Ukraine and Russia seems to be at the moments on both traditional and cyber war. We could call that hybrid warfare. We are at a cyber war. Countless examples exist of damage to infrastructure from hostile acts via computer attacks. Russia’s invasion of Ukraine has been a hybrid war from the start, a mix of conventional military strategy — traditional “boots on the ground” — and a slightly more unconventional, digital or cyberwar. On the morning of February 22, 2022, the world woke to the news that Russia had moved troops into two separatist regions of eastern Ukraine. Russia started to conduct attacks to Ukraine on February 24. Before physical attacks Russia did several cyber attacks towards IT systems in Ukraine.
Here are links to some material on the cyber side of this war:
How the Eastern Europe Conflict Has Polarized Cyberspace
https://blog.checkpoint.com/2022/02/27/how-the-eastern-europe-conflict-polarized-cyberspace/
The war between Russia and Ukraine is advancing. People everywhere are deciding who they will support. The same dynamic happens in the cyberspace. Hacktivists, cybercriminals, white hat researchers or even technology companies are picking a clear side, emboldened to act on behalf of their choices. Historically, Russia has had superiority over Ukraine in the cyberspace. And last week, Ukraine was attacked by destructive wiping malware. However, the situation is starting to change, as most of the non-nation cyber state actors are taking the side of Ukraine. To defend itself, the Ukrainian government has created an international IT army of hacktivists.
As war escalates in Europe, it’s ‘shields up’ for the cybersecurity industry
https://techcrunch.com/2022/03/02/as-war-escalates-in-europe-its-shields-up-for-the-cybersecurity-industry/
In unprecedented times, even government bureaucracy moves quickly. As a result of the heightened likelihood of cyberthreat from Russian malactor groups, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) — part of the Department of Homeland Security — issued an unprecedented warning recommending that “all organizations — regardless of size — adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.”
Digital technology and the war in Ukraine
https://blogs.microsoft.com/on-the-issues/2022/02/28/ukraine-russia-digital-war-cyberattacks/
All of us who work at Microsoft are following closely the tragic, unlawful and unjustified invasion of Ukraine. This has become both a kinetic and digital war, with horrifying images from across Ukraine as well as less visible cyberattacks on computer networks and internet-based disinformation campaigns. We are fielding a growing number of inquiries about these aspects and our work, and therefore we are putting in one place a short summary about them in this blog. This includes four areas: protecting Ukraine from cyberattacks; protection from state-sponsored disinformation campaigns; support for humanitarian assistance; and the protection of our employees.. Also:
https://threatpost.com/microsoft-ukraine-foxblade-trojan-hours-before-russian-invasion/178702/
Ukraine: Cyberwar creates chaos, ‘it won’t win the war’
https://www.dw.com/en/ukraine-cyberwar-creates-chaos-it-wont-win-the-war/a-60999197
There have been at least 150 cyberattacks in Ukraine since Russia’s invasion. Their effect is mainly psychological, and experts say they won’t decide the war.
Russia’s invasion of Ukraine has been a hybrid war from the start, a mix of conventional military strategy — traditional “boots on the ground” — and a slightly more unconventional, digital or cyberwar.
The global technology company Microsoft has said its Threat Intelligence Center (MSTIC) detected “destructive cyberattacks directed against Ukraine’s digital infrastructure” hours before the first launch of missiles or movement of tanks on February 24.
Those attacks, which Microsoft dubbed FoxBlade, included so-called wipers — malicious software or malware — that make their way inside computer networks and literally wipe the data from all connected devices.
Cybersecurity experts in Germany have said there have been over a hundred cyberattacks, in various forms, since then. But their effect has mainly been psychological.
Why Russia Hasn’t Launched Major Cyber Attacks Since the Invasion of Ukraine
https://time.com/6153902/russia-major-cyber-attacks-invasion-ukraine/
In the relatively short and rapidly evolving history of cyber conflict, perhaps nothing has been established with greater certainty and more widely accepted than the idea that Russia has significant cyber capabilities and isn’t afraid to use them—especially on Ukraine. In 2015, Russian government hackers breached the Ukrainian power grid, leading to widespread outages. In 2017, Russia deployed the notorious NotPetya malware via Ukrainian accounting software and the virus quickly spread across the globe costing businesses billions of dollars in damage and disruption.
As tensions escalated between Russia and Ukraine, many people were expecting the conflict to have significant cyber components.
But as the invasion continues with few signs of any sophisticated cyber conflict, it seems less and less likely that Russia has significant cyber capabilities in reserve, ready to deploy if needed. Instead, it begins to look like Russia’s much vaunted cyber capabilities have been neglected in recent years, in favor of developing less expensive, less effective cyber weapons that cause less widespread damage and are considerably easier to contain and defend against. For instance, many of the cyberattacks directed at Ukraine in the past month have been relatively basic distributed denial-of-service attacks.
Given Russia’s past willingness to deploy cyberattacks with far-reaching, devastating consequences, it would be a mistake to count out their cyber capabilities just because they have so far proven unimpressive. And it’s all but impossible to prove the absence of cyber weapons in a nation’s arsenal. But the longer the conflict goes on without any signs of sophisticated cyber sabotage, the more plausible it becomes that the once formidable Russian hackers are no longer playing a central role in the country’s military operations.
Crowd-sourced attacks present new risk of crisis escalation
https://blog.talosintelligence.com/2022/03/ukraine-update.html
An unpredictable and largely unknown set of actors present a threat to organizations, despite their sometimes unsophisticated techniques.
Customers who are typically focused on top-tier, state-sponsored attacks should remain aware of these highly motivated threat actors, as well. Misattribution of these actors carries the risk of nations escalating an already dangerous conflict in Ukraine. Based on data from our fellow researchers at Cisco Kenna, customers should be most concerned about threat actors exploiting several recently disclosed vulnerabilities, highlighting the importance of consistently updating software and related systems.
Russia, Ukraine and the Danger of a Global Cyberwar
https://www.securityweek.com/russia-ukraine-and-danger-global-cyberwar
On the morning of February 22, 2022, the world woke to the news that Russia had moved troops into two separatist regions of eastern Ukraine. At the time of writing, it is not yet a full invasion of Ukraine, but Russia did conduct attacks on February 24, hitting cities with airstrikes and artillery in what was called a “special military operation” by Russian President Vladamir Putin.
Russia has been waging its own cyberwar against Ukraine for many years.
Since the beginning of 2022, however, it seems that Russian cyber activity against Ukraine has increased. This includes evidence that wiper malware has again disrupted some Ukrainian government networks, and attacks from the FSB-linked Gamaredon have targeted around 5,000 entities, including critical infrastructure and government departments. So far, however, there has not been the same scale of disruption as occurred in 2015, 2016 and 2017.
The purpose of such cyber activity is to weaken critical infrastructure, damage government’s ability to respond to any aggression, and to demoralize the population.
The U.S. has been warning the rest of the world against a potential widening scope of Russian cyber activity, and that cyber defenses generally should be tightened.
“Part of the worry,” said Willett, “is that cyberattacks against Ukraine might bleed over, like NotPetya, to affect other countries and cause wider damage unintentionally. There is some concern that the Russians may intentionally do stuff more widely, but that would probably be in retaliation for something that the U.S. or NATO might do.
This raises the whole question of ‘attribution’. The received belief is it is impossible to do accurate cyber attribution. ““It would be a mistake for any one nation to think it could attack another without being known,” said Willett.That is absolutely wrong,” said Willett.
But accidents happen. The two iconic cyberweapons have been Stuxnet and NotPetya. It is assumed that the U.S. developed Stuxnet (although this has never been admitted). NotPetya has been confidently attributed to the Russian government. Both malwares escaped from their assumed targets into the wider world. This was probably accidental – but similar accidents could lead to wider implications during a period of global geopolitical tension.
On the morning of February 24, 2022, Russian troops invaded Ukraine. This was accompanied by a further increase in cyber activity.
Ukraine Digital Army Brews Cyberattacks, Intel and Infowar
https://www.securityweek.com/ukraine-digital-army-brews-cyberattacks-intel-and-infowar
Formed in a fury to counter Russia’s blitzkrieg attack, Ukraine’s hundreds-strong volunteer “hacker” corps is much more than a paramilitary cyberattack force in Europe’s first major war of the internet age. It is crucial to information combat and to crowdsourcing intelligence.
Inventions of the volunteer hackers range from software tools that let smartphone and computer owners anywhere participate in distributed denial-of-service attacks on official Russian websites to bots on the Telegram messaging platform that block disinformation, let people report Russian troop locations and offer instructions on assembling Molotov cocktails and basic first aid.
