Ukraine and Russia seems to be at the moments on both traditional and cyber war. We could call that hybrid warfare. We are at a cyber war. Countless examples exist of damage to infrastructure from hostile acts via computer attacks. Russia’s invasion of Ukraine has been a hybrid war from the start, a mix of conventional military strategy — traditional “boots on the ground” — and a slightly more unconventional, digital or cyberwar. On the morning of February 22, 2022, the world woke to the news that Russia had moved troops into two separatist regions of eastern Ukraine. Russia started to conduct attacks to Ukraine on February 24. Before physical attacks Russia did several cyber attacks towards IT systems in Ukraine.
Here are links to some material on the cyber side of this war:
How the Eastern Europe Conflict Has Polarized Cyberspace
https://blog.checkpoint.com/2022/02/27/how-the-eastern-europe-conflict-polarized-cyberspace/
The war between Russia and Ukraine is advancing. People everywhere are deciding who they will support. The same dynamic happens in the cyberspace. Hacktivists, cybercriminals, white hat researchers or even technology companies are picking a clear side, emboldened to act on behalf of their choices. Historically, Russia has had superiority over Ukraine in the cyberspace. And last week, Ukraine was attacked by destructive wiping malware. However, the situation is starting to change, as most of the non-nation cyber state actors are taking the side of Ukraine. To defend itself, the Ukrainian government has created an international IT army of hacktivists.
As war escalates in Europe, it’s ‘shields up’ for the cybersecurity industry
https://techcrunch.com/2022/03/02/as-war-escalates-in-europe-its-shields-up-for-the-cybersecurity-industry/
In unprecedented times, even government bureaucracy moves quickly. As a result of the heightened likelihood of cyberthreat from Russian malactor groups, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) — part of the Department of Homeland Security — issued an unprecedented warning recommending that “all organizations — regardless of size — adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.”
Digital technology and the war in Ukraine
https://blogs.microsoft.com/on-the-issues/2022/02/28/ukraine-russia-digital-war-cyberattacks/
All of us who work at Microsoft are following closely the tragic, unlawful and unjustified invasion of Ukraine. This has become both a kinetic and digital war, with horrifying images from across Ukraine as well as less visible cyberattacks on computer networks and internet-based disinformation campaigns. We are fielding a growing number of inquiries about these aspects and our work, and therefore we are putting in one place a short summary about them in this blog. This includes four areas: protecting Ukraine from cyberattacks; protection from state-sponsored disinformation campaigns; support for humanitarian assistance; and the protection of our employees.. Also:
https://threatpost.com/microsoft-ukraine-foxblade-trojan-hours-before-russian-invasion/178702/
Ukraine: Cyberwar creates chaos, ‘it won’t win the war’
https://www.dw.com/en/ukraine-cyberwar-creates-chaos-it-wont-win-the-war/a-60999197
There have been at least 150 cyberattacks in Ukraine since Russia’s invasion. Their effect is mainly psychological, and experts say they won’t decide the war.
Russia’s invasion of Ukraine has been a hybrid war from the start, a mix of conventional military strategy — traditional “boots on the ground” — and a slightly more unconventional, digital or cyberwar.
The global technology company Microsoft has said its Threat Intelligence Center (MSTIC) detected “destructive cyberattacks directed against Ukraine’s digital infrastructure” hours before the first launch of missiles or movement of tanks on February 24.
Those attacks, which Microsoft dubbed FoxBlade, included so-called wipers — malicious software or malware — that make their way inside computer networks and literally wipe the data from all connected devices.
Cybersecurity experts in Germany have said there have been over a hundred cyberattacks, in various forms, since then. But their effect has mainly been psychological.
Why Russia Hasn’t Launched Major Cyber Attacks Since the Invasion of Ukraine
https://time.com/6153902/russia-major-cyber-attacks-invasion-ukraine/
In the relatively short and rapidly evolving history of cyber conflict, perhaps nothing has been established with greater certainty and more widely accepted than the idea that Russia has significant cyber capabilities and isn’t afraid to use them—especially on Ukraine. In 2015, Russian government hackers breached the Ukrainian power grid, leading to widespread outages. In 2017, Russia deployed the notorious NotPetya malware via Ukrainian accounting software and the virus quickly spread across the globe costing businesses billions of dollars in damage and disruption.
As tensions escalated between Russia and Ukraine, many people were expecting the conflict to have significant cyber components.
But as the invasion continues with few signs of any sophisticated cyber conflict, it seems less and less likely that Russia has significant cyber capabilities in reserve, ready to deploy if needed. Instead, it begins to look like Russia’s much vaunted cyber capabilities have been neglected in recent years, in favor of developing less expensive, less effective cyber weapons that cause less widespread damage and are considerably easier to contain and defend against. For instance, many of the cyberattacks directed at Ukraine in the past month have been relatively basic distributed denial-of-service attacks.
Given Russia’s past willingness to deploy cyberattacks with far-reaching, devastating consequences, it would be a mistake to count out their cyber capabilities just because they have so far proven unimpressive. And it’s all but impossible to prove the absence of cyber weapons in a nation’s arsenal. But the longer the conflict goes on without any signs of sophisticated cyber sabotage, the more plausible it becomes that the once formidable Russian hackers are no longer playing a central role in the country’s military operations.
Crowd-sourced attacks present new risk of crisis escalation
https://blog.talosintelligence.com/2022/03/ukraine-update.html
An unpredictable and largely unknown set of actors present a threat to organizations, despite their sometimes unsophisticated techniques.
Customers who are typically focused on top-tier, state-sponsored attacks should remain aware of these highly motivated threat actors, as well. Misattribution of these actors carries the risk of nations escalating an already dangerous conflict in Ukraine. Based on data from our fellow researchers at Cisco Kenna, customers should be most concerned about threat actors exploiting several recently disclosed vulnerabilities, highlighting the importance of consistently updating software and related systems.
