Ukraine and Russia seems to be at the moments on both traditional and cyber war. We could call that hybrid warfare. We are at a cyber war. Countless examples exist of damage to infrastructure from hostile acts via computer attacks. Russia’s invasion of Ukraine has been a hybrid war from the start, a mix of conventional military strategy — traditional “boots on the ground” — and a slightly more unconventional, digital or cyberwar. On the morning of February 22, 2022, the world woke to the news that Russia had moved troops into two separatist regions of eastern Ukraine. Russia started to conduct attacks to Ukraine on February 24. Before physical attacks Russia did several cyber attacks towards IT systems in Ukraine.
Here are links to some material on the cyber side of this war:
How the Eastern Europe Conflict Has Polarized Cyberspace
https://blog.checkpoint.com/2022/02/27/how-the-eastern-europe-conflict-polarized-cyberspace/
The war between Russia and Ukraine is advancing. People everywhere are deciding who they will support. The same dynamic happens in the cyberspace. Hacktivists, cybercriminals, white hat researchers or even technology companies are picking a clear side, emboldened to act on behalf of their choices. Historically, Russia has had superiority over Ukraine in the cyberspace. And last week, Ukraine was attacked by destructive wiping malware. However, the situation is starting to change, as most of the non-nation cyber state actors are taking the side of Ukraine. To defend itself, the Ukrainian government has created an international IT army of hacktivists.
As war escalates in Europe, it’s ‘shields up’ for the cybersecurity industry
https://techcrunch.com/2022/03/02/as-war-escalates-in-europe-its-shields-up-for-the-cybersecurity-industry/
In unprecedented times, even government bureaucracy moves quickly. As a result of the heightened likelihood of cyberthreat from Russian malactor groups, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) — part of the Department of Homeland Security — issued an unprecedented warning recommending that “all organizations — regardless of size — adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.”
Digital technology and the war in Ukraine
https://blogs.microsoft.com/on-the-issues/2022/02/28/ukraine-russia-digital-war-cyberattacks/
All of us who work at Microsoft are following closely the tragic, unlawful and unjustified invasion of Ukraine. This has become both a kinetic and digital war, with horrifying images from across Ukraine as well as less visible cyberattacks on computer networks and internet-based disinformation campaigns. We are fielding a growing number of inquiries about these aspects and our work, and therefore we are putting in one place a short summary about them in this blog. This includes four areas: protecting Ukraine from cyberattacks; protection from state-sponsored disinformation campaigns; support for humanitarian assistance; and the protection of our employees.. Also:
https://threatpost.com/microsoft-ukraine-foxblade-trojan-hours-before-russian-invasion/178702/
Ukraine: Cyberwar creates chaos, ‘it won’t win the war’
https://www.dw.com/en/ukraine-cyberwar-creates-chaos-it-wont-win-the-war/a-60999197
There have been at least 150 cyberattacks in Ukraine since Russia’s invasion. Their effect is mainly psychological, and experts say they won’t decide the war.
Russia’s invasion of Ukraine has been a hybrid war from the start, a mix of conventional military strategy — traditional “boots on the ground” — and a slightly more unconventional, digital or cyberwar.
The global technology company Microsoft has said its Threat Intelligence Center (MSTIC) detected “destructive cyberattacks directed against Ukraine’s digital infrastructure” hours before the first launch of missiles or movement of tanks on February 24.
Those attacks, which Microsoft dubbed FoxBlade, included so-called wipers — malicious software or malware — that make their way inside computer networks and literally wipe the data from all connected devices.
Cybersecurity experts in Germany have said there have been over a hundred cyberattacks, in various forms, since then. But their effect has mainly been psychological.
Why Russia Hasn’t Launched Major Cyber Attacks Since the Invasion of Ukraine
https://time.com/6153902/russia-major-cyber-attacks-invasion-ukraine/
In the relatively short and rapidly evolving history of cyber conflict, perhaps nothing has been established with greater certainty and more widely accepted than the idea that Russia has significant cyber capabilities and isn’t afraid to use them—especially on Ukraine. In 2015, Russian government hackers breached the Ukrainian power grid, leading to widespread outages. In 2017, Russia deployed the notorious NotPetya malware via Ukrainian accounting software and the virus quickly spread across the globe costing businesses billions of dollars in damage and disruption.
As tensions escalated between Russia and Ukraine, many people were expecting the conflict to have significant cyber components.
But as the invasion continues with few signs of any sophisticated cyber conflict, it seems less and less likely that Russia has significant cyber capabilities in reserve, ready to deploy if needed. Instead, it begins to look like Russia’s much vaunted cyber capabilities have been neglected in recent years, in favor of developing less expensive, less effective cyber weapons that cause less widespread damage and are considerably easier to contain and defend against. For instance, many of the cyberattacks directed at Ukraine in the past month have been relatively basic distributed denial-of-service attacks.