The movement is global, drawing on IT professionals in the Ukrainian diaspora whose handiwork includes web defacements with antiwar messaging and graphic images of death and destruction in the hopes of mobilizing Russians against the invasion.
The cyber volunteers’ effectiveness is difficult to gauge. Russian government websites have been repeatedly knocked offline, if briefly, by the DDoS attacks, but generally weather them with countermeasures.
It’s impossible to say how much of the disruption — including more damaging hacks — is caused by freelancers working independently of but in solidarity with Ukrainian hackers.
A tool called “Liberator” lets anyone in the world with a digital device become part of a DDoS attack network, or botnet. The tool’s programmers code in new targets as priorities change.
Ukraine Cyber Official: We Only Attack Military Targets
https://www.securityweek.com/ukraine-cyber-official-we-only-attack-military-targets
A top Ukrainian cybersecurity official said Friday a volunteer army of hundreds of hackers enlisted to fight Russia in cyberspace is attacking only what it deems military targets, prioritizing government services including the financial sector, Kremlin-controlled media and railways.
Victor Zhora, deputy chair of the state special communications service, also said that there had been about 10 hostile hijackings of local government websites in Ukraine to spread false text propaganda saying his government had capitulated. He said most of Ukraine’s telecommunications and internet were fully operational.
Zhora told reporters in a teleconference that presumed Russian hackers continued to try to spread destructive malware in targeted email attacks on Ukrainian officials and — in what he considers a new tactic — trying to infect the devices of individual citizens.
Army of Cyber Hackers Rise Up to Back Ukraine
https://www.securityweek.com/army-cyber-hackers-rise-back-ukraine
An army of volunteer hackers is rising up in cyberspace to defend Ukraine, though internet specialists are calling on geeks and other “hacktivists” to stay out of a potentially very dangerous computer war.
According to Livia Tibirna, an analyst at cyber security firm Sekoia, nearly 260,000 people have joined the “IT Army” of volunteer hackers, which was set up at the initiative of Ukraine’s digital minister Mykhailo Fedorov.
The group, which can be accessed via the encrypted messaging service Telegram, has a list of potential targets in Russia, companies and institutions, for the hackers to target.
It’s difficult to judge the effect the cyber-army is having.
Russia Releases List of IPs, Domains Attacking Its Infrastructure with DDoS Attacks
https://thehackernews.com/2022/03/russia-releases-list-of-ips-domains.html
Russia Blocks Access to Facebook Over War
https://www.securityweek.com/russia-blocks-access-facebook-over-war
Russia’s state communications watchdog has ordered to completely block access to Facebook in Russia amid the tensions over the war in Ukraine.
The agency, Roskomnadzor, said Friday it decided to cut access to Facebook over its alleged “discrimination” of the Russian media and state information resources. It said the restrictions introduced by Facebook owner Meta on the RT and other state-controlled media violate the Russian law.
Cyberattack Knocks Thousands Offline in Europe
https://www.securityweek.com/cyberattack-knocks-thousands-offline-europe
Thousands of internet users across Europe have been thrown offline after what sources said Friday was a likely cyberattack at the beginning of Russia’s offensive in Ukraine.
According to Orange, “nearly 9,000 subscribers” of a satellite internet service provided by its subsidiary Nordnet in France are without internet following a “cyber event” on February 24 at Viasat, a US satellite operator of which it is a client.
Eutelsat, the parent company of the bigblu satellite internet service, also confirmed to AFP on Friday that around one-third of bigblu’s 40,000 subscribers in Europe, in Germany, France, Hungary, Greece, Italy and Poland, were affected by the outage on Viasat.
In the US, Viasat said on Wednesday that a “cyber event” had caused a “partial network outage” for customers “in Ukraine and elsewhere” in Europe who rely on its KA-SAT satellite.
Viasat gave no further details, saying only that “police and state partners” had been notified and were “assisting” with investigations.
General Michel Friedling, head of France’s Space Command said there had been a cyberattack.
Cybercriminals Seek to Profit From Russia-Ukraine Conflict
https://www.securityweek.com/cybercriminals-seek-profit-russia-ukraine-conflict
Dark web threat actors are looking to take advantage of the tensions between Russia and Ukraine, offering network access and databases that could be relevant to those involved in the conflict, according to a new report from Accenture.
Since mid-January, cybercriminals have started to advertise compromised assets relevant to the Russia-Ukraine conflict, and they are expected to increase their offering of databases and network access, with potentially crippling effects for the targeted organizations.
Just over a month ago, soon after the destructive WhisperGate attacks on multiple government, IT, and non-profit organizations in Ukraine, threat actors started to advertise on the dark web access to both breached networks and databases that allegedly contained personally identifiable information (PII).
Amid Russian invasion, Ukraine granted formal role with NATO cyber hub https://therecord.media/amid-russian-invasion-ukraine-granted-formal-role-with-nato-cyber-hub/
Ukraine was granted the formal role of “contributing participant” to the hub, known as the Cooperative Cyber Defence Centre of Excellence (CCDCOE), by its 27-member steering committee, the organization announced. “Ukraine’s presence in the Centre will enhance the exchange of cyber expertise, between Ukraine and CCDCOE member nations, ” Col.
Jaak Tarien, the institution’s director, said in a statement.
This Ukrainian cyber firm is offering hackers bounties for taking down Russian sites https://therecord.media/this-ukrainian-cyber-firm-is-offering-hackers-bounties-for-taking-down-russian-sites/
In the days following Russia’s invasion of Ukraine, dozens of hacking groups have taken sides in the conflict, launching attacks on various organizations and government institutions. Cyber Unit Technologies, a Kyiv-based cybersecurity startup, has been particularly outspoken on Tuesday, the company started a campaign to reward hackers for taking down Russian websites and pledged an initial $100, 000 to the program.
High Above Ukraine, Satellites Get Embroiled in the War
https://www.wired.com/story/ukraine-russia-satellites/
While the Russian invasion rages on the ground, companies that operate data-collecting satellites find themselves in an awkward position.
Some researchers are worried that the reliance on satellite imagery has given too much power to the companies that control this technology. “There’s companies like Maxar and Planet that are privately owned and they have the final say on whether or not they want to share the information, ” says Anuradha Damale. The role of private companies in conflicts such as Ukraine means commercial satellites could become targets. In the days before Russia invaded, US space officials warned satellite companies that the conflict could extend into space.
CISA Releases Advisory on Destructive Malware Targeting Organizations in Ukraine https://www.cisa.gov/uscert/ncas/current-activity/2022/02/26/cisa-releases-advisory-destructive-malware-targeting-organizations
CISA and the Federal Bureau of Investigation have released an advisory on destructive malware targeting organizations in Ukraine. The advisory also provides recommendations and strategies to prepare for and respond to destructive malware. Additionally, CISA has created a new Shields Up Technical Guidance webpage that details other malicious cyber activity affecting Ukraine. The webpage includes technical resources from partners to assist organizations against these threats.
Alert: https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
US firms should be wary of destructive malware unleashed on Ukraine, FBI and CISA warn – CNNPolitics
https://www.cnn.com/2022/02/26/politics/ukraine-malware-warning-cybersecurity-fbi-cisa/index.html
EU Activates Cyber Rapid Response Team Amid Ukraine Crisis
https://www.bankinfosecurity.com/eu-activates-cyber-rapid-response-team-amid-ukraine-crisis-a-18584
Amid rapid escalation in the Russia-Ukraine conflict derived from historical grievances and qualms with Ukraine’s plan to join the military alliance NATO, the world’s network defenders remain on high alert. And on Tuesday, the European Union confirmed that it will activate its elite cybersecurity team to assist Ukrainians if Russian cyberattacks occur.
UK alludes to retaliatory cyber-attacks on Russia
https://therecord.media/uk-alludes-to-retaliatory-cyber-attacks-on-russia/
The UK government alluded yesterday that it might launch offensive cyber operations against Russia if the Kremlin attacks UK computer systems after an invasion of Ukraine.
Amazon: Charities, aid orgs in Ukraine attacked with malware
https://www.bleepingcomputer.com/news/security/amazon-charities-aid-orgs-in-ukraine-attacked-with-malware/
Charities and non-governmental organizations (NGOs) providing critical support in Ukraine are targeted in malware attacks aiming to disrupt their operations and relief efforts seeking to assist those affected by Russia’s war. Amazon has detected these attacks while working with the employees of NGOs, charities, and aid organizations, including UNICEF, UNHCR, World Food Program, Red Cross, Polska Akcja Humanitarna, and Save the Children.
