Ukraine and Russia seems to be at the moments on both traditional and cyber war. We could call that hybrid warfare. We are at a cyber war. Countless examples exist of damage to infrastructure from hostile acts via computer attacks. Russia’s invasion of Ukraine has been a hybrid war from the start, a mix of conventional military strategy — traditional “boots on the ground” — and a slightly more unconventional, digital or cyberwar. On the morning of February 22, 2022, the world woke to the news that Russia had moved troops into two separatist regions of eastern Ukraine. Russia started to conduct attacks to Ukraine on February 24. Before physical attacks Russia did several cyber attacks towards IT systems in Ukraine.
Here are links to some material on the cyber side of this war:
How the Eastern Europe Conflict Has Polarized Cyberspace
https://blog.checkpoint.com/2022/02/27/how-the-eastern-europe-conflict-polarized-cyberspace/
The war between Russia and Ukraine is advancing. People everywhere are deciding who they will support. The same dynamic happens in the cyberspace. Hacktivists, cybercriminals, white hat researchers or even technology companies are picking a clear side, emboldened to act on behalf of their choices. Historically, Russia has had superiority over Ukraine in the cyberspace. And last week, Ukraine was attacked by destructive wiping malware. However, the situation is starting to change, as most of the non-nation cyber state actors are taking the side of Ukraine. To defend itself, the Ukrainian government has created an international IT army of hacktivists.
As war escalates in Europe, it’s ‘shields up’ for the cybersecurity industry
https://techcrunch.com/2022/03/02/as-war-escalates-in-europe-its-shields-up-for-the-cybersecurity-industry/
In unprecedented times, even government bureaucracy moves quickly. As a result of the heightened likelihood of cyberthreat from Russian malactor groups, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) — part of the Department of Homeland Security — issued an unprecedented warning recommending that “all organizations — regardless of size — adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.”
Digital technology and the war in Ukraine
https://blogs.microsoft.com/on-the-issues/2022/02/28/ukraine-russia-digital-war-cyberattacks/
All of us who work at Microsoft are following closely the tragic, unlawful and unjustified invasion of Ukraine. This has become both a kinetic and digital war, with horrifying images from across Ukraine as well as less visible cyberattacks on computer networks and internet-based disinformation campaigns. We are fielding a growing number of inquiries about these aspects and our work, and therefore we are putting in one place a short summary about them in this blog. This includes four areas: protecting Ukraine from cyberattacks; protection from state-sponsored disinformation campaigns; support for humanitarian assistance; and the protection of our employees.. Also:
https://threatpost.com/microsoft-ukraine-foxblade-trojan-hours-before-russian-invasion/178702/
Ukraine: Cyberwar creates chaos, ‘it won’t win the war’
https://www.dw.com/en/ukraine-cyberwar-creates-chaos-it-wont-win-the-war/a-60999197
There have been at least 150 cyberattacks in Ukraine since Russia’s invasion. Their effect is mainly psychological, and experts say they won’t decide the war.
Russia’s invasion of Ukraine has been a hybrid war from the start, a mix of conventional military strategy — traditional “boots on the ground” — and a slightly more unconventional, digital or cyberwar.
The global technology company Microsoft has said its Threat Intelligence Center (MSTIC) detected “destructive cyberattacks directed against Ukraine’s digital infrastructure” hours before the first launch of missiles or movement of tanks on February 24.
Those attacks, which Microsoft dubbed FoxBlade, included so-called wipers — malicious software or malware — that make their way inside computer networks and literally wipe the data from all connected devices.
Cybersecurity experts in Germany have said there have been over a hundred cyberattacks, in various forms, since then. But their effect has mainly been psychological.
Why Russia Hasn’t Launched Major Cyber Attacks Since the Invasion of Ukraine
https://time.com/6153902/russia-major-cyber-attacks-invasion-ukraine/
In the relatively short and rapidly evolving history of cyber conflict, perhaps nothing has been established with greater certainty and more widely accepted than the idea that Russia has significant cyber capabilities and isn’t afraid to use them—especially on Ukraine. In 2015, Russian government hackers breached the Ukrainian power grid, leading to widespread outages. In 2017, Russia deployed the notorious NotPetya malware via Ukrainian accounting software and the virus quickly spread across the globe costing businesses billions of dollars in damage and disruption.
As tensions escalated between Russia and Ukraine, many people were expecting the conflict to have significant cyber components.
But as the invasion continues with few signs of any sophisticated cyber conflict, it seems less and less likely that Russia has significant cyber capabilities in reserve, ready to deploy if needed. Instead, it begins to look like Russia’s much vaunted cyber capabilities have been neglected in recent years, in favor of developing less expensive, less effective cyber weapons that cause less widespread damage and are considerably easier to contain and defend against. For instance, many of the cyberattacks directed at Ukraine in the past month have been relatively basic distributed denial-of-service attacks.
Given Russia’s past willingness to deploy cyberattacks with far-reaching, devastating consequences, it would be a mistake to count out their cyber capabilities just because they have so far proven unimpressive. And it’s all but impossible to prove the absence of cyber weapons in a nation’s arsenal. But the longer the conflict goes on without any signs of sophisticated cyber sabotage, the more plausible it becomes that the once formidable Russian hackers are no longer playing a central role in the country’s military operations.
Crowd-sourced attacks present new risk of crisis escalation
https://blog.talosintelligence.com/2022/03/ukraine-update.html
An unpredictable and largely unknown set of actors present a threat to organizations, despite their sometimes unsophisticated techniques.
Customers who are typically focused on top-tier, state-sponsored attacks should remain aware of these highly motivated threat actors, as well. Misattribution of these actors carries the risk of nations escalating an already dangerous conflict in Ukraine. Based on data from our fellow researchers at Cisco Kenna, customers should be most concerned about threat actors exploiting several recently disclosed vulnerabilities, highlighting the importance of consistently updating software and related systems.
Russia, Ukraine and the Danger of a Global Cyberwar
https://www.securityweek.com/russia-ukraine-and-danger-global-cyberwar
On the morning of February 22, 2022, the world woke to the news that Russia had moved troops into two separatist regions of eastern Ukraine. At the time of writing, it is not yet a full invasion of Ukraine, but Russia did conduct attacks on February 24, hitting cities with airstrikes and artillery in what was called a “special military operation” by Russian President Vladamir Putin.
Russia has been waging its own cyberwar against Ukraine for many years.
Since the beginning of 2022, however, it seems that Russian cyber activity against Ukraine has increased. This includes evidence that wiper malware has again disrupted some Ukrainian government networks, and attacks from the FSB-linked Gamaredon have targeted around 5,000 entities, including critical infrastructure and government departments. So far, however, there has not been the same scale of disruption as occurred in 2015, 2016 and 2017.