Given Russia’s past willingness to deploy cyberattacks with far-reaching, devastating consequences, it would be a mistake to count out their cyber capabilities just because they have so far proven unimpressive. And it’s all but impossible to prove the absence of cyber weapons in a nation’s arsenal. But the longer the conflict goes on without any signs of sophisticated cyber sabotage, the more plausible it becomes that the once formidable Russian hackers are no longer playing a central role in the country’s military operations.
Crowd-sourced attacks present new risk of crisis escalation
https://blog.talosintelligence.com/2022/03/ukraine-update.html
An unpredictable and largely unknown set of actors present a threat to organizations, despite their sometimes unsophisticated techniques.
Customers who are typically focused on top-tier, state-sponsored attacks should remain aware of these highly motivated threat actors, as well. Misattribution of these actors carries the risk of nations escalating an already dangerous conflict in Ukraine. Based on data from our fellow researchers at Cisco Kenna, customers should be most concerned about threat actors exploiting several recently disclosed vulnerabilities, highlighting the importance of consistently updating software and related systems.
Russia, Ukraine and the Danger of a Global Cyberwar
https://www.securityweek.com/russia-ukraine-and-danger-global-cyberwar
On the morning of February 22, 2022, the world woke to the news that Russia had moved troops into two separatist regions of eastern Ukraine. At the time of writing, it is not yet a full invasion of Ukraine, but Russia did conduct attacks on February 24, hitting cities with airstrikes and artillery in what was called a “special military operation” by Russian President Vladamir Putin.
Russia has been waging its own cyberwar against Ukraine for many years.
Since the beginning of 2022, however, it seems that Russian cyber activity against Ukraine has increased. This includes evidence that wiper malware has again disrupted some Ukrainian government networks, and attacks from the FSB-linked Gamaredon have targeted around 5,000 entities, including critical infrastructure and government departments. So far, however, there has not been the same scale of disruption as occurred in 2015, 2016 and 2017.
The purpose of such cyber activity is to weaken critical infrastructure, damage government’s ability to respond to any aggression, and to demoralize the population.
The U.S. has been warning the rest of the world against a potential widening scope of Russian cyber activity, and that cyber defenses generally should be tightened.
“Part of the worry,” said Willett, “is that cyberattacks against Ukraine might bleed over, like NotPetya, to affect other countries and cause wider damage unintentionally. There is some concern that the Russians may intentionally do stuff more widely, but that would probably be in retaliation for something that the U.S. or NATO might do.
This raises the whole question of ‘attribution’. The received belief is it is impossible to do accurate cyber attribution. ““It would be a mistake for any one nation to think it could attack another without being known,” said Willett.That is absolutely wrong,” said Willett.
But accidents happen. The two iconic cyberweapons have been Stuxnet and NotPetya. It is assumed that the U.S. developed Stuxnet (although this has never been admitted). NotPetya has been confidently attributed to the Russian government. Both malwares escaped from their assumed targets into the wider world. This was probably accidental – but similar accidents could lead to wider implications during a period of global geopolitical tension.
On the morning of February 24, 2022, Russian troops invaded Ukraine. This was accompanied by a further increase in cyber activity.
Ukraine Digital Army Brews Cyberattacks, Intel and Infowar
https://www.securityweek.com/ukraine-digital-army-brews-cyberattacks-intel-and-infowar
Formed in a fury to counter Russia’s blitzkrieg attack, Ukraine’s hundreds-strong volunteer “hacker” corps is much more than a paramilitary cyberattack force in Europe’s first major war of the internet age. It is crucial to information combat and to crowdsourcing intelligence.
Inventions of the volunteer hackers range from software tools that let smartphone and computer owners anywhere participate in distributed denial-of-service attacks on official Russian websites to bots on the Telegram messaging platform that block disinformation, let people report Russian troop locations and offer instructions on assembling Molotov cocktails and basic first aid.
The movement is global, drawing on IT professionals in the Ukrainian diaspora whose handiwork includes web defacements with antiwar messaging and graphic images of death and destruction in the hopes of mobilizing Russians against the invasion.
The cyber volunteers’ effectiveness is difficult to gauge. Russian government websites have been repeatedly knocked offline, if briefly, by the DDoS attacks, but generally weather them with countermeasures.
It’s impossible to say how much of the disruption — including more damaging hacks — is caused by freelancers working independently of but in solidarity with Ukrainian hackers.
A tool called “Liberator” lets anyone in the world with a digital device become part of a DDoS attack network, or botnet. The tool’s programmers code in new targets as priorities change.
Ukraine Cyber Official: We Only Attack Military Targets
https://www.securityweek.com/ukraine-cyber-official-we-only-attack-military-targets
A top Ukrainian cybersecurity official said Friday a volunteer army of hundreds of hackers enlisted to fight Russia in cyberspace is attacking only what it deems military targets, prioritizing government services including the financial sector, Kremlin-controlled media and railways.