Ransomware Used as Decoy in Destructive Cyberattacks on Ukraine
https://www.securityweek.com/ransomware-used-decoy-destructive-cyberattacks-ukraine
Destructive ‘HermeticWiper’ Malware Targets Computers in Ukraine
https://www.securityweek.com/destructive-hermeticwiper-malware-targets-computers-ukraine
Just as Russia was preparing to launch an invasion of Ukraine, Ukrainian government websites were disrupted by DDoS attacks and cybersecurity firms reported seeing what appeared to be a new piece of malware on hundreds of devices in the country.
The new malware, dubbed “HermeticWiper” by the cybersecurity community, is designed to erase infected Windows devices. The name references a digital certificate used to sign a malware sample — the certificate was issued to a Cyprus-based company called Hermetica Digital.
“At this time, we haven’t seen any legitimate files signed with this certificate. It’s possible that the attackers used a shell company or appropriated a defunct company to issue this digital certificate,” explained endpoint security firm SentinelOne, whose researchers have been analyzing the new malware.
The malware has also been analyzed by researchers at ESET and Symantec. Each of the companies has shared indicators of compromise (IoCs) associated with HermeticWiper.
ESET first spotted HermeticWiper on Wednesday afternoon (Ukraine time) and the company said hundreds of computers in Ukraine had been compromised.
HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine https://www.sentinelone.com/labs/hermetic-wiper-ukraine-under-attack/
On February 23rd, the threat intelligence community began observing a new wiper malware sample circulating in Ukrainian organizations. Our analysis shows a signed driver is being used to deploy a wiper that targets Windows devices, manipulating the MBR resulting in subsequent boot failure. This blog includes the technical details of the wiper, dubbed HermeticWiper, and includes IOCs to allow organizations to stay protected from this attack. This sample is actively being used against Ukrainian organizations, and this blog will be updated as more information becomes available. Also:
https://www.welivesecurity.com/2022/02/24/hermeticwiper-new-data-wiping-malware-hits-ukraine/
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ukraine-wiper-malware-russia
https://www.bleepingcomputer.com/news/security/new-data-wiping-malware-used-in-destructive-attacks-on-ukraine/
HermeticWiper: A detailed analysis of the destructive malware that targeted Ukraine https://blog.malwarebytes.com/threat-intelligence/2022/03/hermeticwiper-a-detailed-analysis-of-the-destructive-malware-that-targeted-ukraine/
The day before the invasion of Ukraine by Russian forces on February 24, a new data wiper was unleashed against a number of Ukrainian entities. This malware was given the name “HermeticWiper” based on a stolen digital certificate from a company called Hermetica Digital Ltd. This wiper is remarkable for its ability to bypass Windows security features and gain write access to many low-level data-structures on the disk. In addition, the attackers wanted to fragment files on disk and overwrite them to make recovery almost impossible.
In Ukraine, Online Gig Workers Keep Coding Through the War
https://www.wired.com/story/gig-work-in-ukraine/
Freelancers or gig workers who piece together work on online platforms are a hidden engine of the Ukrainian economyand the world’s. They work as software engineers, project managers, IT technicians, graphic designers, editors, and copywriters. And they work for everyone.
Invading Russian forces have plunged freelancers’ home offices into chaos and uncertainty. Vlad, a video editor in southern Ukraine, says he’s grown accustomed to the air alarm signal, and hiding until it has passed. Now there are battles 30 miles from his home. “But as long as there is water, electricity, and internet, I can work, ” he says.
“Because we all need to live for something, eat
Leaving Russia? Experts Say Wipe Your Phone Before You Go
https://www.forbes.com/sites/thomasbrewster/2022/03/04/russians-escaping-putins-repression-urged-to-wipe-their-phones/
Russians fleeing President Vladimir Putin’s regime as it cracks down on anti-war sentimentand rumors of martial law grow louderare being advised to wipe their phones, especially of any traces of support for Ukraine. If they don’t, experts say they may face detention. They’re starting by deleting messages on Signal, Telegram or any app that promises security. For those leaving the country, they’re deleting the apps themselves, and urging others to do the same. Russian media has first-hand accounts of lengthy interrogations at the border, along with phone and laptop searches, though Forbes could not corroborate those claims.
Why ICANN Won’t Revoke Russian Internet Domains
The organization says cutting the country off would have “devastating” effects on the global internet system.
https://www.wired.com/story/why-icann-wont-revoke-russian-internet-domains/#intcid=_wired-bottom-recirc_8e802014-a05f-48c5-89e8-9dad931361ad_text2vec1-reranked-by-vidi
Ukraine on Monday asked ICANN to revoke Russian top-level domains such as .ru, .рф, and .su; to “contribute to the revoking for SSL certificates” of those domains; and to shut down DNS root servers in Russia. Fedorov argued that the requested “measures will help users seek for reliable information in alternative domain zones, preventing propaganda and disinformation.”
Ukraine’s request to cut Russia off from core parts of the internet has been rejected by the nonprofit group that oversees the Internet’s Domain Name System (DNS). CEO Göran Marby of the Internet Corporation for Assigned Names and Numbers (ICANN) said the group must “maintain neutrality and act in support of the global internet.”
“Our mission does not extend to taking punitive actions, issuing sanctions, or restricting access against segments of the internet—regardless of the provocations,” Marby wrote in his response to Ukraine Vice Prime Minister Mykhailo Fedorov.
https://www.icann.org/en/system/files/correspondence/marby-to-fedorov-02mar22-en.pdf
TikTok Was Designed for War
As Russia’s invasion of Ukraine plays out online, the platform’s design and algorithm prove ideal for the messiness of war—but a nightmare for the truth.
https://www.wired.com/story/ukraine-russia-war-tiktok/#intcid=_wired-bottom-recirc_8e802014-a05f-48c5-89e8-9dad931361ad_text2vec1-reranked-by-vidi
2,362 Comments
Tomi Engdahl says:
Suora lähetys käynnissä: Miten sota näkyy verkossa? Äänessä Suomen huippuasiantuntijat https://www.is.fi/digitoday/tietoturva/art-2000008669335.html
Tomi Engdahl says:
Tutkija: Lentokoneita Itä-Suomessa haitanneet gps-häiriöt ovat Venäjän aiheuttamia
https://www.hs.fi/kotimaa/art-2000008669342.html?utm_medium=promobox&utm_campaign=hs_tf&utm_source=is.fi&utm_content=promobox
Ulkoministeriön mukaan viranomaiset selvittävät tapahtumien kulkua. Finnairilta kerrottiin keskiviikkona, ettei yhtiöllä ole havaintoja gps-paikannushäiriöistä Suomen itärajan tuntumassa.
Viime päivinä havaitut häiriöt satelliittipaikannuksessa Itä-Suomessa ovat olleet Venäjän valtion aiheuttamia. Tätä mieltä on apulaisprofessori Laura Ruotsalainen Helsingin yliopiston tietojenkäsittelytieteen osastolta.
Suomen itärajalla on havaittu paikannuksessa viime aikoina häiriöitä, joista Traficom on varoittanut lentoliikennettä.
Ruotsalaisen mukaan häiriöt ovat olleet niin laajoja, että siihen tarvittavia laitteita on vain valtiollisilla toimijoilla.
”Ei näin isoa häiriötä saada aikaan muuten”, hän sanoo.
Hänen arvionsa mukaan kyse on vastaavasta tilanteesta kuin vuonna 2018. Tuolloin Venäjältä kohdistui Pohjois-Suomeen satelliittipaikannusjärjestelmän häirintää Naton sotaharjoituksen aikana. Norja keräsi todisteet, joiden mukaan aiheuttaja oli Venäjän asevoimat.
Kuluttajien on ”valitettavan helppoa” hankkia itselleen häirintälaitteita, sanoo Ruotsalainen. Ihmiset voivat hankkia niitä esimerkiksi estämään, ettei heitä itseään jäljitettäisi paikannuksen avulla.
”Mutta niiden kantama on hyvin heikko. Silloin puhutaan ihan maksimissaan parin kilometrin alueesta”, Ruotsalainen sanoo.
”Sen takia tässä on niin syvä epäilys, että sen täytyy olla valtiollinen toimija.”
Ruotsalaisen mukaan kyse on ehdottomasti paikannussignaalin häirinnästä, josta käytetään englanniksi termiä jamming.
Siinä radiolähetin lähettää signaalia samalla taajuudella, jolla satelliittinavigointi toimii. Häiriön laajuus riippuu siitä, kuinka voimakasta signaalia radiolähetin lähettää.
Satelliittipaikannuksessa puhutaan myös harhautuksesta, englanniksi spoofing. Siinä hyökkäys kohdistuu tiettyyn vastaanottimeen, mutta Ruotsalainen ei usko tästä olevan nyt kyse.
