbour on February 24.
The “Five Eyes” intelligence sharing network — consisting of the United States, Britain, Canada, Australia and New Zealand — warned in April that “evolving intelligence” indicated Russia was planning massive cyberattacks against rivals supporting Ukraine.
Tomi Engdahl says:
Defending Your Business Against Russian Cyberwarfare
https://www.securityweek.com/defending-your-business-against-russian-cyberwarfare
We are likely to see Russian state sponsored attacks escalate as the West continues to increase sanctions and support Ukraine
The eyes of the world are focused on the war in Ukraine. As expected, Russia has targeted Ukraine with cyberattacks first, and much of the West is wondering when Russia will also retaliate against countries supporting Ukraine. Most agree that some attacks are already in progress, and the attacks against western entities are sure to escalate as the war continues and more sanctions are put in place.
The first wave of companies targeted by the Russian state, and threat actors it supports, will be those that suspend Russian operations or take direct action to support Ukraine. Information operations and subversion against these companies will likely ensue. In the event of Russian cyberwarfare, reviewing the industries, styles, and objectives of their attacks can help organizations to prepare and implement more robust defenses. These defenses include actions both inside and outside an enterprise’s perimeter.
Tomi Engdahl says:
https://www.nbcnews.com/politics/national-security/us-intel-helped-ukraine-sink-russian-flagship-moskva-officials-say-rcna27559
Tomi Engdahl says:
Illia Ponomarenko: Ukraine’s most-followed war journalist is a “dude” from Donbas
https://thebulletin.org/2022/04/illia-ponomarenko-ukraines-most-followed-war-journalist-is-a-dude-from-donbas/#post-heading