Russia, Ukraine and the Danger of a Global Cyberwar
https://www.securityweek.com/russia-ukraine-and-danger-global-cyberwar
On the morning of February 22, 2022, the world woke to the news that Russia had moved troops into two separatist regions of eastern Ukraine. At the time of writing, it is not yet a full invasion of Ukraine, but Russia did conduct attacks on February 24, hitting cities with airstrikes and artillery in what was called a “special military operation” by Russian President Vladamir Putin.
Russia has been waging its own cyberwar against Ukraine for many years.
Since the beginning of 2022, however, it seems that Russian cyber activity against Ukraine has increased. This includes evidence that wiper malware has again disrupted some Ukrainian government networks, and attacks from the FSB-linked Gamaredon have targeted around 5,000 entities, including critical infrastructure and government departments. So far, however, there has not been the same scale of disruption as occurred in 2015, 2016 and 2017.
The purpose of such cyber activity is to weaken critical infrastructure, damage government’s ability to respond to any aggression, and to demoralize the population.
The U.S. has been warning the rest of the world against a potential widening scope of Russian cyber activity, and that cyber defenses generally should be tightened.
“Part of the worry,” said Willett, “is that cyberattacks against Ukraine might bleed over, like NotPetya, to affect other countries and cause wider damage unintentionally. There is some concern that the Russians may intentionally do stuff more widely, but that would probably be in retaliation for something that the U.S. or NATO might do.
This raises the whole question of ‘attribution’. The received belief is it is impossible to do accurate cyber attribution. ““It would be a mistake for any one nation to think it could attack another without being known,” said Willett.That is absolutely wrong,” said Willett.
But accidents happen. The two iconic cyberweapons have been Stuxnet and NotPetya. It is assumed that the U.S. developed Stuxnet (although this has never been admitted). NotPetya has been confidently attributed to the Russian government. Both malwares escaped from their assumed targets into the wider world. This was probably accidental – but similar accidents could lead to wider implications during a period of global geopolitical tension.
On the morning of February 24, 2022, Russian troops invaded Ukraine. This was accompanied by a further increase in cyber activity.
Ukraine Digital Army Brews Cyberattacks, Intel and Infowar
https://www.securityweek.com/ukraine-digital-army-brews-cyberattacks-intel-and-infowar
Formed in a fury to counter Russia’s blitzkrieg attack, Ukraine’s hundreds-strong volunteer “hacker” corps is much more than a paramilitary cyberattack force in Europe’s first major war of the internet age. It is crucial to information combat and to crowdsourcing intelligence.
Inventions of the volunteer hackers range from software tools that let smartphone and computer owners anywhere participate in distributed denial-of-service attacks on official Russian websites to bots on the Telegram messaging platform that block disinformation, let people report Russian troop locations and offer instructions on assembling Molotov cocktails and basic first aid.
The movement is global, drawing on IT professionals in the Ukrainian diaspora whose handiwork includes web defacements with antiwar messaging and graphic images of death and destruction in the hopes of mobilizing Russians against the invasion.
The cyber volunteers’ effectiveness is difficult to gauge. Russian government websites have been repeatedly knocked offline, if briefly, by the DDoS attacks, but generally weather them with countermeasures.
It’s impossible to say how much of the disruption — including more damaging hacks — is caused by freelancers working independently of but in solidarity with Ukrainian hackers.
A tool called “Liberator” lets anyone in the world with a digital device become part of a DDoS attack network, or botnet. The tool’s programmers code in new targets as priorities change.
Ukraine Cyber Official: We Only Attack Military Targets
https://www.securityweek.com/ukraine-cyber-official-we-only-attack-military-targets
A top Ukrainian cybersecurity official said Friday a volunteer army of hundreds of hackers enlisted to fight Russia in cyberspace is attacking only what it deems military targets, prioritizing government services including the financial sector, Kremlin-controlled media and railways.
Victor Zhora, deputy chair of the state special communications service, also said that there had been about 10 hostile hijackings of local government websites in Ukraine to spread false text propaganda saying his government had capitulated. He said most of Ukraine’s telecommunications and internet were fully operational.
Zhora told reporters in a teleconference that presumed Russian hackers continued to try to spread destructive malware in targeted email attacks on Ukrainian officials and — in what he considers a new tactic — trying to infect the devices of individual citizens.
Army of Cyber Hackers Rise Up to Back Ukraine
https://www.securityweek.com/army-cyber-hackers-rise-back-ukraine
An army of volunteer hackers is rising up in cyberspace to defend Ukraine, though internet specialists are calling on geeks and other “hacktivists” to stay out of a potentially very dangerous computer war.
According to Livia Tibirna, an analyst at cyber security firm Sekoia, nearly 260,000 people have joined the “IT Army” of volunteer hackers, which was set up at the initiative of Ukraine’s digital minister Mykhailo Fedorov.
The group, which can be accessed via the encrypted messaging service Telegram, has a list of potential targets in Russia, companies and institutions, for the hackers to target.
It’s difficult to judge the effect the cyber-army is having.
Russia Releases List of IPs, Domains Attacking Its Infrastructure with DDoS Attacks
https://thehackernews.com/2022/03/russia-releases-list-of-ips-domains.html
Russia Blocks Access to Facebook Over War
https://www.securityweek.com/russia-blocks-access-facebook-over-war
Russia’s state communications watchdog has ordered to completely block access to Facebook in Russia amid the tensions over the war in Ukraine.
The agency, Roskomnadzor, said Friday it decided to cut access to Facebook over its alleged “discrimination” of the Russian media and state information resources. It said the restrictions introduced by Facebook owner Meta on the RT and other state-controlled media violate the Russian law.
Cyberattack Knocks Thousands Offline in Europe
https://www.securityweek.com/cyberattack-knocks-thousands-offline-europe
Thousands of internet users across Europe have been thrown offline after what sources said Friday was a likely cyberattack at the beginning of Russia’s offensive in Ukraine.
According to Orange, “nearly 9,000 subscribers” of a satellite internet service provided by its subsidiary Nordnet in France are without internet following a “cyber event” on February 24 at Viasat, a US satellite operator of which it is a client.