Victor Zhora, deputy chair of the state special communications service, also said that there had been about 10 hostile hijackings of local government websites in Ukraine to spread false text propaganda saying his government had capitulated. He said most of Ukraine’s telecommunications and internet were fully operational.
Zhora told reporters in a teleconference that presumed Russian hackers continued to try to spread destructive malware in targeted email attacks on Ukrainian officials and — in what he considers a new tactic — trying to infect the devices of individual citizens.
Army of Cyber Hackers Rise Up to Back Ukraine
https://www.securityweek.com/army-cyber-hackers-rise-back-ukraine
An army of volunteer hackers is rising up in cyberspace to defend Ukraine, though internet specialists are calling on geeks and other “hacktivists” to stay out of a potentially very dangerous computer war.
According to Livia Tibirna, an analyst at cyber security firm Sekoia, nearly 260,000 people have joined the “IT Army” of volunteer hackers, which was set up at the initiative of Ukraine’s digital minister Mykhailo Fedorov.
The group, which can be accessed via the encrypted messaging service Telegram, has a list of potential targets in Russia, companies and institutions, for the hackers to target.
It’s difficult to judge the effect the cyber-army is having.
Russia Releases List of IPs, Domains Attacking Its Infrastructure with DDoS Attacks
https://thehackernews.com/2022/03/russia-releases-list-of-ips-domains.html
Russia Blocks Access to Facebook Over War
https://www.securityweek.com/russia-blocks-access-facebook-over-war
Russia’s state communications watchdog has ordered to completely block access to Facebook in Russia amid the tensions over the war in Ukraine.
The agency, Roskomnadzor, said Friday it decided to cut access to Facebook over its alleged “discrimination” of the Russian media and state information resources. It said the restrictions introduced by Facebook owner Meta on the RT and other state-controlled media violate the Russian law.
Cyberattack Knocks Thousands Offline in Europe
https://www.securityweek.com/cyberattack-knocks-thousands-offline-europe
Thousands of internet users across Europe have been thrown offline after what sources said Friday was a likely cyberattack at the beginning of Russia’s offensive in Ukraine.
According to Orange, “nearly 9,000 subscribers” of a satellite internet service provided by its subsidiary Nordnet in France are without internet following a “cyber event” on February 24 at Viasat, a US satellite operator of which it is a client.
Eutelsat, the parent company of the bigblu satellite internet service, also confirmed to AFP on Friday that around one-third of bigblu’s 40,000 subscribers in Europe, in Germany, France, Hungary, Greece, Italy and Poland, were affected by the outage on Viasat.
In the US, Viasat said on Wednesday that a “cyber event” had caused a “partial network outage” for customers “in Ukraine and elsewhere” in Europe who rely on its KA-SAT satellite.
Viasat gave no further details, saying only that “police and state partners” had been notified and were “assisting” with investigations.
General Michel Friedling, head of France’s Space Command said there had been a cyberattack.
Cybercriminals Seek to Profit From Russia-Ukraine Conflict
https://www.securityweek.com/cybercriminals-seek-profit-russia-ukraine-conflict
Dark web threat actors are looking to take advantage of the tensions between Russia and Ukraine, offering network access and databases that could be relevant to those involved in the conflict, according to a new report from Accenture.
Since mid-January, cybercriminals have started to advertise compromised assets relevant to the Russia-Ukraine conflict, and they are expected to increase their offering of databases and network access, with potentially crippling effects for the targeted organizations.
Just over a month ago, soon after the destructive WhisperGate attacks on multiple government, IT, and non-profit organizations in Ukraine, threat actors started to advertise on the dark web access to both breached networks and databases that allegedly contained personally identifiable information (PII).
Amid Russian invasion, Ukraine granted formal role with NATO cyber hub https://therecord.media/amid-russian-invasion-ukraine-granted-formal-role-with-nato-cyber-hub/
Ukraine was granted the formal role of “contributing participant” to the hub, known as the Cooperative Cyber Defence Centre of Excellence (CCDCOE), by its 27-member steering committee, the organization announced. “Ukraine’s presence in the Centre will enhance the exchange of cyber expertise, between Ukraine and CCDCOE member nations, ” Col.
Jaak Tarien, the institution’s director, said in a statement.
This Ukrainian cyber firm is offering hackers bounties for taking down Russian sites https://therecord.media/this-ukrainian-cyber-firm-is-offering-hackers-bounties-for-taking-down-russian-sites/
In the days following Russia’s invasion of Ukraine, dozens of hacking groups have taken sides in the conflict, launching attacks on various organizations and government institutions. Cyber Unit Technologies, a Kyiv-based cybersecurity startup, has been particularly outspoken on Tuesday, the company started a campaign to reward hackers for taking down Russian websites and pledged an initial $100, 000 to the program.