The purpose of such cyber activity is to weaken critical infrastructure, damage government’s ability to respond to any aggression, and to demoralize the population.
The U.S. has been warning the rest of the world against a potential widening scope of Russian cyber activity, and that cyber defenses generally should be tightened.
“Part of the worry,” said Willett, “is that cyberattacks against Ukraine might bleed over, like NotPetya, to affect other countries and cause wider damage unintentionally. There is some concern that the Russians may intentionally do stuff more widely, but that would probably be in retaliation for something that the U.S. or NATO might do.
This raises the whole question of ‘attribution’. The received belief is it is impossible to do accurate cyber attribution. ““It would be a mistake for any one nation to think it could attack another without being known,” said Willett.That is absolutely wrong,” said Willett.
But accidents happen. The two iconic cyberweapons have been Stuxnet and NotPetya. It is assumed that the U.S. developed Stuxnet (although this has never been admitted). NotPetya has been confidently attributed to the Russian government. Both malwares escaped from their assumed targets into the wider world. This was probably accidental – but similar accidents could lead to wider implications during a period of global geopolitical tension.
On the morning of February 24, 2022, Russian troops invaded Ukraine. This was accompanied by a further increase in cyber activity.
Ukraine Digital Army Brews Cyberattacks, Intel and Infowar
https://www.securityweek.com/ukraine-digital-army-brews-cyberattacks-intel-and-infowar
Formed in a fury to counter Russia’s blitzkrieg attack, Ukraine’s hundreds-strong volunteer “hacker” corps is much more than a paramilitary cyberattack force in Europe’s first major war of the internet age. It is crucial to information combat and to crowdsourcing intelligence.
Inventions of the volunteer hackers range from software tools that let smartphone and computer owners anywhere participate in distributed denial-of-service attacks on official Russian websites to bots on the Telegram messaging platform that block disinformation, let people report Russian troop locations and offer instructions on assembling Molotov cocktails and basic first aid.
The movement is global, drawing on IT professionals in the Ukrainian diaspora whose handiwork includes web defacements with antiwar messaging and graphic images of death and destruction in the hopes of mobilizing Russians against the invasion.
The cyber volunteers’ effectiveness is difficult to gauge. Russian government websites have been repeatedly knocked offline, if briefly, by the DDoS attacks, but generally weather them with countermeasures.
It’s impossible to say how much of the disruption — including more damaging hacks — is caused by freelancers working independently of but in solidarity with Ukrainian hackers.
A tool called “Liberator” lets anyone in the world with a digital device become part of a DDoS attack network, or botnet. The tool’s programmers code in new targets as priorities change.
Ukraine Cyber Official: We Only Attack Military Targets
https://www.securityweek.com/ukraine-cyber-official-we-only-attack-military-targets
A top Ukrainian cybersecurity official said Friday a volunteer army of hundreds of hackers enlisted to fight Russia in cyberspace is attacking only what it deems military targets, prioritizing government services including the financial sector, Kremlin-controlled media and railways.
Victor Zhora, deputy chair of the state special communications service, also said that there had been about 10 hostile hijackings of local government websites in Ukraine to spread false text propaganda saying his government had capitulated. He said most of Ukraine’s telecommunications and internet were fully operational.
Zhora told reporters in a teleconference that presumed Russian hackers continued to try to spread destructive malware in targeted email attacks on Ukrainian officials and — in what he considers a new tactic — trying to infect the devices of individual citizens.
Army of Cyber Hackers Rise Up to Back Ukraine
https://www.securityweek.com/army-cyber-hackers-rise-back-ukraine
An army of volunteer hackers is rising up in cyberspace to defend Ukraine, though internet specialists are calling on geeks and other “hacktivists” to stay out of a potentially very dangerous computer war.
According to Livia Tibirna, an analyst at cyber security firm Sekoia, nearly 260,000 people have joined the “IT Army” of volunteer hackers, which was set up at the initiative of Ukraine’s digital minister Mykhailo Fedorov.
The group, which can be accessed via the encrypted messaging service Telegram, has a list of potential targets in Russia, companies and institutions, for the hackers to target.
It’s difficult to judge the effect the cyber-army is having.
Russia Releases List of IPs, Domains Attacking Its Infrastructure with DDoS Attacks
https://thehackernews.com/2022/03/russia-releases-list-of-ips-domains.html
Russia Blocks Access to Facebook Over War
https://www.securityweek.com/russia-blocks-access-facebook-over-war
Russia’s state communications watchdog has ordered to completely block access to Facebook in Russia amid the tensions over the war in Ukraine.
The agency, Roskomnadzor, said Friday it decided to cut access to Facebook over its alleged “discrimination” of the Russian media and state information resources. It said the restrictions introduced by Facebook owner Meta on the RT and other state-controlled media violate the Russian law.
Cyberattack Knocks Thousands Offline in Europe
https://www.securityweek.com/cyberattack-knocks-thousands-offline-europe
Thousands of internet users across Europe have been thrown offline after what sources said Friday was a likely cyberattack at the beginning of Russia’s offensive in Ukraine.
According to Orange, “nearly 9,000 subscribers” of a satellite internet service provided by its subsidiary Nordnet in France are without internet following a “cyber event” on February 24 at Viasat, a US satellite operator of which it is a client.
Eutelsat, the parent company of the bigblu satellite internet service, also confirmed to AFP on Friday that around one-third of bigblu’s 40,000 subscribers in Europe, in Germany, France, Hungary, Greece, Italy and Poland, were affected by the outage on Viasat.
In the US, Viasat said on Wednesday that a “cyber event” had caused a “partial network outage” for customers “in Ukraine and elsewhere” in Europe who rely on its KA-SAT satellite.
Viasat gave no further details, saying only that “police and state partners” had been notified and were “assisting” with investigations.
General Michel Friedling, head of France’s Space Command said there had been a cyberattack.
Cybercriminals Seek to Profit From Russia-Ukraine Conflict
https://www.securityweek.com/cybercriminals-seek-profit-russia-ukraine-conflict
Dark web threat actors are looking to take advantage of the tensions between Russia and Ukraine, offering network access and databases that could be relevant to those involved in the conflict, according to a new report from Accenture.
Since mid-January, cybercriminals have started to advertise compromised assets relevant to the Russia-Ukraine conflict, and they are expected to increase their offering of databases and network access, with potentially crippling effects for the targeted organizations.
Just over a month ago, soon after the destructive WhisperGate attacks on multiple government, IT, and non-profit organizations in Ukraine, threat actors started to advertise on the dark web access to both breached networks and databases that allegedly contained personally identifiable information (PII).