Eutelsat, the parent company of the bigblu satellite internet service, also confirmed to AFP on Friday that around one-third of bigblu’s 40,000 subscribers in Europe, in Germany, France, Hungary, Greece, Italy and Poland, were affected by the outage on Viasat.
In the US, Viasat said on Wednesday that a “cyber event” had caused a “partial network outage” for customers “in Ukraine and elsewhere” in Europe who rely on its KA-SAT satellite.
Viasat gave no further details, saying only that “police and state partners” had been notified and were “assisting” with investigations.
General Michel Friedling, head of France’s Space Command said there had been a cyberattack.
Cybercriminals Seek to Profit From Russia-Ukraine Conflict
https://www.securityweek.com/cybercriminals-seek-profit-russia-ukraine-conflict
Dark web threat actors are looking to take advantage of the tensions between Russia and Ukraine, offering network access and databases that could be relevant to those involved in the conflict, according to a new report from Accenture.
Since mid-January, cybercriminals have started to advertise compromised assets relevant to the Russia-Ukraine conflict, and they are expected to increase their offering of databases and network access, with potentially crippling effects for the targeted organizations.
Just over a month ago, soon after the destructive WhisperGate attacks on multiple government, IT, and non-profit organizations in Ukraine, threat actors started to advertise on the dark web access to both breached networks and databases that allegedly contained personally identifiable information (PII).
Amid Russian invasion, Ukraine granted formal role with NATO cyber hub https://therecord.media/amid-russian-invasion-ukraine-granted-formal-role-with-nato-cyber-hub/
Ukraine was granted the formal role of “contributing participant” to the hub, known as the Cooperative Cyber Defence Centre of Excellence (CCDCOE), by its 27-member steering committee, the organization announced. “Ukraine’s presence in the Centre will enhance the exchange of cyber expertise, between Ukraine and CCDCOE member nations, ” Col.
Jaak Tarien, the institution’s director, said in a statement.
This Ukrainian cyber firm is offering hackers bounties for taking down Russian sites https://therecord.media/this-ukrainian-cyber-firm-is-offering-hackers-bounties-for-taking-down-russian-sites/
In the days following Russia’s invasion of Ukraine, dozens of hacking groups have taken sides in the conflict, launching attacks on various organizations and government institutions. Cyber Unit Technologies, a Kyiv-based cybersecurity startup, has been particularly outspoken on Tuesday, the company started a campaign to reward hackers for taking down Russian websites and pledged an initial $100, 000 to the program.
High Above Ukraine, Satellites Get Embroiled in the War
https://www.wired.com/story/ukraine-russia-satellites/
While the Russian invasion rages on the ground, companies that operate data-collecting satellites find themselves in an awkward position.
Some researchers are worried that the reliance on satellite imagery has given too much power to the companies that control this technology. “There’s companies like Maxar and Planet that are privately owned and they have the final say on whether or not they want to share the information, ” says Anuradha Damale. The role of private companies in conflicts such as Ukraine means commercial satellites could become targets. In the days before Russia invaded, US space officials warned satellite companies that the conflict could extend into space.
CISA Releases Advisory on Destructive Malware Targeting Organizations in Ukraine https://www.cisa.gov/uscert/ncas/current-activity/2022/02/26/cisa-releases-advisory-destructive-malware-targeting-organizations
CISA and the Federal Bureau of Investigation have released an advisory on destructive malware targeting organizations in Ukraine. The advisory also provides recommendations and strategies to prepare for and respond to destructive malware. Additionally, CISA has created a new Shields Up Technical Guidance webpage that details other malicious cyber activity affecting Ukraine. The webpage includes technical resources from partners to assist organizations against these threats.
Alert: https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
US firms should be wary of destructive malware unleashed on Ukraine, FBI and CISA warn – CNNPolitics
https://www.cnn.com/2022/02/26/politics/ukraine-malware-warning-cybersecurity-fbi-cisa/index.html
EU Activates Cyber Rapid Response Team Amid Ukraine Crisis
https://www.bankinfosecurity.com/eu-activates-cyber-rapid-response-team-amid-ukraine-crisis-a-18584
Amid rapid escalation in the Russia-Ukraine conflict derived from historical grievances and qualms with Ukraine’s plan to join the military alliance NATO, the world’s network defenders remain on high alert. And on Tuesday, the European Union confirmed that it will activate its elite cybersecurity team to assist Ukrainians if Russian cyberattacks occur.
UK alludes to retaliatory cyber-attacks on Russia
https://therecord.media/uk-alludes-to-retaliatory-cyber-attacks-on-russia/
The UK government alluded yesterday that it might launch offensive cyber operations against Russia if the Kremlin attacks UK computer systems after an invasion of Ukraine.
Amazon: Charities, aid orgs in Ukraine attacked with malware
https://www.bleepingcomputer.com/news/security/amazon-charities-aid-orgs-in-ukraine-attacked-with-malware/
Charities and non-governmental organizations (NGOs) providing critical support in Ukraine are targeted in malware attacks aiming to disrupt their operations and relief efforts seeking to assist those affected by Russia’s war. Amazon has detected these attacks while working with the employees of NGOs, charities, and aid organizations, including UNICEF, UNHCR, World Food Program, Red Cross, Polska Akcja Humanitarna, and Save the Children.
Ransomware Used as Decoy in Destructive Cyberattacks on Ukraine
https://www.securityweek.com/ransomware-used-decoy-destructive-cyberattacks-ukraine
Destructive ‘HermeticWiper’ Malware Targets Computers in Ukraine
https://www.securityweek.com/destructive-hermeticwiper-malware-targets-computers-ukraine
Just as Russia was preparing to launch an invasion of Ukraine, Ukrainian government websites were disrupted by DDoS attacks and cybersecurity firms reported seeing what appeared to be a new piece of malware on hundreds of devices in the country.