High Above Ukraine, Satellites Get Embroiled in the War
https://www.wired.com/story/ukraine-russia-satellites/
While the Russian invasion rages on the ground, companies that operate data-collecting satellites find themselves in an awkward position.
Some researchers are worried that the reliance on satellite imagery has given too much power to the companies that control this technology. “There’s companies like Maxar and Planet that are privately owned and they have the final say on whether or not they want to share the information, ” says Anuradha Damale. The role of private companies in conflicts such as Ukraine means commercial satellites could become targets. In the days before Russia invaded, US space officials warned satellite companies that the conflict could extend into space.
CISA Releases Advisory on Destructive Malware Targeting Organizations in Ukraine https://www.cisa.gov/uscert/ncas/current-activity/2022/02/26/cisa-releases-advisory-destructive-malware-targeting-organizations
CISA and the Federal Bureau of Investigation have released an advisory on destructive malware targeting organizations in Ukraine. The advisory also provides recommendations and strategies to prepare for and respond to destructive malware. Additionally, CISA has created a new Shields Up Technical Guidance webpage that details other malicious cyber activity affecting Ukraine. The webpage includes technical resources from partners to assist organizations against these threats.
Alert: https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
US firms should be wary of destructive malware unleashed on Ukraine, FBI and CISA warn – CNNPolitics
https://www.cnn.com/2022/02/26/politics/ukraine-malware-warning-cybersecurity-fbi-cisa/index.html
EU Activates Cyber Rapid Response Team Amid Ukraine Crisis
https://www.bankinfosecurity.com/eu-activates-cyber-rapid-response-team-amid-ukraine-crisis-a-18584
Amid rapid escalation in the Russia-Ukraine conflict derived from historical grievances and qualms with Ukraine’s plan to join the military alliance NATO, the world’s network defenders remain on high alert. And on Tuesday, the European Union confirmed that it will activate its elite cybersecurity team to assist Ukrainians if Russian cyberattacks occur.
UK alludes to retaliatory cyber-attacks on Russia
https://therecord.media/uk-alludes-to-retaliatory-cyber-attacks-on-russia/
The UK government alluded yesterday that it might launch offensive cyber operations against Russia if the Kremlin attacks UK computer systems after an invasion of Ukraine.
Amazon: Charities, aid orgs in Ukraine attacked with malware
https://www.bleepingcomputer.com/news/security/amazon-charities-aid-orgs-in-ukraine-attacked-with-malware/
Charities and non-governmental organizations (NGOs) providing critical support in Ukraine are targeted in malware attacks aiming to disrupt their operations and relief efforts seeking to assist those affected by Russia’s war. Amazon has detected these attacks while working with the employees of NGOs, charities, and aid organizations, including UNICEF, UNHCR, World Food Program, Red Cross, Polska Akcja Humanitarna, and Save the Children.
Ransomware Used as Decoy in Destructive Cyberattacks on Ukraine
https://www.securityweek.com/ransomware-used-decoy-destructive-cyberattacks-ukraine
Destructive ‘HermeticWiper’ Malware Targets Computers in Ukraine
https://www.securityweek.com/destructive-hermeticwiper-malware-targets-computers-ukraine
Just as Russia was preparing to launch an invasion of Ukraine, Ukrainian government websites were disrupted by DDoS attacks and cybersecurity firms reported seeing what appeared to be a new piece of malware on hundreds of devices in the country.
The new malware, dubbed “HermeticWiper” by the cybersecurity community, is designed to erase infected Windows devices. The name references a digital certificate used to sign a malware sample — the certificate was issued to a Cyprus-based company called Hermetica Digital.
“At this time, we haven’t seen any legitimate files signed with this certificate. It’s possible that the attackers used a shell company or appropriated a defunct company to issue this digital certificate,” explained endpoint security firm SentinelOne, whose researchers have been analyzing the new malware.
The malware has also been analyzed by researchers at ESET and Symantec. Each of the companies has shared indicators of compromise (IoCs) associated with HermeticWiper.
ESET first spotted HermeticWiper on Wednesday afternoon (Ukraine time) and the company said hundreds of computers in Ukraine had been compromised.
HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine https://www.sentinelone.com/labs/hermetic-wiper-ukraine-under-attack/
On February 23rd, the threat intelligence community began observing a new wiper malware sample circulating in Ukrainian organizations. Our analysis shows a signed driver is being used to deploy a wiper that targets Windows devices, manipulating the MBR resulting in subsequent boot failure. This blog includes the technical details of the wiper, dubbed HermeticWiper, and includes IOCs to allow organizations to stay protected from this attack. This sample is actively being used against Ukrainian organizations, and this blog will be updated as more information becomes available. Also:
https://www.welivesecurity.com/2022/02/24/hermeticwiper-new-data-wiping-malware-hits-ukraine/
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ukraine-wiper-malware-russia
https://www.bleepingcomputer.com/news/security/new-data-wiping-malware-used-in-destructive-attacks-on-ukraine/
HermeticWiper: A detailed analysis of the destructive malware that targeted Ukraine https://blog.malwarebytes.com/threat-intelligence/2022/03/hermeticwiper-a-detailed-analysis-of-the-destructive-malware-that-targeted-ukraine/
The day before the invasion of Ukraine by Russian forces on February 24, a new data wiper was unleashed against a number of Ukrainian entities. This malware was given the name “HermeticWiper” based on a stolen digital certificate from a company called Hermetica Digital Ltd. This wiper is remarkable for its ability to bypass Windows security features and gain write access to many low-level data-structures on the disk. In addition, the attackers wanted to fragment files on disk and overwrite them to make recovery almost impossible.
In Ukraine, Online Gig Workers Keep Coding Through the War
https://www.wired.com/story/gig-work-in-ukraine/
Freelancers or gig workers who piece together work on online platforms are a hidden engine of the Ukrainian economyand the world’s. They work as software engineers, project managers, IT technicians, graphic designers, editors, and copywriters. And they work for everyone.
Invading Russian forces have plunged freelancers’ home offices into chaos and uncertainty. Vlad, a video editor in southern Ukraine, says he’s grown accustomed to the air alarm signal, and hiding until it has passed. Now there are battles 30 miles from his home. “But as long as there is water, electricity, and internet, I can work, ” he says.
“Because we all need to live for something, eat
Leaving Russia? Experts Say Wipe Your Phone Before You Go
https://www.forbes.com/sites/thomasbrewster/2022/03/04/russians-escaping-putins-repression-urged-to-wipe-their-phones/
Russians fleeing President Vladimir Putin’s regime as it cracks down on anti-war sentimentand rumors of martial law grow louderare being advised to wipe their phones, especially of any traces of support for Ukraine. If they don’t, experts say they may face detention. They’re starting by deleting messages on Signal, Telegram or any app that promises security. For those leaving the country, they’re deleting the apps themselves, and urging others to do the same. Russian media has first-hand accounts of lengthy interrogations at the border, along with phone and laptop searches, though Forbes could not corroborate those claims.
Why ICANN Won’t Revoke Russian Internet Domains
The organization says cutting the country off would have “devastating” effects on the global internet system.
https://www.wired.com/story/why-icann-wont-revoke-russian-internet-domains/#intcid=_wired-bottom-recirc_8e802014-a05f-48c5-89e8-9dad931361ad_text2vec1-reranked-by-vidi
Ukraine on Monday asked ICANN to revoke Russian top-level domains such as .ru, .рф, and .su; to “contribute to the revoking for SSL certificates” of those domains; and to shut down DNS root servers in Russia. Fedorov argued that the requested “measures will help users seek for reliable information in alternative domain zones, preventing propaganda and disinformation.”
Ukraine’s request to cut Russia off from core parts of the internet has been rejected by the nonprofit group that oversees the Internet’s Domain Name System (DNS). CEO Göran Marby of the Internet Corporation for Assigned Names and Numbers (ICANN) said the group must “maintain neutrality and act in support of the global internet.”
“Our mission does not extend to taking punitive actions, issuing sanctions, or restricting access against segments of the internet—regardless of the provocations,” Marby wrote in his response to Ukraine Vice Prime Minister Mykhailo Fedorov.
https://www.icann.org/en/system/files/correspondence/marby-to-fedorov-02mar22-en.pdf
TikTok Was Designed for War
As Russia’s invasion of Ukraine plays out online, the platform’s design and algorithm prove ideal for the messiness of war—but a nightmare for the truth.
https://www.wired.com/story/ukraine-russia-war-tiktok/#intcid=_wired-bottom-recirc_8e802014-a05f-48c5-89e8-9dad931361ad_text2vec1-reranked-by-vidi
2,362 Comments
Tomi Engdahl says:
Ukraine’s Engineers Battle To Keep The Internet Running While Russian Bombs Fall Around Them https://www.forbes.com/sites/thomasbrewster/2022/03/22/while-russians-bombs-fall-around-them-ukraines-engineers-battle-to-keep-the-internet-running/
In the rubble of bombarded Ukrainian cities, technicians are risking their lives to keep the country online. Their government calls them the hidden heroes’ of the war. On March 11, in the city of Okhtyrka, in Ukraine’s northeast, Russian missiles hit a key hub of Kyivstar, the biggest internet and mobile operator in the country, with 20 million customers in a country of 41 million. It was one of Russia’s more precise strikes, and it cut off the city’s phone service.
Okhtyrka, a town of nearly 50, 000 before the war, had already suffered attacks on a power plant and residential buildings. Now many townspeople couldn’t do something they’d long taken for granted: make a phone call. Kyivstar had a problem. Its employees in the area were already at work restoring lines in other besieged parts of the region.