Amid Russian invasion, Ukraine granted formal role with NATO cyber hub https://therecord.media/amid-russian-invasion-ukraine-granted-formal-role-with-nato-cyber-hub/
Ukraine was granted the formal role of “contributing participant” to the hub, known as the Cooperative Cyber Defence Centre of Excellence (CCDCOE), by its 27-member steering committee, the organization announced. “Ukraine’s presence in the Centre will enhance the exchange of cyber expertise, between Ukraine and CCDCOE member nations, ” Col.
Jaak Tarien, the institution’s director, said in a statement.
This Ukrainian cyber firm is offering hackers bounties for taking down Russian sites https://therecord.media/this-ukrainian-cyber-firm-is-offering-hackers-bounties-for-taking-down-russian-sites/
In the days following Russia’s invasion of Ukraine, dozens of hacking groups have taken sides in the conflict, launching attacks on various organizations and government institutions. Cyber Unit Technologies, a Kyiv-based cybersecurity startup, has been particularly outspoken on Tuesday, the company started a campaign to reward hackers for taking down Russian websites and pledged an initial $100, 000 to the program.
High Above Ukraine, Satellites Get Embroiled in the War
https://www.wired.com/story/ukraine-russia-satellites/
While the Russian invasion rages on the ground, companies that operate data-collecting satellites find themselves in an awkward position.
Some researchers are worried that the reliance on satellite imagery has given too much power to the companies that control this technology. “There’s companies like Maxar and Planet that are privately owned and they have the final say on whether or not they want to share the information, ” says Anuradha Damale. The role of private companies in conflicts such as Ukraine means commercial satellites could become targets. In the days before Russia invaded, US space officials warned satellite companies that the conflict could extend into space.
CISA Releases Advisory on Destructive Malware Targeting Organizations in Ukraine https://www.cisa.gov/uscert/ncas/current-activity/2022/02/26/cisa-releases-advisory-destructive-malware-targeting-organizations
CISA and the Federal Bureau of Investigation have released an advisory on destructive malware targeting organizations in Ukraine. The advisory also provides recommendations and strategies to prepare for and respond to destructive malware. Additionally, CISA has created a new Shields Up Technical Guidance webpage that details other malicious cyber activity affecting Ukraine. The webpage includes technical resources from partners to assist organizations against these threats.
Alert: https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
US firms should be wary of destructive malware unleashed on Ukraine, FBI and CISA warn – CNNPolitics
https://www.cnn.com/2022/02/26/politics/ukraine-malware-warning-cybersecurity-fbi-cisa/index.html
EU Activates Cyber Rapid Response Team Amid Ukraine Crisis
https://www.bankinfosecurity.com/eu-activates-cyber-rapid-response-team-amid-ukraine-crisis-a-18584
Amid rapid escalation in the Russia-Ukraine conflict derived from historical grievances and qualms with Ukraine’s plan to join the military alliance NATO, the world’s network defenders remain on high alert. And on Tuesday, the European Union confirmed that it will activate its elite cybersecurity team to assist Ukrainians if Russian cyberattacks occur.
UK alludes to retaliatory cyber-attacks on Russia
https://therecord.media/uk-alludes-to-retaliatory-cyber-attacks-on-russia/
The UK government alluded yesterday that it might launch offensive cyber operations against Russia if the Kremlin attacks UK computer systems after an invasion of Ukraine.
Amazon: Charities, aid orgs in Ukraine attacked with malware
https://www.bleepingcomputer.com/news/security/amazon-charities-aid-orgs-in-ukraine-attacked-with-malware/
Charities and non-governmental organizations (NGOs) providing critical support in Ukraine are targeted in malware attacks aiming to disrupt their operations and relief efforts seeking to assist those affected by Russia’s war. Amazon has detected these attacks while working with the employees of NGOs, charities, and aid organizations, including UNICEF, UNHCR, World Food Program, Red Cross, Polska Akcja Humanitarna, and Save the Children.
Ransomware Used as Decoy in Destructive Cyberattacks on Ukraine
https://www.securityweek.com/ransomware-used-decoy-destructive-cyberattacks-ukraine
Destructive ‘HermeticWiper’ Malware Targets Computers in Ukraine
https://www.securityweek.com/destructive-hermeticwiper-malware-targets-computers-ukraine
Just as Russia was preparing to launch an invasion of Ukraine, Ukrainian government websites were disrupted by DDoS attacks and cybersecurity firms reported seeing what appeared to be a new piece of malware on hundreds of devices in the country.
The new malware, dubbed “HermeticWiper” by the cybersecurity community, is designed to erase infected Windows devices. The name references a digital certificate used to sign a malware sample — the certificate was issued to a Cyprus-based company called Hermetica Digital.
“At this time, we haven’t seen any legitimate files signed with this certificate. It’s possible that the attackers used a shell company or appropriated a defunct company to issue this digital certificate,” explained endpoint security firm SentinelOne, whose researchers have been analyzing the new malware.
The malware has also been analyzed by researchers at ESET and Symantec. Each of the companies has shared indicators of compromise (IoCs) associated with HermeticWiper.
ESET first spotted HermeticWiper on Wednesday afternoon (Ukraine time) and the company said hundreds of computers in Ukraine had been compromised.
HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine https://www.sentinelone.com/labs/hermetic-wiper-ukraine-under-attack/
On February 23rd, the threat intelligence community began observing a new wiper malware sample circulating in Ukrainian organizations. Our analysis shows a signed driver is being used to deploy a wiper that targets Windows devices, manipulating the MBR resulting in subsequent boot failure. This blog includes the technical details of the wiper, dubbed HermeticWiper, and includes IOCs to allow organizations to stay protected from this attack. This sample is actively being used against Ukrainian organizations, and this blog will be updated as more information becomes available. Also:
https://www.welivesecurity.com/2022/02/24/hermeticwiper-new-data-wiping-malware-hits-ukraine/
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ukraine-wiper-malware-russia
https://www.bleepingcomputer.com/news/security/new-data-wiping-malware-used-in-destructive-attacks-on-ukraine/
HermeticWiper: A detailed analysis of the destructive malware that targeted Ukraine https://blog.malwarebytes.com/threat-intelligence/2022/03/hermeticwiper-a-detailed-analysis-of-the-destructive-malware-that-targeted-ukraine/
The day before the invasion of Ukraine by Russian forces on February 24, a new data wiper was unleashed against a number of Ukrainian entities. This malware was given the name “HermeticWiper” based on a stolen digital certificate from a company called Hermetica Digital Ltd. This wiper is remarkable for its ability to bypass Windows security features and gain write access to many low-level data-structures on the disk. In addition, the attackers wanted to fragment files on disk and overwrite them to make recovery almost impossible.
In Ukraine, Online Gig Workers Keep Coding Through the War
https://www.wired.com/story/gig-work-in-ukraine/
Freelancers or gig workers who piece together work on online platforms are a hidden engine of the Ukrainian economyand the world’s. They work as software engineers, project managers, IT technicians, graphic designers, editors, and copywriters. And they work for everyone.