”Harhautus tarkoittaa sitä, että syötetään vastaanottimelle väärää tietoa sen paikasta. Laiva voi esimerkiksi luulla olevansa muualla kuin se on.”
Häirinnän tarkoituksena voi olla yhteiskunnan toiminnan lamauttaminen. Ongelmat voivat lentoliikenteen lisäksi heijastua esimerkiksi Puolustusvoimien, sähkönsiirron tai jopa älykellojen toimintaan.
”Tässä tapauksessa voi olla tarkoitus aiheuttaa hämmennystä ja sitä, että järjestelmät lakkaavat toimimasta. Voisi ajatella, että tässä on kybersodankäynnistä kyse”, Ruotsalainen sanoo.
Toinen vaihtoehto on, että Venäjä sotatilanteen vuoksi häiritsisi paikannusta tahallaan omalla alueellaan. Sen ei välttämättä ole ollut tarkoitus vuotaa Suomeen lainkaan.
”Se kantama on valtava. Ehkä siinä primääri häirintäkohde on ollut jonkin muu kuin Suomen ilmailu.”
Ruotsalainen ei arvioi kantaman kilometrimääriä, mutta hän muistaa esimerkiksi vuonna 2018 häirinnän ulottuneen Venäjältä jopa Ruotsin puolelle.
Maailmassa on kuitenkin kolme muutakin satelliittipaikannusjärjestelmää: eurooppalainen Galileo, venäläinen Glonass ja kiinalainen Beidou.
Häirintää ei voi varsinaisesti kohdistaa vain yhteen järjestelmään, vaan radiosignaalin lähettäminen tuhoaa kaikki navigointisignaalit valitulla taajuudella.
On arveltu, haluaisiko Venäjä sotkea omaa Glonass-järjestelmäänsä, jotta Ukrainan navigointi vaikeutuisi.
Laitevalmistajat ja tutkijat kehittävät jatkuvasti keinoja, joilla häirintää voitaisiin tunnistaa, estää ja sen vaikutuksia lieventää.
”Ihan viime kädessähän suojautuminen on kriittisissä paikoissa useampien eri järjestelmien yhdistämistä. Esimerkiksi erilaisten sensorien ja maa-asemien käyttämistä.”
”Mikäli lentomenetelmässä vaaditaan gps ja järjestelmään kohdistuu häiriöitä, lentokoneen ohjaajat valitsevat käytettäväkseen vaihtoehtoisen niin sanottuihin perinteisiin suunnistusvälineisiin perustuvan menetelmän. Mikäli tällaisia vaihtoehtoisia menetelmiä ei ole tarjolla määräkentällä, kone ohjataan varakentälle siten, että lennon turvallisuus tulee aina varmistettua”, Finnair kertoi sähköpostitse keskiviikkona.
Tomi Engdahl says:
OPSEC… Is that important?
Russian military communications intercepted after they destroyed 4G towers needed for secure calls
https://www.rawstory.com/russia-ukraine-war/
On Monday, following reports of the combat death of Russian General-major Vitaly Gerasimov near Kharkiv, Ukraine, Christo Grozev, the executive director of investigative journalism and intelligence group Bellingcat, reported that Russian forces relaying the news back to their superiors were forced to use an unsecure phone line with a local sim card — that was promptly intercepted.
According to Grozev, Russian forces had no choice but to use the insecure line because Era — the highly secure cryptophone system implemented last year by the Russian Ministry of Defense which is supposedly guaranteed to work “in all conditions” — is down. And the reason the system is down is that Russian forces on the front destroyed all of the nearby 3G and 4G cell towers required for the system to establish a connection.
Tomi Engdahl says:
Ukraine: Russian military’s own encrypted phones impacted after destroying 3G/4G towers, allowing comms to be intercepted
Russia built a ‘secure’ phone that relied on stable infrastructure in a warzone
https://www.datacenterdynamics.com/en/news/ukraine-russian-militarys-own-encrypted-phones-impacted-after-destroying-3g4g-towers-allowing-comms-to-be-intercepted/
Tomi Engdahl says:
Russians reportedly take out own secure communications system during Kharkiv assault
An intercepted conversation between two Russian FSB officers, published by Ukrainian military intelligence, reveals another senior military officer has been killed.
https://news.sky.com/story/russians-reportedly-take-out-own-secure-communications-system-during-kharkiv-assault-12560577
Tomi Engdahl says:
https://thehackernews.com/2022/03/russia-releases-list-of-ips-domains.html?m=1
Tomi Engdahl says:
Where are the (serious) Russian cyberattacks?
Sure, HermeticWiper and IssacWiper are bad, but they’re not BAD in capital letters
https://www.theregister.com/2022/03/09/where_are_the_russian_cyberattacks/
I’m heartsick over Russia’s invasion of Ukraine. But, before it began, I’d been really worried about Russian cyberattacks, which would overrun Ukraine and flood into the West’s infrastructure.
I foresaw the Russian GRU Sandworm hacking group launching a cyber attack that would ruin the European Union’s power grid or wreck major US internet sites such as Google, Facebook, and Microsoft – or stop cellular services in their tracks.
I was wrong. So far, anyway.
Oh certainly HermeticWiper and IssacWiper – which will wipe all your data and your software and operating system for good measure – will ruin your day, but even together neither will make whole companies or countries miserable. And, to no-one’s surprise Russia and its puppets have launched Distributed Denial of Service (DDoS) attacks on Ukrainian sites.
But, where are those massive attacks? Why is Ukraine’s electrical system still up and running – except for damaged nuclear reactors? Why, instead of shutting down Ukraine’s TV networks with cyber attacks, did they have to blow up a Kyiv TV tower? Did we just let paranoia overrule our common sense?
It’s clear that Putin thought he’d easily overrun Ukraine. He was wrong.
In 2014, Russia easily seized Crimea from Ukraine. This time, on February 24, Russia had approximately 900,000 troops in its active military compared to Ukraine’s 200,000 active soldiers. Russia has about 1,328 military planes versus Ukraine’s 146. If all you looked at were recent history and numbers, Russia looked forward to a complete walkover.
Statistics don’t count the value of the human heart and bravery.
But, what does that have to do with technology and cyberwar? Everything.
I’m sure that Putin thought the war would be all over except for the mopping up by now. Why reveal what was up his e-war sleeve if he didn’t have to?
Well, some of it, to give credit where it’s due, is because we knew cyberattacks were coming. On January 18, the US Cybersecurity and Infrastructure Security Agency (CISA) warned critical infrastructure operators that they should take “urgent, near-term steps” against cyber threats.
Besides this, both Ukraine and its allies already knew what was coming and had built up sturdy cyberdefenses. Ukraine’s friends aren’t just governments. Its comrades in this fight also include top technology companies. For example, when Microsoft’s Threat Intelligence Center (MSTIC) detected offensive and destructive cyberattacks against Ukraine, “We immediately advised the Ukrainian government about the situation, including our identification of the use of a new malware package (which we denominated FoxBlade), and provided technical advice on steps to prevent the malware’s success.”
Russia isn’t just fighting Ukraine, it’s fighting Microsoft and hacker groups like Anonymous too.
Anonymous and Microsoft on the same side? Who’d ever predict that?
That said, I fear Russia still has a cache of zero-day vulnerabilities and new malware to make life miserable for Ukraine and everyone else.
My bet is his advisors know that cyberattacks don’t respect borders. A malware attack aimed at Ukraine would quickly hit the UK and US as well. And, as US president Biden said in his January 19 news conference, the US could respond to future Russian cyberattacks against Ukraine with its own cyberwar resources.
One reason we’ve yet to have a nuclear war is the old idea of Mutually Assured Destruction (MAD). Once nukes start flying, everyone loses. In a much less deadly way, this is also true of an all-out internet war. No one sane wants to go there.
Hang in there, folks. Keep your cyber defenses up and hope that the worst that can happen is our internet economy is knocked out for a few weeks.
Tomi Engdahl says:
Reuters: Ukraina valmistautuu mahdollisesti siirtämään servereitään ja arkaluonteista dataansa toiseen maahan https://www.is.fi/digitoday/art-2000008671745.html
Exclusive: Ukraine prepares potential move of sensitive data to another country – official
https://www.reuters.com/world/europe/exclusive-ukraine-prepares-potential-move-sensitive-data-another-country-2022-03-09/
March 9 (Reuters) – The Ukrainian government is preparing for the potential need to move its data and servers abroad if Russia’s invading forces push deeper into the country, a senior cybersecurity official told Reuters on Wednesday.