The new malware, dubbed “HermeticWiper” by the cybersecurity community, is designed to erase infected Windows devices. The name references a digital certificate used to sign a malware sample — the certificate was issued to a Cyprus-based company called Hermetica Digital.
“At this time, we haven’t seen any legitimate files signed with this certificate. It’s possible that the attackers used a shell company or appropriated a defunct company to issue this digital certificate,” explained endpoint security firm SentinelOne, whose researchers have been analyzing the new malware.
The malware has also been analyzed by researchers at ESET and Symantec. Each of the companies has shared indicators of compromise (IoCs) associated with HermeticWiper.
ESET first spotted HermeticWiper on Wednesday afternoon (Ukraine time) and the company said hundreds of computers in Ukraine had been compromised.
HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine https://www.sentinelone.com/labs/hermetic-wiper-ukraine-under-attack/
On February 23rd, the threat intelligence community began observing a new wiper malware sample circulating in Ukrainian organizations. Our analysis shows a signed driver is being used to deploy a wiper that targets Windows devices, manipulating the MBR resulting in subsequent boot failure. This blog includes the technical details of the wiper, dubbed HermeticWiper, and includes IOCs to allow organizations to stay protected from this attack. This sample is actively being used against Ukrainian organizations, and this blog will be updated as more information becomes available. Also:
https://www.welivesecurity.com/2022/02/24/hermeticwiper-new-data-wiping-malware-hits-ukraine/
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ukraine-wiper-malware-russia
https://www.bleepingcomputer.com/news/security/new-data-wiping-malware-used-in-destructive-attacks-on-ukraine/
HermeticWiper: A detailed analysis of the destructive malware that targeted Ukraine https://blog.malwarebytes.com/threat-intelligence/2022/03/hermeticwiper-a-detailed-analysis-of-the-destructive-malware-that-targeted-ukraine/
The day before the invasion of Ukraine by Russian forces on February 24, a new data wiper was unleashed against a number of Ukrainian entities. This malware was given the name “HermeticWiper” based on a stolen digital certificate from a company called Hermetica Digital Ltd. This wiper is remarkable for its ability to bypass Windows security features and gain write access to many low-level data-structures on the disk. In addition, the attackers wanted to fragment files on disk and overwrite them to make recovery almost impossible.
In Ukraine, Online Gig Workers Keep Coding Through the War
https://www.wired.com/story/gig-work-in-ukraine/
Freelancers or gig workers who piece together work on online platforms are a hidden engine of the Ukrainian economyand the world’s. They work as software engineers, project managers, IT technicians, graphic designers, editors, and copywriters. And they work for everyone.
Invading Russian forces have plunged freelancers’ home offices into chaos and uncertainty. Vlad, a video editor in southern Ukraine, says he’s grown accustomed to the air alarm signal, and hiding until it has passed. Now there are battles 30 miles from his home. “But as long as there is water, electricity, and internet, I can work, ” he says.
“Because we all need to live for something, eat
Leaving Russia? Experts Say Wipe Your Phone Before You Go
https://www.forbes.com/sites/thomasbrewster/2022/03/04/russians-escaping-putins-repression-urged-to-wipe-their-phones/
Russians fleeing President Vladimir Putin’s regime as it cracks down on anti-war sentimentand rumors of martial law grow louderare being advised to wipe their phones, especially of any traces of support for Ukraine. If they don’t, experts say they may face detention. They’re starting by deleting messages on Signal, Telegram or any app that promises security. For those leaving the country, they’re deleting the apps themselves, and urging others to do the same. Russian media has first-hand accounts of lengthy interrogations at the border, along with phone and laptop searches, though Forbes could not corroborate those claims.
Why ICANN Won’t Revoke Russian Internet Domains
The organization says cutting the country off would have “devastating” effects on the global internet system.
https://www.wired.com/story/why-icann-wont-revoke-russian-internet-domains/#intcid=_wired-bottom-recirc_8e802014-a05f-48c5-89e8-9dad931361ad_text2vec1-reranked-by-vidi
Ukraine on Monday asked ICANN to revoke Russian top-level domains such as .ru, .рф, and .su; to “contribute to the revoking for SSL certificates” of those domains; and to shut down DNS root servers in Russia. Fedorov argued that the requested “measures will help users seek for reliable information in alternative domain zones, preventing propaganda and disinformation.”
Ukraine’s request to cut Russia off from core parts of the internet has been rejected by the nonprofit group that oversees the Internet’s Domain Name System (DNS). CEO Göran Marby of the Internet Corporation for Assigned Names and Numbers (ICANN) said the group must “maintain neutrality and act in support of the global internet.”
“Our mission does not extend to taking punitive actions, issuing sanctions, or restricting access against segments of the internet—regardless of the provocations,” Marby wrote in his response to Ukraine Vice Prime Minister Mykhailo Fedorov.
https://www.icann.org/en/system/files/correspondence/marby-to-fedorov-02mar22-en.pdf
TikTok Was Designed for War
As Russia’s invasion of Ukraine plays out online, the platform’s design and algorithm prove ideal for the messiness of war—but a nightmare for the truth.
https://www.wired.com/story/ukraine-russia-war-tiktok/#intcid=_wired-bottom-recirc_8e802014-a05f-48c5-89e8-9dad931361ad_text2vec1-reranked-by-vidi
2,362 Comments
Tomi Engdahl says:
Näillä aseilla Ukraina nyt puolustautuu – lennokit ja ohjukset kylvävät tuhoa venäläisjoukoissa https://www.is.fi/ulkomaat/art-2000008675005.html
Tomi Engdahl says:
Exclusive: Ukraine halts half of world’s neon output for chips
https://www.reuters.com/technology/exclusive-ukraine-halts-half-worlds-neon-output-chips-clouding-outlook-2022-03-11/
Ukraine’s two leading suppliers of neon, which produce about half the world’s supply of the key ingredient for making chips, have halted their operations as Moscow has sharpened its attack on the country, threatening to raise prices and aggravate the semiconductor shortage.