Invading Russian forces have plunged freelancers’ home offices into chaos and uncertainty. Vlad, a video editor in southern Ukraine, says he’s grown accustomed to the air alarm signal, and hiding until it has passed. Now there are battles 30 miles from his home. “But as long as there is water, electricity, and internet, I can work, ” he says.
“Because we all need to live for something, eat
Leaving Russia? Experts Say Wipe Your Phone Before You Go
https://www.forbes.com/sites/thomasbrewster/2022/03/04/russians-escaping-putins-repression-urged-to-wipe-their-phones/
Russians fleeing President Vladimir Putin’s regime as it cracks down on anti-war sentimentand rumors of martial law grow louderare being advised to wipe their phones, especially of any traces of support for Ukraine. If they don’t, experts say they may face detention. They’re starting by deleting messages on Signal, Telegram or any app that promises security. For those leaving the country, they’re deleting the apps themselves, and urging others to do the same. Russian media has first-hand accounts of lengthy interrogations at the border, along with phone and laptop searches, though Forbes could not corroborate those claims.
Why ICANN Won’t Revoke Russian Internet Domains
The organization says cutting the country off would have “devastating” effects on the global internet system.
https://www.wired.com/story/why-icann-wont-revoke-russian-internet-domains/#intcid=_wired-bottom-recirc_8e802014-a05f-48c5-89e8-9dad931361ad_text2vec1-reranked-by-vidi
Ukraine on Monday asked ICANN to revoke Russian top-level domains such as .ru, .рф, and .su; to “contribute to the revoking for SSL certificates” of those domains; and to shut down DNS root servers in Russia. Fedorov argued that the requested “measures will help users seek for reliable information in alternative domain zones, preventing propaganda and disinformation.”
Ukraine’s request to cut Russia off from core parts of the internet has been rejected by the nonprofit group that oversees the Internet’s Domain Name System (DNS). CEO Göran Marby of the Internet Corporation for Assigned Names and Numbers (ICANN) said the group must “maintain neutrality and act in support of the global internet.”
“Our mission does not extend to taking punitive actions, issuing sanctions, or restricting access against segments of the internet—regardless of the provocations,” Marby wrote in his response to Ukraine Vice Prime Minister Mykhailo Fedorov.
https://www.icann.org/en/system/files/correspondence/marby-to-fedorov-02mar22-en.pdf
TikTok Was Designed for War
As Russia’s invasion of Ukraine plays out online, the platform’s design and algorithm prove ideal for the messiness of war—but a nightmare for the truth.
https://www.wired.com/story/ukraine-russia-war-tiktok/#intcid=_wired-bottom-recirc_8e802014-a05f-48c5-89e8-9dad931361ad_text2vec1-reranked-by-vidi
2,362 Comments
Tomi Engdahl says:
https://www.reuters.com/technology/exclusive-ukraine-has-started-using-clearview-ais-facial-recognition-during-war-2022-03-13/?utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&utm_source=facebook
Tomi Engdahl says:
Venäjän tv-uutisten suoraan lähetykseen ilmestyi yhtäkkiä nainen kyltin kanssa: ”Täällä teille valehdellaan” https://www.is.fi/ulkomaat/art-2000008681973.html
Tomi Engdahl says:
Sauli Niinistö avasi CNN:lle keskusteluaan Vladimir Putinin kanssa – puhelu päättyi ennen kokemattomalla tavalla https://www.is.fi/ulkomaat/art-2000008682043.html
Tomi Engdahl says:
Asiantuntija arvioi: Näin Venäjän hybridivaikuttaminen lisääntyy Suomessa lähikuukausina https://www.is.fi/digitoday/art-2000008679842.html
Tomi Engdahl says:
Mozilla Firefox removes Yandex, Mail.ru search over misinformation concerns >
Mozilla Firefox removes Russian search providers over misinformation concerns
https://www.bleepingcomputer.com/news/software/mozilla-firefox-removes-russian-search-providers-over-misinformation-concerns/
Mozilla has removed the Yandex Search, Mail.ru, and OK.ru default search providers from the Firefox browser over reports of state-sponsored content favored in search results.
These sites are three of the most popular websites in Russia, used by over a hundred million users per month.
Since 2014, Mozilla has made Yandex the default search engine in Russia, and the following year made it the default search for users in Turkey.
“Yandex and Mail.ru have been removed as optional search providers in the drop-down search menu in Firefox,” reads the release notes for Firefox 98.0.1.
Tomi Engdahl says:
New CaddyWiper data wiping malware hits Ukrainian networks https://www.bleepingcomputer.com/news/security/new-caddywiper-data-wiping-malware-hits-ukrainian-networks/
Newly discovered data-destroying malware was observed earlier today in attacks targeting Ukrainian organizations and deleting data across systems on compromised networks. “This new malware erases user data and partition information from attached drives, ” ESET Research Labs explained. “ESET telemetry shows that it was seen on a few dozen systems in a limited number of organizations.”. CaddyWiper is the fourth data wiper malware deployed in attacks in Ukraine since the start of 2022, with ESET Research Labs analysts previously discovering two others and Microsoft a third.
Tomi Engdahl says:
Threat Advisory: Opportunistic cyber criminals take advantage of Ukraine invasion https://blog.talosintelligence.com/2022/03/ukraine-invasion-scams-malware.html
Since the beginning of the war in Ukraine, we have observed threat actors using email lures with themes related to the conflict, including humanitarian assistance and various types of fundraising.
This activity has been increasing since the end of February.
Tomi Engdahl says:
Exclusive-Ukraine has started using Clearview AI’s facial recognition during war https://www.msn.com/en-ca/news/world/exclusive-ukraine-has-started-using-clearview-ai-e2-80-99s-facial-recognition-during-war/ar-AAV0JPy
Ukraine’s defense ministry on Saturday began using Clearview AI’s facial recognition technology, the company’s chief executive told Reuters, after the U.S. startup offered to uncover Russian assailants, combat misinformation and identify the dead.
Tomi Engdahl says:
Time for DJI to drone off the world stage…
“According to Shymanskyy, the Aeroscope function allows users to track DJI drone’s movements and the operator’s position and personal information within the range of 6.2 miles, which can be extended to 31 miles with supplementary DJI-made antennae.
However, the Aeroscope function was frequently turned off for Ukrainian operators, “while Russians have the technical capabilities to track Ukrainian DJI drone operators” in the recent conflict, Shymanskyy said. He said that the Russians were able to use DJI technology to kill Ukrainian drone operators, but Ukrainians couldn’t track the Russian operators.”