Reporting by Raphael Satter and James Pearson; editing by Chris Sanders and Grant McCool
Tomi Engdahl says:
Silpoutuneita ruumiita ja henkensä edestä pelkääviä vankeja somessa – Ukrainan propagandan rujo puoli on toistaiseksi annettu anteeksi
Ukraina on informaatiosodassa selvästi voitolla. Asiantuntijan mukaan nyt toimiva propaganda voi sodan jälkeen muuttua rasitteeksi.
https://yle.fi/uutiset/3-12346600
Tomi Engdahl says:
The secret US mission to bolster Ukraine’s cyber defenses ahead of Russia’s invasion
Throughout 2021, US soldiers, experts worked to thwart an expected Russian cyber attack.
https://arstechnica.com/information-technology/2022/03/the-secret-us-mission-to-bolster-ukraines-cyber-defences-ahead-of-russias-invasion/?utm_medium=social&utm_social-type=owned&utm_brand=ars&utm_source=facebook
The US had been helping Ukraine bolster its cyber defenses for years, ever since an infamous 2015 attack on its power grid left part of Kyiv without electricity for hours.
But this surge of US personnel in October and November was different: it was in preparation of impending war. People familiar with the operation described an urgency in the hunt for hidden malware, the kind Russia could have planted, then left dormant in preparation to launch a devastating cyber attack alongside a more conventional ground invasion.
Experts warn that Russia may yet unleash a devastating online attack on Ukrainian infrastructure of the sort that has long been expected by Western officials. But years of work, paired with the past two months of targeted bolstering, may explain why Ukrainian networks have held up so far.
Officials in Ukraine and the US are careful to describe the work of the “cybermission teams” as defensive, compared with the billions of dollars of lethal weapons that have poured into Ukraine to fight and kill Russian soldiers.
Tomi Engdahl says:
Financial Times:
Sources describe how the US has bolstered Ukraine’s cyber defenses with soldiers and cybersecurity experts, working with Ukraine years before Russia’s attack — Months before the Russian invasion, a team of Americans fanned out across Ukraine looking for a very specific kind of threat.
The secret US mission to bolster Ukraine’s cyber defences ahead of Russia’s invasion
https://www.ft.com/content/1fb2f592-4806-42fd-a6d5-735578651471?segmentid=acee4131-99c2-09d3-a635-873e61754ec6
American soldiers and experts fanned out across country last year to thwart an expected Russian cyber attack
Months before the Russian invasion, a team of Americans fanned out across Ukraine looking for a very specific kind of threat.
Some were soldiers, with the US Army’s Cyber Command. Others were civilian contractors and some employees of American companies that help defend critical infrastructure from the kind of cyber attacks that Russian agencies had inflicted upon Ukraine for years.
The US had been helping Ukraine bolster its cyber defences for years, ever since an infamous 2015 attack on its power grid left part of Kyiv without electricity for hours.
But this surge of US personnel in October and November was different: it was in preparation of impending war. People familiar with the operation described an urgency in the hunt for hidden malware, the kind which Russia could have planted, then left dormant in preparation to launch a devastating cyber attack alongside a more conventional ground invasion.
Experts warn that Russia may yet unleash a devastating online attack on Ukrainian infrastructure of the sort that has long been expected by western officials. But years of work, paired with the past two months of targeted bolstering, may explain why Ukrainian networks have held up so far.
Officials in Ukraine and the US are careful to describe the work of the “cybermission teams” as defensive, compared with the billions of dollars of lethal weapons that have poured into Ukraine to fight and kill Russian soldiers.
In the Ukrainian Railways, the team of American soldiers and civilians found and cleaned up one particularly pernicious type of malware, which cyber security experts dub “wiperware”
In just the first 10 days of the Russian invasion, nearly 1mn Ukrainian civilians escaped to safety on the rail network. If the malware had remained undiscovered and was triggered, “it could have been catastrophic”,
A similar malware went undetected within the border police
computers at the crossing to Romania were disabled, adding to the chaos
On the last weekend in February, the Ukrainian national police, alongside other Ukrainian government arms, were facing a massive onslaught of “distributed denial-of-service attacks” (DDoS)
Within hours, the Americans had contacted Fortinet, a Californian cyber security group
The fact that these onslaughts are often targeting commercially available software — mostly from western manufacturers — has forced major US and European companies to dedicate resources to defending Ukrainian networks.
Microsoft, for instance, has for months run a Threat Intelligence Center
On February 24, a few hours before Russian tanks started rolling into Ukraine, Microsoft engineers detected and reverse-engineered a newly activated piece of malware
Within three hours, the company issued a software update to protect against the malware, warned the Ukrainian government
Microsoft immediately extended the warning to neighbouring Nato countries
So far, experts who have watched the Russian cyber assaults have been confused at their lack of success, as well as the lower tempo, intensity and sophistication of what Russian-government hackers are known to be capable of.
Ukrainian defences have proved resilient
instead of communicating solely through encrypted military-grade phones, Russian commanders are sometimes piggybacking on Ukrainian cell phone networks to communicate, at times simply by using their Russian cell phones.
“The Ukrainians love it — there is so much data in simply watching these phones, whether or not they are using encrypted apps,”
The Ukrainians then block Russian phones from their local networks at key moments, further jamming their communications.
Tomi Engdahl says:
Jamie Crawley / CoinDesk:
The EU clarifies that sanctions on Russia and Belarus extend to crypto assets, deeming them “transferrable securities” that can be used for loans and credit
EU Says Russia, Belarus Sanctions Extend to Crypto
https://www.coindesk.com/policy/2022/03/09/eu-says-russia-belarus-sanctions-extend-to-crypto/
Crypto assets fall into the category of “transferrable securities” and are therefore clearly included in the scope of sanctions, the EU said.
The European Union (EU) has clarified that sanctions placed on Russia and Belarus extend to crypto assets.
In an announcement Wednesday the EU said crypto assets fall into the category of “transferrable securities” and are therefore clearly included in the scope of sanctions imposed on Russia for its invasion of the Ukraine and on Belarus for its involvement.
“Today’s package clarifies that crypto assets fall under the scope of “transferable securities”. This was already the case but today’s text makes this point clearer,” an EU official told CoinDesk.
“It also confirms the common understanding that loans and credit also include crypto assets.”
The EU also announced the expansion of existing financial restrictions on Belarus to mirror those already in place on Russia.
These include restrictions on the provision of SWIFT services to three Belarusian banks and their subsidiaries, prohibition of transaction with the Central Bank of Belarus and prohibiting the list of securities in relation to shares of Belarus state-owned entities on EU trading venues.
Concerns have been raised by U.S. lawmakers that crypto could be used by Russia as a means to evade sanctions, but the extent of this is debatable. Salman Banei, head of public policy for blockchain analytics firm Chainalysis told CoinDesk TV it was “unlikely” this was happening.
Tomi Engdahl says:
Ukrainan sota tuli haittaohjelmiin helmikuussa
https://etn.fi/index.php/13-news/13281-ukrainan-sota-tuli-haittaohjelmiin-helmikuussa
Tomi Engdahl says:
The secret US mission to bolster Ukraine’s cyber defences ahead of Russia’s invasion
https://www.ft.com/content/1fb2f592-4806-42fd-a6d5-735578651471
Months before the Russian invasion, a team of Americans fanned out across Ukraine looking for a very specific kind of threat. Some were soldiers, with the US Army’s Cyber Command. Others were civilian contractors and some employees of American companies that help defend critical infrastructure from the kind of cyber attacks that Russian agencies had inflicted upon Ukraine for years. This surge of US personnel in October and November was different: it was in preparation of impending war. People familiar with the operation described an urgency in the hunt for hidden malware, the kind which Russia could have planted, then left dormant in preparation to launch a devastating cyber attack alongside a more conventional ground invasion.
Tomi Engdahl says:
Venäjän “tulivalmistelu” verkossa epäonnistui pahoin tässä syyt https://www.is.fi/digitoday/tietoturva/art-2000008667365.html
Ukraina on puolustautunut verkkohyökkäyksiltä jo vuosikausia. Kun tiukka paikka tuli, puolustus piti. Apua tuli ulkomailta ja hakkeriyhteisöltä. Ukrainassa käydään paitsi sotaa tavanomaisin asein, myös tietoverkoissa. Ukrainasta käyttävä kybersota sisältää vaikuttamisyritykset niin fyysisiin järjestelmiin, laitteisiin ja ohjelmistoihin kuin ihmisten uskomuksiin ja mielipiteisiin. Aihetta käsittelivät Aalto-yliopiston tiistaina järjestämässä tilaisuudessa professori Jarno Limnéll sekä tietoturvaekspertti Mikko Hyppönen.