Tomi Engdahl says:
Suomalaiset huolestuivat infovaikuttamisesta, suojelupoliisi tyynnyttelee: ”Supo seuraa tilannetta puolestasi” https://www.iltalehti.fi/kotimaa/a/e8ac9a58-8fe0-4d14-b74a-6d901c703e4c
Tomi Engdahl says:
Hakkereilta uusi irvailu Vladimir Putinille – haamulento FCKPUTIN kiersi ympyrää Kiovan taivaalla https://www.is.fi/digitoday/art-2000008676002.html
Tomi Engdahl says:
Venäjä aikoo estää Whatsappin ja Instagramin käytön – Interfax: Syyttäjät pyytävät nimeämään Metan ”äärijärjestöksi” https://www.is.fi/digitoday/art-2000008676248.html
Tomi Engdahl says:
https://www.reuters.com/technology/exclusive-ukraine-halts-half-worlds-neon-output-chips-clouding-outlook-2022-03-11/
Tomi Engdahl says:
https://docendo.fi/sivu/tuote/putinin-sisapiirissa/3816797
Tomi Engdahl says:
Cloudflare to auto-brick servers that go offline in Ukraine, Russia
https://www.bleepingcomputer.com/news/security/cloudflare-to-auto-brick-servers-that-go-offline-in-ukraine-russia/
Cloudflare announced that it is taking drastic measures to protect data of customers in Eastern Europe under current conditions of the Russian invasion of Ukraine.
The U.S.-based web infrastructure and security company known for its DDoS mitigation services announced its decision to stay in the Russian market, albeit with some aspects of its business suspended.
To protect client data during the ongoing conflicts, Cloudflare has removed all customer encryption keys from data centers located in Ukraine, Russia, and Belarus, and deployed its “Keyless SSL” technology.
This technology enables organizations to use a cloud vendor for SSL/TLS encryption without giving them the master key. The system moves the private key handshake off of the vendor’s server and replaces it with secure “session keys”.
Tomi Engdahl says:
https://threatpost.com/malware-posing-russia-ddos-tool-bites-pro-ukraine-hackers/178864/
Tomi Engdahl says:
Moskovaan on luvassa pörssin jättiromahdus – pelko pääomapaosta on pitänyt pörssin kiinni jo pidempään kuin koskaan Neuvostoliiton jälkeen
https://yle.fi/uutiset/3-12348709
Tomi Engdahl says:
Google: Russian Hackers Target Ukrainians, European Allies via Phishing Attacks
https://thehackernews.com/2022/03/google-russian-hackers-target.html?m=1
A broad range of threat actors, including Fancy Bear, Ghostwriter, and Mustang Panda, have launched phishing campaigns against Ukraine, Poland, and other European entities amid Russia’s invasion of Ukraine.
Google’s Threat Analysis Group (TAG) said it took down two Blogspot domains that were used by the nation-state group FancyBear (aka APT28) – which is attributed to Russia’s GRU military intelligence – as a landing page for its social engineering attacks.
The disclosure comes close on the heels of an advisory from the Computer Emergency Response Team of Ukraine (CERT-UA) warning of phishing campaigns targeting Ukr.net users that involve sending messages from compromised accounts containing links to attacker-controlled credential harvesting pages.
Tomi Engdahl says:
https://www.uusiteknologia.fi/2022/03/10/itarajan-gps-hairiot-poikivat-seminaarin-helsinkiin/
Tomi Engdahl says:
Russia Will Probably Legalize Some Software Piracy to Mitigate Sanctions
https://torrentfreak.com/russia-will-probably-legalize-some-software-piracy-to-mitigate-sanctions-220307/
Tomi Engdahl says:
Exclusive: Ukraine prepares potential move of sensitive data to another country – official
https://www.reuters.com/world/europe/exclusive-ukraine-prepares-potential-move-sensitive-data-another-country-2022-03-09/
Tomi Engdahl says:
Unprecedented Fed Action May Have Just Started a Global Currency Crisis
The Fed took an unprecedented as well as illegal action on Russia that constitutes economic warfare and may easily start a currency crisis or something even worse.
https://mishtalk.com/economics/unprecedented-fed-action-potentially-starts-a-global-currency-crisis
Tomi Engdahl says:
UKRAINE UPDATE: Russia Opens Criminal Inquiry Into Meta, Moves To Block All Services https://trib.al/VvWuMJY
Tomi Engdahl says:
The State of Ukraine’s Nuclear Plants in the First Weeks of War Catastrophe has so far been avoided—but for how long?
https://spectrum.ieee.org/ukraine-nuclear-power-russia
Tomi Engdahl says:
https://www.rawstory.com/russia-ukraine-war/
Tomi Engdahl says:
https://www.iflscience.com/space/russia-releases-strange-vaguely-threatening-video-of-the-iss-being-dismantled/
Tomi Engdahl says:
Attack On Europe: Documenting Equipment Losses During The 2022 Russian Invasion Of Ukraine
https://www.oryxspioenkop.com/2022/02/attack-on-europe-documenting-equipment.html
Tomi Engdahl says:
Hakkeriryhmä Anonymous iski venäläisiin TV-kanaviin – pimennossa oleville kansalaisille näytetään kuvia pommituksesta
https://www.mtvuutiset.fi/artikkeli/hakkeriryhma-anonymous-iski-venalaisiin-tv-kanaviin-pimennossa-oleville-kansalaisille-naytetaan-kuvia-pommituksesta/8372262#gs.tctvl1
Tomi Engdahl says:
Ukrainian CERT Warns Citizens of Phishing Attacks Using Compromised Accounts
https://thehackernews.com/2022/03/ukrainian-cert-warns-citizens-of.html
Tomi Engdahl says:
Poutine not Putin: classic Quebec dish off the menu in France and Canada
French restaurant threatened for selling fries, cheese and gravy snack that sounds like the Russian leader
https://www.theguardian.com/world/2022/mar/06/poutine-not-putin-classic-quebec-dish-under-fire-in-france?CMP=fb_gu&utm_medium=Social&utm_source=Facebook#Echobox=1646601650
Tomi Engdahl says:
‘Extremely Destructive’ Russian Cyberattacks Could Cost U.S. Billions Of Dollars In Economic Damage, Goldman Warns
https://www.forbes.com/sites/jonathanponciano/2022/03/07/extremely-destructive-russian-cyberattacks-could-cost-us-billions-of-dollars-in-economic-damage-goldman-warns/
As Russia’s invasion of Ukraine escalates tensions with the U.S. and its allies, economists at Goldman Sachs are warning either side could resort to malicious cyber activity targeting companies and critical infrastructure as a means to inflict significant economic damage while avoiding direct military conflict, though there are indications that the U.S. may have an economic upper hand that helps deter risk.