US Software Company Drops Chinese Drone Maker DJI Over Russia-Ukraine War
https://m.theepochtimes.com/us-software-company-drops-chinese-drone-maker-dji-over-russia-ukraine-war_4337324.html?utm_source=ref_share&utm_campaign=fb&rs=SHRPHZJX&
Figma, a fast-growing U.S. provider of vector graphics editing softwares, closed access to its services for the world’s leading drone maker, China’s DJI, on March 12, according to Chinese state-run media China Fund on March 13.
The financial newspaper operated by the People’s Daily posted an email that it is was sent by Figma to DJI.
“We have learned that DJI is named in U.S. issued sanctions. As a result and in compliance with U.S. laws, Figma can no longer provide you with access to our software,” read the email.
DJI in Russia-Ukraine War
In the past days, use of DJI drones in the Russia-Ukraine war has come into the spotlight.
On March 10, Volodymyr Shymanskyy, co-founder of Blynk IoT Platform, posted on Twitter that according to a Ukrainian forces working group, the Chinese company “limited the capabilities of its ‘Aeroscope’ technology for the Ukrainian army, giving a significant air reconnaissance edge to Russian invaders.”
According to Shymanskyy, the Aeroscope function allows users to track DJI drone’s movements and the operator’s position and personal information within the range of 6.2 miles, which can be extended to 31 miles with supplementary DJI-made antennae.
However, the Aeroscope function was frequently turned off for Ukrainian operators, “while Russians have the technical capabilities to track Ukrainian DJI drone operators” in the recent conflict, Shymanskyy said. He said that the Russians were able to use DJI technology to kill Ukrainian drone operators, but Ukrainians couldn’t track the Russian operators.
Quickly, Adam Lisberg, DJI U.S. communication director, responded to the claims on Twitter confirming that DJI’s Aeroscope function wasn’t working properly in Ukraine recently. But he said the malfunctions “may be connected to prolonged loss of power/internet.”
On March 13, reports emerged about Russia having asked the Chinese regime for military aid, including drones, making the situation more sensitive although the Beijing side has denied the allegations.
Drone Market
Over 80 percent of DJI drones are sold overseas, and DJI makes up over 70 percent of the global consumer drone market, Chinese state-run CCTV reported on March 13.
There are reports about the usage of DJI products for illicit purposes by non-state or anti-American actors, including by ISIS and an attempted assassination of Venezuela’s president.
Tomi Engdahl says:
Kommentti: Urho Kekkosen hankkima Karjalan palautuksen korvike on yksi Ukrainan sodan suomalaisista uhreista https://www.is.fi/politiikka/art-2000008681257.html
Tomi Engdahl says:
Venäjän sotaa suorassa tv-lähetyksessä protestoinut toimittaja on kateissa – “Häpeän, että olen sallinut valheiden kertomisen”
“Älkää pelätkö. He eivät voi pidättää meitä kaikkia”, Venäjän ykköskanavan toimittaja sanoi ennen mielenilmausta nauhoitetulla videolla. Nyt nainen on kadonnut.
https://yle.fi/uutiset/3-12358753
Tomi Engdahl says:
Hackers Target German Branch of Russian Oil Giant Rosneft
https://www.securityweek.com/hackers-target-german-branch-russian-oil-giant-rosneft
The German subsidiary of Russian energy giant Rosneft has been hit by a cyberattack, the Federal Office for Information Security (BSI) said on Monday, with hacker group Anonymous claiming responsibility.
Rosneft Deutschland reported the incident in the early hours of Saturday morning, the BSI said.
Anonymous had published a statement on Friday claiming responsibility for the attack and saying it had captured 20 terabytes of data.
Prosecutors in Berlin have opened an investigation, according to a report in Der Spiegel magazine.
Tomi Engdahl says:
Venäjän uhkaus toteutui: Instagram katosi https://www.iltalehti.fi/digiuutiset/a/271c5c3e-f11c-44fd-95e3-87d8804dc5a8
https://www.washingtonpost.com/world/2022/03/13/russia-instagram-ukraine-war/
Tomi Engdahl says:
Kuka on Venäjän ykköskanavan lähetykseen protestiviestin kanssa rynnännyt Marina Ovsjannikova, ja miten hänelle käy? Asianajajat eivät ole saaneet naiseen yhteyttä
Tv-kanava Pervyi väittää, että suorassa uutislähetyksessä sodanvastaista kylttiä näyttänyt toimittaja Marina Ovsjannikova on ”ulkopuolinen”. Häntä voidaan syyttää Venäjän uuden lain nojalla armeijan julkisesta häpäisemisestä.
https://www.hs.fi/ulkomaat/art-2000008682175.html
Tomi Engdahl says:
Possible Outcomes of the Russo-Ukrainian War and China’s Choice
https://uscnpm.org/2022/03/12/hu-wei-russia-ukraine-war-china-choice/
Tomi Engdahl says:
China’s State Media and Government Officials Are Backing Russia on Ukraine
https://securingdemocracy.gmfus.org/chinas-state-media-and-government-officials-are-backing-russia-on-ukraine-war/
Tomi Engdahl says:
BITCOINERS ARE BUILDING MESH NETWORKS IN UKRAINE
MARTY BENTMAR 11, 2022
As the war in Ukraine continues, the internet is proving to be unreliable. Bitcoiners are addressing that.
https://bitcoinmagazine.com/culture/bitcoiners-building-mesh-networks-in-ukraine
Tomi Engdahl says:
Venäjän sotilasasiamies Slovakiassa jäi kiinni paikallisen toimittajan lahjonnasta ja vakoojien rekrytointiyrityksestä. Slovakia karkotti eilen useita venäläisdiplomaatteja vastatoimena.
https://www.reddit.com/r/UkrainianConflict/comments/tekwho/military_attaché_of_russian_embassy_in_slovakia/?utm_medium=android_app&utm_source=share
https://apnews.com/article/russia-ukraine-slovakia-europe-bratislava-vienna-b3489ff284646b5439ba638264841598
Tomi Engdahl says:
Finnish unis to offer study places to 2,000 Ukrainians who fled Russian invasion
The effort was prompted by a request from the Ministry of Education and Culture.
https://yle.fi/news/3-12351223
Tomi Engdahl says:
Novel RURansom wiper targets Russia, motives revealed in the code
https://cybernews.com/cyber-war/novel-ruransom-wiper-targets-russia-motives-revealed-in-the-code/
Tomi Engdahl says:
Ukraine: Spam website set up to reach millions of Russians
https://www.bbc.com/news/technology-60697261
Tomi Engdahl says:
Ministeri Lintilä Ukrainan sodan vaikutuksista: Ruokakassin hinta voi tuplaantua, jopa viidennes suomalaisten palkasta ruokaan
Elinkeinoministeri Mika Lintilän mukaan suomalaisten tulee varautua siihen, että jatkossa tuotteilla ja palveluilla on sotahinnat.