Tomi Engdahl says:
Russian government sites hacked in supply chain attack https://www.bleepingcomputer.com/news/security/russian-government-sites-hacked-in-supply-chain-attack/
Russia says some of its federal agencies’ websites were compromised in a supply chain attack on Tuesday after unknown attackers hacked the stats widget used to track the number of visitors by multiple government agencies. The list of sites impacted in the attack includes the websites of the Energy Ministry, the Federal State Statistics Service, the Federal Penitentiary Service, the Federal Bailiff Service, the Federal Antimonopoly Service, the Culture Ministry, and other Russian state agencies. The incident was discovered Tuesday evening after the attackers published their own content and blocked access to the websites.
Tomi Engdahl says:
FormBook spam campaign targets citizens of Ukraine https://blog.malwarebytes.com/threat-intelligence/2022/03/formbook-spam-campaign-targets-citizens-of-ukraine%ef%b8%8f/
Our Threat Intelligence team has been closely monitoring cyber threats related to the war in Ukraine. Today, we discovered a malicious spam campaign dropping the Formbook stealer specifically targeting Ukrainians. Formbook is part of a long-running malspam operation that we observe on a regular basis. This time, the email lure is written in Ukrainian and tricks victims into opening an alleged letter of approval to receive funds from the government.
Tomi Engdahl says:
GPS-häiriöt itärajalla jatkuvat – Savonlinna–Helsinki-lennot peruttu tältä viikolta
https://f7td5.app.goo.gl/ejbUx5
https://www.iltalehti.fi/kotimaa/a/ed97147f-8ac7-40d0-b693-8156f3c59132
Savonlinnan ja Helsingin välisen lentoyhteyden katko jatkuu edelleen. Syynä on viime päivinä Itä-Suomen alueella havaitut GPS-häiriöt. Asian vahvistaa Traficomin johtaja Pipsa Eklund.
Tämän hetken tiedon mukaan Savonlinna–Helsinki-lennot tulevat olemaan pysähdyksissä ainakin ensi viikon alkuun saakka.
Savonlinnan ja Helsingin välinen lentoyhteys keskeytyi tiistaina 8. maaliskuuta. Reitillä lentävän Transaviabaltikan kone ei pystynyt tuolloin laskeutumaan Savonlinnan kentälle GPS-häiriöiden vuoksi.
Syyt ei selvillä
Syitä selvitetään, mutta toistaiseksi GPS-häiriöiden syitä ei tiedetä. Eklund ei torstaina osannut kertoa, mistä häiriöt johtuvat, onko niiden takana Venäjän toimet tai miten häiriöön johtaneiden syiden selvitystyö on edennyt Traficomissa.
Suomen koko itärajalla GPS-häiriöitä – lentoliikennettä varoitettu, koneita käännytetty
Suomen itärajalla on havaittu GPS-paikannushäiriöitä, jotka vaikuttavat lentoliikenteeseen.
https://www.iltalehti.fi/kotimaa/a/f306199c-d9f6-41a0-9b89-67d165a95a9c
Tomi Engdahl says:
Moskovaan on luvassa pörssin jättiromahdus – pelko pääomapaosta on pitänyt pörssin kiinni jo pidempään kuin koskaan Neuvostoliiton jälkeen
https://yle.fi/uutiset/3-12348709
Moskovan pörssi on ollut kiinni puolitoista viikkoa, sodan aloittamista seuraavasta maanantaista lähtien. Vieläkään ei ole tiedossa milloin kaupankäyntiä uskalletaan jatkaa.
Pörssiin odotettavasta hätkähdyttävästä romahduksesta antaa viitteitä se, että venäläisten yhtiöiden osakkeet ovat romahtaneet yli 90 prosenttia kaupankäynnissä Lontoossa, ennen kuin kauppa sielläkin keskeytettiin viikko sitten.
Mitä Venäjän pörssiromahduksesta seuraa, kun kaupankäynti joskus jatkuu?
Nordean rahastoyhtiön toimitusjohtaja Tanja Erosen mukaan pörssin pitäminen näin pitkään kiinni on modernin ajan ennätys.
– Vaikka olihan Venäjän pörssi kiinni 75 vuotta viime vuosisadan alussa, hän muistuttaa.
Sitten Neuvostoliiton hajoamisen pörssiä ei ole täytynyt koskaan sulkea näin pitkäksi ajaksi. Kun ovet joskus avataan, kaupankäynti todennäköisesti estetään suurelta omistajien joukolta.
– On kaksi eri asiaa, milloin pörssi aukeaa ja milloin se aukeaa ulkomaisille toimijoille, Eronen sanoo.
Pörssin viimeisenä aukiolopäivänä Venäjä kielsi ulkomaisilta sijoittajilta osakkeiden myymisen, jotta kurssien syöksy saatiin pysähtymään.
Nordean ekonomisti Kristian Nummelin uskoo, että Venäjä saattaa odottaa taisteluiden rauhoittumista tai jonkinlaista ennustettavuutta sotatilanteeseen.
– Jos saataisiin näkymä siitä, että Ukrainan kanssa päästäisiin jonkinlaiseen neuvottelutulokseen, se olisi positiivinen uutinen, jonka jälkeen markkinoita voitaisiin avata.
Romahdus vai jättiromahdus?
Aukesipa pörssi milloin tahansa, odotettavissa on romahdus.
Moskovan pörssin sulkeuduttua puolitoista viikkoa sitten, muutamien venäläisten suuryhtiöiden osakekauppa jatkui rinnakkaiskauppana Lontoon pörssissä.
Siellä esimerkiksi Teboilin omistajayhtiö Lukoilin kurssi syöksyi parissa viikossa melkein 93 prosenttia.
Venäjän valtion öljytuloilla paisuttamaa hyvinvointirahastoa on käytetty markkinoiden tukemiseen eli osakkeiden ostamiseen.
Pörssiromahdus vaikuttaa arkeen Venäjällä
Pörssiromahdus tarkoittaa iskua paitsi venäläisiin oligarkkeihin, myös tavalliseen kansaan.
– Ne joilla on osakesäästöjä, eivät voi myydä niitä, vaikka olisi rahan tarvetta. Ja sitten kun voi, hinta on ihan toinen kuin mitä säästöt olivat, Virtala konkretisoi.
Tomi Engdahl says:
MTV: Ville Haapasalo tehnyt useita elokuvia Ukrainan presidentin kanssa: ”Fantastinen kaveri”
https://www.iltalehti.fi/viihdeuutiset/a/36c8b80c-288c-40e7-9675-01236969fc33
hän puhui sodan molempien osapuolien päämiehistä, Venäjän presidentti Vladimir Putinista sekä Ukrainan presidentti Volodymyr Zelenskyistä, jotka molemmat hän on tavannut henkilökohtaisesti.
Tomi Engdahl says:
Sodan katastrofaaliset seuraukset iskevät myös aivan tavallisiin venäläisiin – maassa ei ole pian edes uusia Ladoja
https://www.is.fi/autot/art-2000008671639.html
Avtovazin Lada-tehtaat valmistavat normaalioloissa tuhansia autoja viikossa. Nyt luku on tippunut nollaan, eivätkä edellytykset valmistuksen jatkamiselle ole millään tapaa hyvät.
Sota osuu Euroopan autoteollisuuteen – Saksan autojätit sulkevat tehtaitaan
Saksalaiset autojätit Volkswagen, BMW ja Mercedes kärsivät komponenttien toimitusongelmista.
https://www.iltalehti.fi/autouutiset/a/88e63808-aeaa-4c07-9a19-b15cc5a57110
Sota Ukrainassa iskee nyt voimalla saksalaisten autonvalmistajien tuotantosuunnitelmiin. Yhtiöt kertovat jopa useiden viikkojen tuotannonseisauksista.
Autojätti Volkswagen sulkee päämajakaupungissaan Wolfsburgissa sijaitsevan tehtaansa. Syyksi kerrotaan Ukrainasta saapuvien komponenttitoimitusten häiriöt.
Myös Mercedes ja BMW ovat ilmoittaneet sodan aiheuttamista tuotannon seisauksista, Automotive News Europe uutisoi.