They turned to staff 60 miles south in the larger city of Poltava to come to their aid.
Tomi Engdahl says:
Wartime Cyber Insurance Wobbled By New Fine Print. Do Boards Know?
https://www.forbes.com/sites/noahbarsky/2022/03/22/wartime-cyber-insurance-wobbled-by-new-fine-print/
The Russia-Ukraine war has spiked cybersecurity concerns. As companies internally question digital defense adequacy, insurance provides a popular mitigation fallback against breach-related losses. Yet, surprising to many policyholders, a recent court ruling may soon undercut wartime cyber claims. In January 2022, Merck won a $1.4 billion judgment against Ace Insurance related to a 2017 NotPetya malware attack which damaged 40, 000 company computers. Ace denied Merck’s claim on the basis that ransomware was excluded under rarely-invoked “act of war” exemptions. The court ruled against Ace, prompting prominent insurers to swiftly revise policy coverage terms related to cyber losses. Lloyd’s Market Association’s (LMA) Cyber Business Panel recently published four cyberinsurance policy exclusion clauses, which significantly broaden insurers’ protection against “cyber operations” launched by governments or surrogates. These evolving terms parallel emerging cybersecurity insurance legal precedents.
Tomi Engdahl says:
Uutta tietoa verkkohyökkäyksestä Helsingin yliopistoon: Osa viesteistä vaikuttaakin olevan bottien sijaan ukrainalaisilta ihmisiltä
https://yle.fi/uutiset/3-12371862
Helsingin yliopiston sosiaalisen median asiantuntijoiden tilannekuva alkuviikon verkkohyökkäyksestä on päivittynyt. Monet sosiaaliseen mediaan lähetetyistä viesteistä ovatkin mahdollisesti oikeilta ukrainalaisilta henkilöiltä. Maanantai- ja tiistai-iltapäivän aikana yliopiston sosiaaliseen mediaan vyöryi ennennäkemätön määrä, jopa 2
500 viestiä. Niiden sisältö oli venäläisvastaista. Vihamieliset viestit kohdistuivat yliopiston venäläisiin opiskelijoihin sekä tutkijoihin. Viesteissä toivottiin muun muassa sanktioita venäläisiä kohtaan. Yliopistolla on nyt analysoitu viestejä tarkemmin tutkijoiden avustuksella. Yliopiston uuden arvion mukaan kyseessä eivät ole botit eli automatisoitu viestintä, vaan manuaalisesti ylläpidettyjen tilien operaatio.
Tomi Engdahl says:
Verkkoon piirretty viiva
https://yle.fi/uutiset/3-12370108
Kybersota on julistettu alkaneeksi useita kertoja viime vuosikymmenien aikana. Jälkikäteen julistukset ovat paljastuneet ennenaikaisiksi.
Onko nyt toisin?. Viimeisen kahdeksan vuoden aikana venäläishakkerit ovat toistuvasti murtautuneet Ukrainan viranomaisten, pankkien, medioiden ja yritysten järjestelmiin. Palvelunestohyökkäykset ovat arkipäivää ja useita vaarallisia haittaohjelmia on lähtenyt leviämään Ukrainasta maailmalle. Kybersota on hankalasti määriteltävä termi.
Yleisesti sillä tarkoitetaan informaatioteknologian hyväksikäyttämistä sotilaallisen toiminnan rinnalla. Toisaalta usein kybersodankäynnin katsotaan pitävän sisällään vihollisten järjestelmiin kohdistuvien kyberhyökkäysten lisäksi verkkotiedustelun ja -vakoilun. Kybersodan rajat ovat paljon hämärämmät kuin perinteisen sodan, jonka rajat eivät nekään ole täysin selkeät. Jos valtioiden harjoittama verkkotiedustelu on kybersotaa, me olemme käyneet globaalia kybersotaa vuosikymmenten ajan. Jos taas kehittyneiden verkkohyökkäysten pitää olla yhteydessä fyysisiin sotilastoimiin, maailman ensimmäinen kybersota saattaa olla vasta edessä.
Tomi Engdahl says:
Mustang Panda’s Hodur: Old tricks, new Korplug variant https://www.welivesecurity.com/2022/03/23/mustang-panda-hodur-old-tricks-new-korplug-variant/
ESET researchers discovered a still-ongoing campaign using a previously undocumented Korplug variant, which they named Hodur due to its resemblance to the THOR variant previously documented by Unit 42 in 2020. In Norse mythology, Hodur is Thor’s blind half-brother, who is tricked by Loki into killing their half-brother Baldr. Victims of this campaign are likely lured with phishing documents abusing the latest events in Europe such as Russia’s invasion of Ukraine. This resulted in more than three million residents fleeing the war to neighboring countries, leading to an unprecedented crisis on Ukraine’s borders. One of the filenames related to this campaign is Situation at the EU borders with Ukraine.exe. Other phishing lures mention updated
COVID-19 travel restrictions, an approved regional aid map for Greece, and a Regulation of the European Parliament and of the Council. The last one is a real document available on the European Council’s website. This shows that the APT group behind this campaign is following current affairs and is able to successfully and swiftly react to them.