https://yle.fi/uutiset/3-12355815
Tomi Engdahl says:
https://www.dailystar.co.uk/news/weird-news/magnetic-north-pole-drifting-southwards-26420495
Tomi Engdahl says:
Expert: Powering Ukraine’s Zaporizhzhia Nuclear Plant Is Still a Problem It’s in the same country as Chernobyl, but its difficulties post-Russian invasion recall another cautionary tale
https://spectrum.ieee.org/zaporizhzhia
Tomi Engdahl says:
Venäjän tv:n uutislähetyksessä protestoinut toimittaja palasi julkisuuteen – oikeuskäsittely alkoi Moskovassa https://www.is.fi/ulkomaat/art-2000008684115.html
Tomi Engdahl says:
Fake antivirus updates used to deploy Cobalt Strike in Ukraine
https://www.bleepingcomputer.com/news/security/fake-antivirus-updates-used-to-deploy-cobalt-strike-in-ukraine/
Ukraine’s Computer Emergency Response Team is warning that threat actors are distributing fake Windows antivirus updates that install Cobalt Strike and other malware.
The phishing emails impersonate Ukrainian government agencies offering ways to increase network security and advise recipients to download “critical security updates,” which come in the form of a 60 MB file named “BitdefenderWindowsUpdatePackage.exe.”
Tomi Engdahl says:
‘It’s the right thing to do’: the 300,000 volunteer hackers coming together to fight Russia
https://www.theguardian.com/world/2022/mar/15/volunteer-hackers-fight-russia?CMP=oth_b-aplnews_d-1
Illustration of a computer for a feature on hacking
Ukraine appealed for a global army of IT experts to help in the battle against Putin – and many answered the call. We speak to people on the digital frontline
Tomi Engdahl says:
Russian Prosecutors Warn Western Companies of Arrests, Asset Seizures
McDonald’s, Coke, P&G and IBM among those warned that leaders could be arrested, trademarks seized
https://www.wsj.com/articles/russian-prosecutors-warn-western-companies-of-arrests-asset-seizures-11647206193
Tomi Engdahl says:
Fake antivirus updates used to deploy Cobalt Strike in Ukraine https://www.bleepingcomputer.com/news/security/fake-antivirus-updates-used-to-deploy-cobalt-strike-in-ukraine/
Ukraine’s Computer Emergency Response Team is warning that threat actors are distributing fake Windows antivirus updates that install Cobalt Strike and other malware. The phishing emails impersonate Ukrainian government agencies offering ways to increase network security and advise recipients to download “critical security updates, ” which come in the form of a 60 MB file named “BitdefenderWindowsUpdatePackage.exe.”
Tomi Engdahl says:
Bombs And Hackers Are Battering Ukraine’s Internet Providers. Hidden Heroes’ Risk Their Lives To Keep Their Country Online https://www.forbes.com/sites/thomasbrewster/2022/03/15/internet-technicians-are-the-hidden-heroes-of-the-russia-ukraine-war/
They’re fixing internet in bombed-out buildings, finding rogue operators providing Russians with mobile connections and thwarting hackers. The telecom companies of Ukraine and their employees are being hailed as heroes in the war with Russia.
Tomi Engdahl says:
Russia’s invasion of Ukraine tears open political rift between cybercriminals https://www.theregister.com/2022/03/15/cyberciminals_russia_ukraine/
Cybercriminals are taking sides over Russia’s deadly invasion of Ukraine, putting either the West or Moscow in their sights, according to Accenture. The consultancy giant’s Cyber Threat Intelligence team, which tracks illicit dark-web activity, said in a report [PDF] dated Monday that this is the first time it has witnessed “financially motivated threat actors divided along ideological factions.”. PDF:
https://acn-marketing-blog.accenture.com/wp-content/uploads/2022/03/UPDATED-ACTI-Global-Incident-Report-Ideological-Divide-Blog-14MARCH22.pdf
Tomi Engdahl says:
Saksa varoittaa suositusta virustutkasta — “Vaarassa ovat kaikki käyttäjät”
https://www.is.fi/digitoday/tietoturva/art-2000008683326.html
SAKSAN tietoturvaviranomainen BSI (Bundesamt fr Sicherheit in der
Informationstechnik) varoittaa venäläisen tietoturvayhtiö Kaspersky Labin tuotteista. BSI kehottaa tiedotteessaan korvaamaan Kasperskyt muiden tietoturvayhtiöiden tuotteilla. BSI muistuttaa, että tietoturvatuotteet ja niihin liittyvät pilvipalvelut vaativat järjestelmissä hyvin pitkälle menevät käyttöoikeudet. Lisäksi ne ovat koko ajan yhteydessä Kasperskyn palvelimiin ulkomailla, eikä yhteyden yli liikkuvista tiedoista ole varmuutta. Tällä tavoin tietoturvaohjelmisto voi muodostaa merkittävän uhan koko järjestelmälle, jota sen on määrä suojella. Tiedote:
https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2022/220315_Kaspersky-Warnung.html
Tomi Engdahl says:
Kyberhyökkäyksiin varauduttava Suomi kuuluu Venäjän listaamiin sille vihamielisiin valtioihin [TILAAJILLE]
https://www.tivi.fi/uutiset/tv/827b96ee-bba3-46fb-98ba-071123338ac4
Kyberturvallisuuden työelämäprofessori Jarno Limnéll sanoo, ettei halua pelotella mutta herättelee samalla Suomessa varautumaan vastatoimena sanktioille Venäjän valtion tai sille lojaalien ryhmien mahdollisiin kyberhyökkäyksiin. Limnéllin mielestä Suomen kybervarautumisen on oltava jatkuva prosessi. Osana sitä hän puhuu kyberomavaraisuuden käsitteestä, jota kumppanuudet ja oman kansan digitaidot tukevat.
Tomi Engdahl says:
Suomen finanssisektorin vakavaraisuus antaa puskuria kohdata heikentyneet talousnäkymät – kohonneisiin riskeihin varautuminen on tärkeää
https://www.sttinfo.fi/tiedote/suomen-finanssisektorin-vakavaraisuus-antaa-puskuria-kohdata-heikentyneet-talousnakymat—kohonneisiin-riskeihin-varautuminen-on-tarkeaa?publisherId=69817444&releaseId=69935060
Venäjän hyökkäys Ukrainaan on kasvattanut myös Suomen finanssisektorin riskejä vaikeasti ennakoitavalla tavalla. Vahva vakavaraisuus antaa puskuria kohdata toimintaympäristön heikkeneminen. Toimijoiden on kuitenkin varauduttava kasvaneisiin riskeihin, joita tuovat niin heikkenevät talousnäkymät kuin kasvanut kyberhyökkäysten uhka.