Tomi Engdahl says:
https://www.uusiteknologia.fi/2022/03/10/itarajan-gps-hairiot-poikivat-seminaarin-helsinkiin/
Helsingin yliopisto järjestää seminaarin GPS- ja muiden paikannussatelliittien häirinnästä ja suojaamisesta seminaarin ensi viikon torstaina 23.3. Aihe on mitä ajankohtaisin, sillä liikenne- ja viestintävirasto Traficom tutkii paraikaa itärajan läheisyydessä ilmenneitä satelliittipaikannuksen häiriöitä.
https://blogs.helsinki.fi/gnss-24mar2022/
Tomi Engdahl says:
Breaking Russia’s internet backbone
Lumen joins Cogent in cutting off Russia’s main internet connections.
https://www.zdnet.com/article/breaking-russias-internet-backbone/#ftag=RSSbaffb68
The internet’s governing bodies dismissed Ukraine’s requests to cut Russia off from the internet. But now, two of the main backbone internet providers, Lumen Technologies and Cogent, have severed Russia’s ties to the internet.
It’s actually a much bigger deal than Lumen lets on. According to Doug Madory, Director of Internet Analysis for network observability company Kentik, Lumen was the top international transit provider to Russia state telecom Rostelecom and all three of Russia’s major mobile operators: MTS, Megafon, and VEON.
There will also be downstream problems from these actions. Kazakhstan, Tajikistan, and Uzbekistan will lose some connectivity. In addition, the internet in Iran, Azerbaijan, Belarus, and Russian-occupied Crimea and Abkhazia will also be affected.
In the meantime, Russia has been cutting its own ties to major internet services. Russia has blocked Facebook and Twitter. To access these and other Western services now, people living in Russia must use illegal Virtual Private Networks (VPNs) or TOR routes.
Of course, as the internet backbones are cut, connecting to outside resources will grow ever more slowly. As Madory explained, “Disconnecting their customers in Russia will not disconnect Russia… This reduction in bandwidth may lead to congestion as the remaining international carriers try to pick up the slack.”
“Cutting a whole population off the Internet will stop disinformation coming from that population– but it also stops the flow of truth.”
Tomi Engdahl says:
SATCOM terminals under attack in Europe: a plausible analysis
https://www.reversemode.com/2022/03/satcom-terminals-under-attack-in-europe.html?m=1
February 24th: at the same time Russia initiated a full-scale attack on Ukraine, tens of thousands of KA-SAT SATCOM terminals suddenly stopped working in several european countries: Germany, Ukraine, Greece, Hungary, Poland…Germany’s Enercon moved forward and acknowledged that approximately 5800 of its wind turbines, presumably those remotely operated via a SATCOM link in central Europe, had lost contact with their SCADA server. In the affected countries, a significant part of the customers of Eutelsat’s domestic broadband service were also unable to access Internet.
Tomi Engdahl says:
Venäjä valmistautuu internetistä irtautumiseen https://www.is.fi/digitoday/art-2000008671806.html
Tomi Engdahl says:
Finnairin lentoja gps-häiritty Kaliningradin lähettyvillä https://www.is.fi/kotimaa/art-2000008674195.html
Tomi Engdahl says:
Ministeriöt tiedottivat Suomen kyberturvallisuudesta ja huoltovarmuudesta https://www.is.fi/digitoday/art-2000008671821.html
Tomi Engdahl says:
GPS-häiriöitä on havaittu myös Lapissa https://www.is.fi/digitoday/art-2000008672525.html
GPS-häiriöt estävät lennot Savonlinnan kentälle ensi viikon alkuun asti https://www.is.fi/digitoday/art-2000008673679.html
Tomi Engdahl says:
Venäläisyhtiö Yandex poisti nimensä datakeskuksen seinästä Mäntsälässä – Yango teki saman Helsingin toimistolla https://www.is.fi/kotimaa/art-2000008673167.html
Tomi Engdahl says:
Venäjän suurlähetystön alueen nimi muutettiin Zelenskyin puistoksi reittioppaassa https://www.iltalehti.fi/kotimaa/a/892d1b62-dbda-455f-b29b-3b28dd49620e
Tomi Engdahl says:
Anonymous & its affiliates hacked 90% of Russian misconfigured databases
https://www.hackread.com/anonymous-affiliate-hacked-russia-misconfigured-databases/
A new report reveals that since the Russian attack on Ukraine, Anonymous and its affiliate groups have compromised 90% of misconfigured cloud databases owned by different Russian organizations.
As you may already know that Russia has come under the radar of hacktivists, particularly the Anonymous collective, after the country invaded Ukrainian territories on February 24th, 2022. Since then, Russian IT infrastructure is being targeted every other day including government websites, State-run TV channels, online video streaming platforms, etc.
But now, researchers have revealed that hackers launched a large-scale cyberattack on misconfigured and exposed cloud databases owned by different Russian organizations. The severity of the attack can be quantified by the fact that around 90% of these databases have been compromised by hackers.
According to the IT security researchers at Website Planet, Anonymous and its affiliate group of hackers compromised around 90% of Russian cloud databases that were exposed to the public without any security authentication or password.
Although there is no clarity over whether the data was downloaded or not and what the hackers intend to do with it chances are bright that they might use it for additional attacks.
According to Jeremiah Fowler of Security Discovery who collaborated with Website Planet to complied this report, out of Russia’s 100 exposed cloud databases that they discovered through different tools and sources, at least 92 were compromised.
In most cases, attackers fully erased the dataset with a MeowBot-inspired script. One of these databases belonged to the CIS (Commonwealth of Independent States). Also, part of the compromised information was a dataset belonging to Russian ISP Green Dot that contained a large number of secret keys having mail.ru as the host server.
Fowler further revealed that the files stored in the compromised databases were either removed or renamed with pro-Ukrainian messages, most of which read:
“Putin stop this war,” “no war,” and “HackedByUkraine.”
Apart from the hack, the database may have exposed weak administrative credentials and emails, making employees potential targets of social engineering attacks to “gain access deeper in the organization of social engineering,” Fowler noted.
Tomi Engdahl says:
https://techcrunch.com/2022/03/10/amazon-microsoft-and-google-have-suspended-cloud-sales-in-russia/?tpcc=tcplusfacebook
Tomi Engdahl says:
Miksi Ukrainassa on kuollut niin paljon korkea-arvoisia venäläisupseereja? ”Ei se ihan normaalia ole” https://www.is.fi/ulkomaat/art-2000008674238.html
Tomi Engdahl says:
Google adds Air Raid Alerts to Android phones in Ukraine
https://techcrunch.com/2022/03/10/google-adds-air-raid-alerts-to-android-phones-in-ukraine/?tpcc=tcplusfacebook
Google is starting to introduce a rapid Air Raid Alerts system for Android phones in Ukraine, the company announced on Thursday. The new feature is the tech giant’s latest update on its response to Russia’s ongoing invasion of Ukraine.
“Tragically, millions of people in Ukraine now rely on air strike alerts to try to get to safety. At the request, and with the help, of the government of Ukraine, we’ve started rolling out a rapid Air Raid Alerts system for Android phones in Ukraine,” said Kent Walker, the president of global affairs at Google, in a blog post about the announcement.
https://blog.google/inside-google/company-announcements/helping-ukraine/
Tomi Engdahl says:
Ukrainan sota vahvisti haittaohjelmien yleistymistä
https://www.uusiteknologia.fi/2022/03/10/ukrainan-sota-vahvisti-haittaohjelmien-yleistymista/
Yhdysvaltalaisen Check Point Research mukaan maailman yleisin haitakeohjelma oli helmikuussa Emotet, joka on saanut lisäpontta Ukrainan sodasta kertovista haitallisia sähköpostiliitteistä. Suomen yleisin kyberkiusa oli edelleen kiristysohjelma Netwalker.
Tietoturvatalo Check Point tutkimustoiminnasta vastaavanCheck Point Research (CPR) mukaan Emotet on edelleen yleisin haittaohjelma vaikuttaen viiteen prosenttiin organisaatioista maailmanlaajuisesti. Sen sijaan toinen haitakeohjelma Trickbot on pudonnut top10-listan kuudennelle sijalle.
Vuonna 2021 Tri ylsi yleisimpien haittaohjelmien kärkeen seitsemän kertaa.
Tomi Engdahl says:
Huoltovarmuuskeskus: “Kyberasiantuntijoista, lannotteista ja maakaasusta voi tulla pulaa”
https://yle.fi/uutiset/3-12350826
Venäjän hyökkäys Ukrainaan on siis heijastunut myös kyberturvallisuustilanteeseen. Onko valmiutta myös siellä puolella nostettu?. – Ukrainan kriisistä huolimatta kansallinen kyberturvallisuustilanne on normaali. Verkoissa tapahtuu jatkuvasti erilaisia palvelunestohyökkäyksiä ja koko ajan on erilaisia haittaohjelmia liikkeellä. Käyttäjille ne eivät juurikaan näy, koska viranomaiset ja elinkeinoelämän toimijat hoitavat ne omin toimenpitein. Tämä kuvaa sitä Suomen varautumista, Paananen sanoo. – Kyberturvallisuuden osaajista on merkittävä pula. Osaajia on se, mitä tarvitaan, Paananen sanoo.