Tomi Engdahl says:
Bad Actors Trying to Capitalize on Current Events via Shameless Email Scams https://www.fortinet.com/blog/threat-research/bad-actors-capitalize-current-events-email-scams
Malicious email and phishing scams are usually topical and follow a pattern of current events. They are usually crafted around calendar and/or trending issues as attackers realize that victims are interested in all things relevant to the moment. Threat actors are aware that not all recipients will bite, but some will, hence the origination of the term “phishing.”. Threat actors often put in the least amount of work possible for a maximum return, sending out phishing emails to thousands of targets. Even if less than one percent of victims respond, the return on investment is still significant due to the gain of PII and/or establishing a foothold within an organization using stolen credentials, malware, or other means. This blog highlights some examples we’ve encountered that may help users better spot suspicious emails. Recent examples observed by FortiGuard Labs include emails related to tax season and the Ukrainian conflict, which reflect the timeliness of current and newsworthy events at the time of writing.
Tomi Engdahl says:
US and Canada reinstate cybercrime forum to prevent Russian cyber-attacks https://portswigger.net/daily-swig/us-and-canada-reinstate-cybercrime-forum-to-prevent-russian-cyber-attacks
The US and Canada have reestablished the Cross-Border Crime Forum
(CBCF) to discuss cybercrime and other issues. In a statement released yesterday (March 22), the US Department of Justice (DoJ) said that the two nations will meet to discuss further cooperation on cross-border crimes. “Given the interconnectedness of US and Canadian industry and economies, we affirm our shared commitment to work bilaterally to combat common cyber threats, such as ransomware attacks, and to strengthen critical infrastructure cybersecurity and resilience, ” the release reads. The focus on collaboration comes in the wake of the war in Ukraine. The statement reads: “We are working vigilantly to protect the cybersecurity of our critical infrastructure sectors given Russia’s further invasion of Ukraine.
Tomi Engdahl says:
Despite years of preparation, Ukraines electric grid still an easy target for Russian hackers
https://www.politico.com/news/2022/02/19/despite-years-of-preparation-ukraines-electric-grid-still-far-from-ready-for-russian-hackers-00010373
If Russia wants to take down the Ukrainian electric system, I have full confidence that they can, and the Ukrainian playbook in many ways is in a place where preventions not going to happen, Robert M. Lee, CEO and co-founder of cybersecurity group Dragos, said in an interview. He argued corruption and economic barriers in Ukraine have gotten in the way of hardening the electric grid.
Tomi Engdahl says:
Nykyaikaisessa sodankäynnissä yksi päättäväinen nörtti vastaa enemmän kuin kymmentä venäläistä
The drone operators who halted Russian convoy headed for Kyiv
https://www.theguardian.com/world/2022/mar/28/the-drone-operators-who-halted-the-russian-armoured-vehicles-heading-for-kyiv
Special IT force of 30 soldiers on quad bikes is vital part of Ukraine’s defence, but forced to crowdfund for supplies
One week into its invasion of Ukraine, Russia massed a 40-mile mechanised column in order to mount an overwhelming attack on Kyiv from the north.
But the convoy of armoured vehicles and supply trucks ground to a halt within days, and the offensive failed, in significant part because of a series of night ambushes carried out by a team of 30 Ukrainian special forces and drone operators on quad bikes, according to a Ukrainian commander.
The drone operators were drawn from an air reconnaissance unit, Aerorozvidka, which began eight years ago as a group of volunteer IT specialists and hobbyists designing their own machines and has evolved into an essential element in Ukraine’s successful David-and-Goliath resistance.
However, while Ukraine’s western backers have supplied thousands of anti-tank and anti-aircraft missiles and other military equipment, Aerorozvidka has been forced to resort to crowdfunding and a network of personal contacts in order to keep going
The unit’s commander, Lt Col Yaroslav Honchar, gave an account of the ambush near the town of Ivankiv that helped stop the vast, lumbering Russian offensive in its tracks. He said the Ukrainian fighters on quad bikes were able to approach the advancing Russian column at night by riding through the forest on either side of the road leading south towards Kyiv from the direction of Chernobyl.
The Ukrainian soldiers were equipped with night vision goggles, sniper rifles, remotely detonated mines, drones equipped with thermal imaging cameras and others capable of dropping small 1.5kg bombs.
“This one little unit in the night destroyed two or three vehicles at the head of this convoy, and after that it was stuck. They stayed there two more nights, and [destroyed] many vehicles,” Honchar said
The Russians broke the column into smaller units to try to make headway towards the Ukrainian capital, but the same assault team was able to mount an attack on its supply depot, he claimed, crippling the Russians’ capacity to advance.