Banks on alert for Russian reprisal cyberattacks on Swift https://arstechnica.com/information-technology/2022/03/banks-on-alert-for-russian-reprisal-cyberattacks-on-swift/
Big banks fear that Swift faces a growing threat of Russian cyberattacks after seven of the country’s lenders were kicked off the global payments messaging system over the weekend.
Tomi Engdahl says:
Venäläiset lähtivät joukolla kiertämään “digitaalista rautaesirippua”
https://www.tivi.fi/uutiset/tv/f21a9a0d-91df-4f95-b645-db3e98ec60d6
Samalla, kun Venäjä käy hyökkäyssotaa Ukrainassa, se yrittää myös pitää oman kansansa pimennossa sodan todellisuudesta. Tämä näkyy vpn-palvelujen ja salattujen viestipalvelujen suosion lisääntymisessä.
Tomi Engdahl says:
CaddyWiper: Another Destructive Wiper Malware Targeting Ukraine
https://www.securityweek.com/caddywiper-another-destructive-wiper-malware-targeting-ukraine
ESET’s security researchers have identified another data wiper targeting Ukrainian organizations, the third destructive malware identified since Russia began its invasion of the country.
Dubbed CaddyWiper, the threat does not show significant code similarities with known malware families, and has been used only against a small number of organizations.
CaddyWiper, ESET explains, erases user data and partition information, but does not destroy the information stored on domain controllers, thus allowing the attackers to maintain access to the compromised networks.
The newly identified malware is being deployed via default domain policy (GPO), which suggests that the attackers had access to the compromised network prior to executing the malware.
According to ESET, only “a few dozen systems in a limited number of organizations” have been infected with CaddyWiper. The malware is not signed and appears to have been compiled the same day it was deployed and executed, the cybersecurity firm says.
CaddyWiper: New wiper malware discovered in Ukraine
This is the third time in as many weeks that ESET researchers have spotted previously unknown data wiping malware taking aim at Ukrainian organizations
https://www.welivesecurity.com/2022/03/15/caddywiper-new-wiper-malware-discovered-ukraine/
Tomi Engdahl says:
Thomas Brewster / Forbes:
A look at Ukraine’s “invisible heroes”, its internet technicians who are risking their lives battling Russian hackers and avoiding bombs to keep Ukraine online
https://www.forbes.com/sites/thomasbrewster/2022/03/15/internet-technicians-are-the-hidden-heroes-of-the-russia-ukraine-war/?sh=2fa01c522884
Tomi Engdahl says:
Sergiu Gatlan / BleepingComputer:
The FBI and CISA warn that Russian state-sponsored hackers accessed an unnamed NGO’s network by exploiting default MFA protocols and the PrintNightmare flaw — The FBI says Russian state-backed hackers gained access to a non-governmental organization (NGO) cloud after enrolling their own device …
FBI warns of MFA flaw used by state hackers for lateral movement
https://www.bleepingcomputer.com/news/security/fbi-warns-of-mfa-flaw-used-by-state-hackers-for-lateral-movement/
The FBI says Russian state-backed hackers gained access to a non-governmental organization (NGO) cloud after enrolling their own device in the organization’s Duo MFA following the exploitation of misconfigured default multifactor authentication (MFA) protocols.
To breach the network, they used credentials compromised in a brute-force password guessing attack to access an un-enrolled and inactive account, not yet disabled in the organization’s Active Directory.
“As Duo’s default configuration settings allow for the re-enrollment of a new device for dormant accounts, the actors were able to enroll a new device for this account, complete the authentication requirements, and obtain access to the victim network,” the federal agencies explained.
Tomi Engdahl says:
YK: Jopa 90 prosenttia ukrainalaisista uhkaa köyhyys
https://alfatvuutiset.fi/yk-jopa-90-prosenttia-ukrainalaisista-uhkaa-koyhyys/?utm_source=rss&utm_medium=rss&utm_campaign=yk-jopa-90-prosenttia-ukrainalaisista-uhkaa-koyhyys
Jopa yhdeksän ukrainalaista kymmenestä saattaa tippua köyhyyteen ja äärimmäiseen taloudelliseen haavoittuvuuteen, jos sota jatkuu ensi vuoteen, YK:n kehitysohjelma (UNDP) arvioi tänään keskiviikkona.
UNDP:n johtaja Achim Steiner sanoi, että UNDP tekee työtä Ukrainan hallituksen kanssa, jotta Ukrainan talouden romahtaminen voidaan estää. Steiner piti sitä huonoimpana taloudellisena tilanteena.
Ninety percent of Ukrainian population could face poverty in protracted war – UNDP
https://www.reuters.com/world/europe/ninety-percent-ukrainian-population-could-face-poverty-protracted-war-undp-2022-03-16/
Nine out of 10 Ukrainians could face poverty and extreme economic vulnerability if the war drags on over the next year, wiping out two decades of economic gains, the U.N. Development Programme (UNDP) said on Wednesday.
Reporting by Stephanie Nebehay; Editing by Frank Jack Daniel
Tomi Engdahl says:
Elon Musk’s Starlink Becomes Most-Downloaded App In Ukraine
https://lm.facebook.com/l.php?u=https%3A%2F%2Ftrib.al%2Fnv6Ixxd&h=AT1O-TwKKc11yHPIO9lfpXlDNpLFpj6lswUcDvXBtb8Ic-JU5XLCr6x09R1qMtnzN18aIczCpz8cTqkm7YatRYn–r080CgZ7jjYqaMNtteS0OvU4Wqac6hkLiM2K2U_bQX2ivLYhHZJOC-eYA
Starlink, the app that enables mobile users to access SpaceX’s satellite internet service of the same name, was the most-downloaded app in Ukraine Monday afternoon after reaching the top spot Sunday, according to data seen by the Wall Street Journal, following SpaceX CEO Elon Musk’s rapid delivery of the terminals that provide the service to the war-torn country last month.
Sensor Tower, a firm that provides App Store and Google Play data, told the Wall Street Journal the app was downloaded 21,000 times globally Sunday across the two stores—the most global installs in a single day, with most of the downloads coming from Ukraine.
The app has been downloaded nearly 100,000 times in Ukraine according to Sensor Tower, with global downloads more than tripling in the last two weeks.
Tomi Engdahl says:
Venäjä voi ajautua maksukyvyttömäksi käytännössä jo tänään https://www.is.fi/taloussanomat/art-2000008685724.html
Tomi Engdahl says:
Näin Venäjä iskee nyt Ukrainan hakkereita vastaan https://www.is.fi/digitoday/tietoturva/art-2000008685752.html
Tomi Engdahl says:
Russia may nationalize or seize the assets of a long list of companies that have stopped operations in the country. Microsoft, Apple, and IBM are among the tech giants that could be affected by the move. Russia has also threatened companies in other industries, including McDonald’s, Coca-Cola, BP, Shell, and Goldman Sachs, according to a report by CNN.