Tomi Engdahl says:
SpaceX shifts resources to cybersecurity to address Starlink jamming
https://spacenews.com/spacex-shifts-resources-to-cybersecurity-to-address-starlink-jamming/
Tomi Engdahl says:
Here’s what those mysterious white ‘Z’ markings on Russian military equipment may mean
‘They’re different from what you normally see on Russian vehicles.’
https://taskandpurpose.com/analysis/russian-military-equipment-white-markings/
Tomi Engdahl says:
Russia Analysis by Finnish Intelligence Colonel [English subtitles]
https://m.youtube.com/watch?v=CvonRMSuFpw
Tomi Engdahl says:
https://github.com/curated-intel/Ukraine-Cyber-Operations
Tomi Engdahl says:
Historiallinen myrkkycocktail romahdutti Venäjän talouden https://www.iltalehti.fi/politiikka/a/3cb2a2fe-52b9-4ce4-bff5-5734794096b2
Tomi Engdahl says:
Ukrainan sota voi vaikuttaa lihansyöntiisi – tässä syy https://www.iltalehti.fi/kotimaa/a/44b260a3-94be-4841-bf77-9602006d0c60
Tomi Engdahl says:
Anonymous kertoo murtautuneensa Venäjän propagandakeskukseen: Vuoti arkaluontoisia tietoja https://www.iltalehti.fi/digiuutiset/a/eef02fe9-a060-4ac3-bf73-2aafad75a46d
Tomi Engdahl says:
‘We Are the First in the World to Introduce This New Warfare’: Ukraine’s Digital Battle Against Russia
https://www.politico.com/news/magazine/2022/03/08/ukraine-digital-minister-crypto-cyber-social-media-00014880
Ukraine’s deputy digital minister explains how the country is wielding crypto, Big Tech, social media and a volunteer hacker army against Russia.
For almost two weeks, people across the world have seen photos and videos of Ukrainian civilians taking up arms alongside members of the military, determined to defend their country against Russia’s brutal invasion. Outside the view of the cameras, though, Ukraine is confronting Russia on a second front — in cyberspace.
Since Russia’s invasion last month, Bornyakov and the ministry have been working with social media companies to combat Russian disinformation and marshaling the support of global tech giants — including Elon Musk, who provided satellite technology to help keep the internet running in Ukraine. The 40-year-old deputy minister also is leading a cryptocurrency crowdfunding effort, raising about $70 million in crypto donations to date, which Bornyakov says go directly into government coffers to fund Ukraine’s civilian resistance.
Perhaps the most powerful weapon in Ukraine’s digital arsenal, and one of the riskiest, is the so-called IT Army of Ukraine — a diffuse group of civilian hackers from around the world who have volunteered to take down Russian and Russian-aligned sites. Bornyakov said his team has been giving the group “tasks” through a Telegram channel with more than 300,000 members.
“We are the first in the world to introduce this new warfare. And it’s powerful, yet simple at the same time,” he told me. “It’s impossible to disrupt it or break it down.”
EL: How are communications channels holding up in Ukraine?
AB: Generally, throughout the country, the communication is pretty stable. And it was actually quite good during the first days of the war because I think the invaders had this vision that they would just walk into the cities, and people would be throwing flowers, and they would just win. And there would be this great picture of — and I quote — “liberating” Ukrainian cities. But they didn’t think that when you conduct a war, you shut down the enemy’s communication infrastructure. They didn’t even bother with that.
EL: Ukraine has been the target of Russian cyberattacks for years. So, you have been working on improving cybersecurity for some time, right?
AB: Yes, since 2014 [after Russia seized Crimea]. Before this, major communications and cell companies in Ukraine were owned by Russians. One major company was purely Russian-owned, and it was sold to Vodafone. Another was Kyivstar, a major communications company that Russians owned a huge share of. So, a process started to abandon Russian-owned infrastructure.
Tomi Engdahl says:
Venäjän televisiossa vierailleet alkoivat kritisoida Ukrainan sotaa kesken ohjelman https://www.is.fi/ulkomaat/art-2000008677376.html
Tomi Engdahl says:
Russia opened a criminal case against Facebook’s parent Meta Platforms on Friday after the social network changed its hate speech rules to allow users to call for “death to the Russian invaders” in the context of the war with Ukraine.
Russia opens criminal investigation of Meta over death calls on Facebook
https://lm.facebook.com/l.php?u=https%3A%2F%2Fwww.reuters.com%2Fworld%2Fkremlin-says-meta-would-have-cease-work-russia-if-reuters-report-is-true-2022-03-11%2F%3Futm_campaign%3DtrueAnthem%253A%2BTrending%2BContent%26utm_medium%3DtrueAnthem%26utm_source%3Dfacebook&h=AT3x-_iQWKdU9KZzw67AE_d-oagUe_9lnxADM3EAjuLQ-pccuefAc8wwG3jOwgfAuqhB4WAPcfsmlZZ_M-eUyV_Ojx6y0g5VYNRGFWkeJqt6SY8h5pKktBCk4okRau3d5A
Facebook owner defends policy on calls for violence that angered Russia
https://www.reuters.com/world/kremlin-says-meta-would-have-cease-work-russia-if-reuters-report-is-true-2022-03-11/
Tomi Engdahl says:
Se mitä Putin sanoo on varmasti epäaitoa totuutta, pravda eikä aitoa totuutta istina.