Tomi Engdahl says:
Russia May Use Ransomware Payouts to Avoid Sanctions https://threatpost.com/russia-ransomware-payouts-avoid-sanctions/178854/
FinCEN warns financial institutions to beware of unusual cryptocurrency payments or illegal transactions Russia may use to evade restrictions imposed due to its invasion of Ukraine. FinCEN
Alert:
https://www.fincen.gov/sites/default/files/2022-03/FinCEN%20Alert%20Russian%20Sanctions%20Evasion%20FINAL%20508.pdf
Tomi Engdahl says:
Malware Posing as Russia DDoS Tool Bites Pro-Ukraine Hackers https://threatpost.com/malware-posing-russia-ddos-tool-bites-pro-ukraine-hackers/178864/
Be careful when downloading a tool to cyber-target Russia: It could be an infostealer wolf dressed in sheep’s clothing that grabs your cryptocurrency info instead. also:
https://blog.talosintelligence.com/2022/03/threat-advisory-cybercriminals.html
Tomi Engdahl says:
Exclusive: Ukraine prepares potential move of sensitive data to another country – official https://www.reuters.com/world/europe/exclusive-ukraine-prepares-potential-move-sensitive-data-another-country-2022-03-09/
The Ukrainian government is preparing for the potential need to move its data and servers abroad if Russia’s invading forces push deeper into the country, a senior cybersecurity official told Reuters on Wednesday. “We are preparing the ground, ” Zhora said. Plan A was to protect IT infrastructure within Ukraine. Removing it to a another country would only be a “Plan B or C”.
Tomi Engdahl says:
Russia creates its own TLS certificate authority to bypass sanctions https://www.bleepingcomputer.com/news/security/russia-creates-its-own-tls-certificate-authority-to-bypass-sanctions/
Russia has created its own trusted TLS certificate authority (CA) to solve website access problems that have been piling up after sanctions prevent certificate renewals. However, for new Certificate Authorities
(CA) to be trusted by web browsers, they first needed to be vetted by various companies, which can take a long time. Currently, the only web browsers that recognize Russia’s new CA as trustworthy are the Russia-based Yandex browser and Atom products, so Russian users are told to use these instead of Chrome, Firefox, Edge, etc.
Tomi Engdahl says:
An Unhappy American’ In The Russia-Ukraine Information War Promises A Huge Leak Of Data Stolen From The Kremlin’s Internet Censor https://www.forbes.com/sites/thomasbrewster/2022/03/10/dddosecrets-in-the-russia-ukraine-information-war-promises-a-huge-leak-of-data-stolen-from-the-kremlins-internet-censor/
The data in the Roskomnadzor leak appears significant at over 800 gigabytes, totalling 340, 000 files in the first batch released today.
They don’t cover Roskomnadzor’s national operation, but within the Russian Republic of Bashkortostan, the country’s most populous republic (though one that doesn’t have autonomy).
Tomi Engdahl says:
Google rolling out Air Raid Alerts to Android users in Ukraine https://www.bleepingcomputer.com/news/google/google-rolling-out-air-raid-alerts-to-android-users-in-ukraine/
Google is rolling out an air raid alert system to all Android phones in Ukraine to help them get back to safety from incoming Russian airstrikes. The new feature was announced via an update to a March 1 blog post regarding the actions taken by Google following the Russian invasion of Ukraine. “Tragically, millions of people in Ukraine now rely on air strike alerts to try to get to safety, ” said Kent Walker, Google’s President of Global Affairs.
Tomi Engdahl says:
Itä-Suomessa jäänee kolmannes pelloista viljelemättä – lannoitteiden ja polttoaineen hinta on noussut liian kalliiksi
Jos rehuviljan saatavuus heikkenee, heikkenee myös maidon- ja lihantuotanto. Lannoitesäkkien pitäisi olla maatiloilla huhti-toukokuussa, jotta kevättyöt onnistuisivat normaalisti.
https://yle.fi/uutiset/3-12350145#:~:text=Maanviljelyss%C3%A4%20tarvittavien%20lannoitteiden%20hinta%20on,maksoi%20jo%20noin%20800%20euroa
Tomi Engdahl says:
Venäjän sota valheilla
https://yle.fi/uutiset/3-12339913
Ukraina on ollut vuosia Venäjän informaatiosodan päämaali. EU:n disinformaation torjuntaryhmä on tunnistanut yli 13 000 valeuutista, joista noin 40 prosenttia koskee Ukrainaa. Osa niistä liittyy Suomeen.
Tomi Engdahl says:
Puun tuonti Venäjältä on tyrehtymässä täysin – energiayhtiöt etsivät nyt tuontihakkeelle korvaajaa
Neljännes Suomessa poltetusta hakkeesta on tuontitavaraa, lähinnä Venäjältä.
https://www.hs.fi/talous/art-2000008672644.html
Tomi Engdahl says:
Seurannaisvaulutuksia ruokatuotantoon
https://yle.fi/uutiset/3-12350145#:~:text=Maanviljelyss%C3%A4%20tarvittavien%20lannoitteiden%20hinta%20on,maksoi%20jo%20noin%20800%20euroa
https://yle.fi/uutiset/3-12349902
https://www.is.fi/taloussanomat/art-2000008667792.html
https://yle.fi/uutiset/3-12352181?fbclid=IwAR1-ejKyqFAv88mES1E5L6DNf_RteOnlFUSHyWZbeX28yQU2hIJLXii2iGE
Tomi Engdahl says:
Facebook ja Instagram sallivat kuolemantoivotukset Venäjän joukoille – ei koske Suomea
Venäjään ja venäläisiin kohdistuva vihapuhe olisi sallittua Ukrainan sodan yhteydessä, Reutersin näkemistä sähköposteista ilmenee.
https://www.iltalehti.fi/ulkomaat/a/160562c3-e062-4663-9cbc-2e126693c84b
Meta ei ole vahvistanut eikä kieltänyt Reutersin tietoja vihapuheen sallimisesta Facebookissa ja Instagramissa. Shutterstock, AOP
Uutistoimisto Reuters kertoo, että Metan omistamat somealustat Facebook ja Instagram sallivat väliaikaisesti Venäjään ja venäläisiin kohdistuvan vihapuheen. Käyttäjiltä sallitaan Ukrainan sotaan liittyvät päivitykset, joissa toivotaan väkivaltaa ja kuolemaa Venäjää ja venäläisiä kohtaan.
Reutersin mukaan asia ilmenee sen näkemistä Metan sisäisistä sähköpostiviesteistä Facebookin ja Instagramin moderaattoreiden kesken.
Tomi Engdahl says:
Miten Ukrainan sota voi päättyä? Tässä viisi vaihtoehtoa
https://yle.fi/uutiset/3-12352551
Yle kysyi kolmelta asiantuntijalta, miten kaksi viikkoa kestänyt Ukrainan sota voisi päättyä tai millaisena se pitkittyessään jatkuisi. Näkemysten mukaan sodassa alkavat olla käsillä sen jatkon kannalta ratkaisevat hetket.
Tomi Engdahl says:
Russia claimed to discover U.S.-funded biological weapon facilities in Ukraine this week, an evidence-free allegation the United States quickly denied and cast as another Kremlin attempt to weaponize conspiracy theories to justify its invasion of Ukraine
https://www.forbes.com/sites/zacharysmith/2022/03/10/how-russia-sowed-a-conspiracy-theory-about-us-bioweapons-in-ukraine/?sh=1c1304805a9f&utm_source=ForbesMainFacebook&utm_campaign=socialflowForbesMainFB&utm_medium=social
Tomi Engdahl says:
Bill Toulas / BleepingComputer:
Russia has created its own trusted TLS certificate authority as sanctions prevent Russian sites from renewing existing TLS certificates — Russia has created its own trusted TLS certificate authority (CA) to solve website access problems that have been piling up after sanctions prevent certificate renewals.
Russia creates its own TLS certificate authority to bypass sanctions
https://www.bleepingcomputer.com/news/security/russia-creates-its-own-tls-certificate-authority-to-bypass-sanctions/
Russia has created its own trusted TLS certificate authority (CA) to solve website access problems that have been piling up after sanctions prevent certificate renewals.
The sanctions imposed by western companies and governments are preventing Russian sites from renewing existing TLS certificates, causing browsers to block access to sites with expired certificates.