Russia threatens to nationalize Microsoft and other western companies
https://www.windowscentral.com/russia-threatens-seize-assets-or-nationalize-microsoft-and-other-western-companies
Russia may attempt to take drastic measures in response to western companies stopping operations in the country.
What you need to know
Russia threatened to seize assets or nationalize companies that have stopped operations in the country.
Microsoft, Apple, IBM, and McDonald’s are among the companies that could be affected by Russia’s seizure or nationalization plans.
Russian President Vladimir Putin shared support for having “external management” over foreign companies in the country.
The White House press secretary issued a response, stating “any lawless decision by Russia to seize the assets of these companies will ultimately result in even more economic pain for Russia.”
Microsoft stopped new sales in Russia earlier this month and is one of many tech giants to do so. Apple and IBM have stopped operations in Russia as a result of the ongoing war in Ukraine. Non-tech companies, including McDonald’s and IKEA, also halted operations in Russia.
“We need to act decisively with those [companies] who are going to close their production,” said Putin. “It is necessary, then … to introduce external management and then transfer these enterprises to those who want to work.”
Tomi Engdahl says:
Venäjä blokkasi kansalaisjournalistien sivut https://www.is.fi/digitoday/art-2000008686203.html
Tomi Engdahl says:
Lataukset +2088 % – Venäjän nettisensuuri synnytti rajun vastareaktion https://www.is.fi/digitoday/art-2000008682672.html
Tomi Engdahl says:
Russians’ demand for VPNs skyrockets after Meta block
https://www.reuters.com/article/ukraine-crisis-russia-vpn-idCAKCN2LB1UD
- As Russia blocked access to Meta Platforms Inc’s flagship social media platforms, Facebook and Instagram, demand from internet users for tools to skirt the restrictions skyrocketed, data from a monitoring firm showed
Tomi Engdahl says:
Ukraine mobile carriers are working together to keep smartphones online as Russia begins targeting telecoms equipment with both rockets and cyber attacks ……
https://9to5mac.com/2022/03/16/ukraine-mobile-carriers-work-together/
Tomi Engdahl says:
Sofi Oksanen: Venäjä on jo voittanut informaatiosodan
YKSINOIKEUDELLA ILTALEHDESSÄ Suomi ja muut länsimaat eivät tunnista Putinin Venäjän todellisia aikeita, kirjoittaa kirjailija Sofi Oksanen. Iltalehti julkaisee Oksasen vaikuttavan kirjoituksen yksinoikeudella.
https://www.iltalehti.fi/ulkomaat/a/2014061518409427
Tomi Engdahl says:
Anonymous declared a ‘cyber war’ against Russia. Here are the results
https://www.cnbc.com/2022/03/16/what-has-anonymous-done-to-russia-here-are-the-results-.html
More than three weeks ago, a popular Twitter account named “Anonymous” declared that the shadowy activist group was waging a “cyber war” against Russia.
Since then, the account has claimed responsibility for disabling prominent Russian government, news and corporate websites and leaking data from entities such as Roskomnadzor, the federal agency responsible for censoring Russian media.
the account — which has more than 7.9 million followers, with some 500,000 gained since Russia’s invasion of Ukraine — has claimed responsibility for disabling prominent Russian government, news and corporate websites and leaking data from entities such as Roskomnadzor, the federal agency responsible for censoring Russian media.
But is any of that true?
It appears it is, says Jeremiah Fowler, a co-founder of the cybersecurity company Security Discovery,
“Anonymous has proven to be a very capable group that has penetrated some high value targets, records and databases in the Russian Federation,” he wrote in a report summarizing the findings.
Hacked databases
Of 100 Russian databases that were analyzed, 92 had been compromised, said Fowler.
They belonged to retailers, Russian internet providers and intergovernmental websites, including the Commonwealth of Independent States, or CIS
Many CIS files were erased, hundreds of folders were renamed to “putin_stop_this_war” and email addresses and administrative credentials were exposed, said Fowler, who likened it to 2020′s malicious “MeowBot” attacks, which “had no purpose except for a malicious script that wiped out data and renamed all the files.”
“We know for a fact that hackers found and probably accessed these systems,” said Fowler. “We do not know if data was downloaded or what the hackers plan to do with this information.”
Other databases contained security information, internal passwords and a “very large number” of secret keys, which unlock encrypted data, said Fowler.
Hacked TV broadcasts and websites
The Twitter account, named @YourAnonNews, has also claimed to have hacked into Russian state TV stations.
“I would mark that as true if I were a factchecker,” said Fowler. “My partner at Security Discovery, Bob Diachenko, actually captured a state news live feed from a website and filmed the screen, so we were able to validate that they had hacked at least one live feed [with] a pro-Ukrainian message in Russian.”
The account has also claimed to have disrupted websites of major Russian organizations and media agencies, such as the energy company Gazprom and state-sponsored news agency RT.
“Many of these agencies have admitted that they were attacked,” said Fowler.
they are also reportedly being targeted by other groups as well, including some 310,000 digital volunteers who have signed up for the “IT Army of Ukraine” Telegram account.
False claims by other groups
Fowler said he didn’t find any instances where Anonymous had overstated its claims.
But that is happening with other hacktivist groups, said Lotem Finkelstein
Groups are making fake claims by posting old or publicly available information to gain popularity or glory
A cyber ‘Robin Hood’
Hacktivists who conduct offensive cyber warfare-like activities without government authority are engaging in criminal acts, said Paul de Souza, the founder of the non-profit Cyber Security Forum Initiative.
Despite this, many social media users are cheering Anonymous’ efforts on
“They’re almost like a cyber Robin Hood, when it comes to causes that people really care about, that no one else can really do anything about,” said Fowler. “You want action now, you want justice now, and I think groups like Anonymous and hacktivists give people that immediate satisfaction.”
Cyber activism is a low-cost way for them to influence governmental and corporate actions, she said.
“It is protesting in the 21st century,” said Bailey.
Yet cheering them on can be dangerous in the “fog of war,” she said.
“A cyberattack has the potential for such an immediate impact, in most cases well before any accurate attribution can be determined,” she said. “A cyber strike back or even kinetic strike back could be directed to the wrong place. And what if that misattribution is intentional? What if someone makes the attack appear from a specific country when that’s not true?”
She said cyber warfare can be cheaper, easier, more effective and easier to deny than traditional military warfare, and that it will only increase with time.
“With more devices connected to this global digital ecosystem the opportunity for impact continues to expand,” she said. “It will undoubtedly be used more often in future conflicts.”
Tomi Engdahl says:
https://www.verkkouutiset.fi/vladimir-putinille-valehdeltiin-ohjuksista/#3a6f9f42