“Suomenkielessä sanalle totuus ei ole synonyymiä, mutta venäjässäkään pravda ja istina eivät tarkoita täsmälleen samaa. Istina kuvaa absoluuttista, objektiivista totuutta, sitä miten asiat ovat tai miten ne ovat tapahtuneet. Pravda sen sijaan kertoo pikemminkin sen, miten asiat pitää ymmärtää tai miten niiden pitäisi olla. Kun kuuntelemme Venäjän poliittisen johdon – ja nykyisin muidenkin venäläisten – puhetta Ukrainasta, meidän tulisi ymmärtää, että siinä on kyse pravdasta, ei istinasta.”
https://www.kaleva.fi/venajan-kaksi-totuutta/1682188
Tomi Engdahl says:
Venäjällä uusien sotalakien rikkomisessa käytetään sanontaa: “Levittää virallisen totuuden vastaista tietoa”
Tomi Engdahl says:
Finnish govt agency warns of unusual aircraft GPS interference
https://www.bleepingcomputer.com/news/technology/finnish-govt-agency-warns-of-unusual-aircraft-gps-interference/
The origin of the interference remains unknown, but based on numerous reports submitted to the agency from various sources, it has started during the weekend and is still ongoing.
Notably, on Sunday, several Transaviabaltika planes flying to Savonlinna, Finland, were forced to return to Tallinn, Estonia, due to a failure in the onboard GPS navigation system.
GPS (global positioning system) is a radio-navigation system relying on a link of four or more satellites that beam geolocation and time information to the receiver.
This spoofing is relatively easy because the actual GPS signal is weak, and receiver antennas aren’t sensitive.
The equipment required to perform these spoofing attacks costs a couple of hundred USD, while the software to simulate realistic GPS satellite radio signals is generally widely available.
For example, a 1KW portable jammer can block a GPS receiver from as far away as 80 kilometers, so there are not many practical challenges in launching these attacks.
According to reports, the interference isn’t limited to Finland but also affects Poland, Lithuania, Latvia, and the broader Baltic region.
Tomi Engdahl says:
https://www.telegraph.co.uk/business/2022/03/11/putins-threat-hold-planes-hostage-leaves-lloyds-london-facing/?utm_content=telegraph&utm_medium=Social&utm_campaign=Echobox&utm_source=Facebook#Echobox=1646983408
Tomi Engdahl says:
Mystery drone from Ukraine war crashes in Croatia
https://www.bbc.com/news/world-europe-60709952
Tomi Engdahl says:
”Jokainen influensseri tekee osansa” – 2020-luvun nelsonismi
Ukrainan somesotaa käyvät viraali presidentti, 31-vuotias ministeri ja tv-käsikirjoittajat – asiantuntija: “Heille täytyy antaa tunnustusta taidoistaan”
Koko Ukrainan kansa on valjastanut sosiaalisen median aseekseen. Tämä ei ole sattumaa. Suomi voisi ottaa Ukrainasta oppia, sanoo asiantuntija.
https://yle.fi/uutiset/3-12353824?utm_source=facebook&utm_campaign=yleuutiset&utm_medium=social
Tomi Engdahl says:
https://www.mtvuutiset.fi/artikkeli/mtk-n-puheenjohtaja-elinkeinoministerin-ennakoima-ruuan-hintojen-raju-nousu-vaistamatta-edessa/8377236?utm_medium=referral&utm_source=upday#gs.svmkyh
Tomi Engdahl says:
Venäjän armeija kehitti useita keinoja käydä elektronista sotaa, ja GPS-häirintä on vain yksi niistä – testattu kentällä Ukrainassa ja Syyriassa https://www.is.fi/ulkomaat/art-2000005898610.html
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/russia-creates-its-own-tls-certificate-authority-to-bypass-sanctions/
Tomi Engdahl says:
People around the world are using a new website to circumvent the Kremlin’s propaganda machine by sending individual messages about the war in Ukraine to random people in Russia.
Using a New Cyber Tool, Westerners Have Been Texting Russians About the War in Ukraine
Website developed by hackers is new initiative in West’s battle to counter Russia’s propaganda campaign
By Bojan Pancevski
March 12, 2022 11:00 am ET
SHARE
TEXT
People around the world are using a new website to circumvent the Kremlin’s propaganda machine by sending individual messages about the war in Ukraine to random people in Russia.
The website was developed by a group of Polish programmers who obtained some 20 million cellphone numbers and close to 140 million email addresses owned by Russian individuals and companies. The site randomly generates numbers and addresses from those databases and allows anyone anywhere in the world to message them, with the option of using a pre-drafted message in Russian that calls on people to bypass President Vladimir Putin’s censorship of the media.
https://www.wsj.com/articles/using-a-new-cyber-tool-westerners-have-been-texting-russians-about-the-war-in-ukraine-11647100803?mod=e2fb
Tomi Engdahl says:
Ukraine: Spam website set up to reach millions of Russians
https://www.bbc.com/news/technology-60697261
A Norwegian computer expert has created a website enabling anyone to send an email about the war in Ukraine to up to 150 Russian email addresses at a time, so that Russian people have a chance to hear the truth their government is hiding.
Millions of messages are being received with the same intriguing subject Ya vam ne vrag – I am not your enemy.
The message appears in Russian with an English translation and it begins: “Dear friend, I am writing to you to express my concern for the secure future of our children on this planet. Most of the world has condemned Putin’s invasion of Ukraine.”
Elsewhere hacker groups claim to have defaced Russian news websites with messages to Russian people to “stop Putin”.
But the spam email campaign created by a small team in Norway seems to have caught the imagination of thousands of people searching for ways to help Russians learn about the war.
“During the Second World War, and in earlier wars, people flew over Germany with leaflets and dropped them out. This is just a more modern way of trying to get people to open their eyes,” says Fabian, who came up with the idea.
His website is circumventing Russian censorship through a mix of clever computing and people power. The system allows people to send his templated message to dozens of Russian email addresses at once, and he estimates that tens of thousands of volunteers have done this since the website went live.
There are two reasons, says Fabian, for using people’s personal email accounts: the emails get through email spam filters if they are sent from real accounts, and in small numbers.
Tomi Engdahl says:
“Just in case the brass are watching. Even if this is a bona fide proxy war, don’t let your desire to ‘do stuff’ turn into an unintentionally escalatory tit for tat.”
PREVENTING CYBER ESCALATION IN UKRAINE AND AFTER
https://warontherocks.com/2022/03/preventing-cyber-escalation-in-ukraine-and-after/
With the world worried about the risk of nuclear escalation between Russia and the West, now might also be a good time to worry about the risk of cyber conflict escalating to war as well.
In recent years, a number of scholars and practitioners have argued that cyber conflict should be seen as an intelligence battle or pressure-release valve rather than something that could escalate into actual conflict or war. Indeed, to date, no state has responded to a rival’s cyber attack with a kinetic reprisal. But that does not mean it will not happen now. As geopolitical circumstances change, the escalatory potential of cyber capabilities is likely to change as well.
Moscow, for example, might respond to Western sanctions with intensified cyber attacks. Or Western leaders, recognizing that no-fly zones are too risky, might approve cyber interventions to prevent civilian massacres instead. In either case, they could well assume this escalation would not meet with a direct military response. And in either case, they could be wrong.
Tomi Engdahl says:
“As a result of the Russian invasion of Ukraine we have temporarily made allowances for forms of political expression that would normally violate our rules like violent speech such as ‘death to the Russian invaders.’.. ” a Meta spokesperson said.
Russia is Banning Instagram on March 14
https://petapixel.com/2022/03/11/russia-is-banning-instagram-on-march-14/
Tomi Engdahl says:
Lawmakers in at least a dozen states are pressuring their pension funds to divest from Russian-related investments. Divestment isn’t likely to have much impact on the funds themselves, but collectively, it sends a message.
https://trib.al/IO9uU9X
Tomi Engdahl says:
Don’t take Russia back to 1917, Russian metals king Potanin warns
https://lm.facebook.com/l.php?u=https%3A%2F%2Fwww.reuters.com%2Fbusiness%2Fdont-take-russia-back-1917-russias-metals-king-warns-2022-03-11%2F%3Futm_campaign%3DtrueAnthem%253A%2BTrending%2BContent%26utm_medium%3DtrueAnthem%26utm_source%3Dfacebook&h=AT3UAzjAVEHEHxSaHaOqVmnmdcmPkbYbPcb06UNCSG4KK-GHJ_gRohhtS7FtKFUO6xXc0WyZ5_DuC6PC0BNuY-_kbDY6i4Q1vPnLWYP0mLGL0JQPvxGpd5DCPZvyCd4B3w
Tomi Engdahl says:
Novel RURansom wiper targets Russia, motives revealed in the code
https://cybernews.com/cyber-war/novel-ruransom-wiper-targets-russia-motives-revealed-in-the-code/?utm_source=facebook&utm_medium=social&utm_campaign=cybernews&utm_content=post
Initially suspected to be a strain of ransomware, the RURansom malware appears to be a wiper targeting Russia over Moscow’s war against Ukraine.
Researchers at Trend Micro claim that the novel RURansom malware is not what it seems. First thought to be a new strain of ransomware, as the name implies, the authors of the bug seem to have motives beyond financial gain.
According to security researchers, no active targets have been seen so far. However, that can be due to the wiper targeting specific entities in Russia.
ransom note contains a message.
“On February 24, President Vladimir Putin declared war on Ukraine. To counter this, I, the creator of RU_Ransom, created this malware to harm Russia. You bought this for yourself, Mr. President. There is no way to decrypt your files. No payment, only damage,” reads the note in Russian.
Trend Micro claims that the malware was written in the .NET programming language. The worm spreads by copying itself under the file name in Russian “Russia-Ukraine war update.”
The file copies itself to all removable disks and mapped network shares, trying to reach maximum impact.
Once the deployment is complete, the malware encrypts the files. No files are spared the encryption. While .bak files are not encrypted, the malware proceeds to delete them.
The encryption algorithm assigns a random encryption key to each file. Since the keys are not stored anywhere, there’s no way to decrypt the files, making the malware a wiper and not ransomware.
According to researchers, some versions of the malware first check if the user’s IP address is in Russia.
“In cases where the software is launched outside of Russia, these versions will stop execution, showing a conscious effort to target only Russian-based computers,” claim authors of the report.
Wiper warfare
It is not the first time a wiper malware was deployed in this conflict. Security researchers observed a disk-wiping malware deployed in Ukraine shortly before Russian forces invaded.
The wiper contains driver files that eventually damage the Master Boot Record (MBR) of the infected computer, rendering it inoperable.
According to Crowdstrike, the attackers misused legitimate EaseUS Partition Master drivers to gain raw disk access and manipulate the disk to make the system inoperable.
The wiper was dubbed HermeticWiper since the malware’s certificate was issued to Hermetica Digital Ltd., a legitimate Cyprus-based company. Other researchers named the novel malware ‘DriveSlayer.’
On the night of February 24, Russian forces invaded Ukraine. In light of the attack, the hacker community started rallying to help Ukrainians.
With Anonymous being the most prominent one, numerous hacker groups and researchers partake in various campaigns to help Ukraine.
Cyber activists targeted Russian state-controlled media outlets TASS, Kommersant, Izvestia, Fontanka, and RBC, pushing them offline.
An unknown group has set up a website tool that allows people to participate in distributed denial of service (DDoS) attacks against Russian websites that it claims are spreading disinformation.
Others created an ‘anti-war hotline’
Numerous IT-related services got blocked or left the Russian market after the invasion.
According to the United Nations, over 2 million people have fled Ukraine to neighboring counties