“The first echelon of the Russian force was stuck without heat, without oil, without bombs and without gas. And it all happened because of the work of 30 people,” Honchar said.
The Aerorozvidka unit also claims to have helped defeat a Russian airborne attack on Hostomel airport, just north-west of Kyiv, in the first day of the war, using drones to locate, target and shell about 200 Russian paratroopers concealed at one end of the airfield.
Not all the details of these claims could be independently verified, but US defence officials have said that Ukrainian attacks contributed to the halting of the armoured column around Ivankiv. The huge amount of aerial combat footage published by the Ukrainians underlines the importance of drones to their resistance.
The unit was started by young university-educated Ukrainians who had been part of the 2014 Maidan uprising and volunteered to use their technical skills in the resistance against the first Russian invasion in Crimea and the Donbas region.
In its early days, the unit used commercial surveillance drones, but its team of engineers, software designers and drone enthusiasts later developed their own designs.
They built a range of surveillance drones, as well as large 1.5-metre eight-rotor machines capable of dropping bombs and rocket-propelled anti-tank grenades, and created a system called Delta, a network of sensors along the frontlines that fed into a digital map so commanders could see enemy movements as they happened. It now uses the Starlink satellite system, supplied by Elon Musk, to feed live data to Ukrainian artillery units, allowing them to zero in on Russian targets.
The unit was disbanded in 2019 by the then defence minister, but it was hastily revived in October last year as the Russian invasion threat loomed.
The ability to maintain an aerial view of Russian movements has been critical to the success of Ukraine’s guerrilla-style tactics. But Aerorozvidka’s efforts to expand, and to replace lost equipment, have been hindered by a limited supply of drones and components
“Where we can make a difference is to rally international support, be it financial contributions, help to get harder-to-find technical components or donations of common civilian drones.”
The unit is also looking at ways to overcome Russian jamming, part of the electronic warfare being waged in Ukraine in parallel to the bombs, shells and missiles. At present, Aerorozvidka typically waits for the Russians turn off their jamming equipment to launch their own drones, and then it sends up its machines at the same time. The unit then concentrates its firepower on the electronic warfare vehicles.
Honchar describes these technological battles, and Aerorozvidka’s way of fighting, as the future of warfare, in which swarms of small teams networked together by mutual trust and advanced communications can overwhelm a bigger and more heavily armed adversary.
“We are like a hive of bees,” he said. “One bee is nothing, but if you are faced with a thousand, it can defeat a big force. We are like bees, but we work at night.”
Tomi Engdahl says:
Poliisi varoittaa: Ethän lähde mukaan rikolliseen verkkotoimintaan edes kriisitilanteessa https://poliisi.fi/blogi/-/blogs/poliisi-varoittaa-ethan-lahde-mukaan-rikolliseen-verkkotoimintaan-edes-kriisitilanteessa
Poliisin tietojen ja havaintojen mukaan Ukrainan tilanne on synnyttänyt ilmiön, jossa verkon käyttäjät ovat alkaneet tehdä verkkorikoksia niitä toimijoita kohtaan, joiden katsotaan liittyvän Venäjän hyökkäykseen tai tukevan sitä. Haluamme muistuttaa, että oli motiivi mikä tahansa, se ei oikeuta lain rikkomiseen.
Tomi Engdahl says:
Huoltovarmuuden tilannekuva: Ukrainan sodalla suoria ja epäsuoria vaikutuksia https://www.huoltovarmuuskeskus.fi/a/huoltovarmuuden-tilannekuva-ukrainan-sodalla-suoria-ja-epasuoria-vaikutuksia
Ukrainan sota ei ole toistaiseksi aiheuttanut merkittäviä huoltovarmuusvaikutuksia Suomessa. Logistiikassa tilanne on aiempaa vaikeammin ennustettava. Myös pakotteiden ja vastapakotteiden muutokset ovat nopeita sekä niiden vaikutukset voivat jatkossa aiheuttaa tilapäisiä häiriöitä huoltovarmuuteen.
Tomi Engdahl says:
Tactics, Techniques, and Procedures of Indicted State-Sponsored Russian Cyber Actors Targeting the Energy Sector https://www.cisa.gov/uscert/ncas/alerts/aa22-083a
On March 24, 2022, the U.S. Department of Justice unsealed indictments of three Russian Federal Security Service (FSB) officers and a Russian Federation Central Scientific Research Institute of Chemistry and Mechanics (TsNIIKhM) employee for their involvement in the following intrusion campaigns against U.S. and international oil refineries, nuclear facilities, and energy companies.
Tomi Engdahl says:
Researchers tie Ukraine cyber intrusion attempt to suspected Chinese threat actor Scarab’
https://therecord.media/researchers-tie-ukraine-cyber-intrusion-attempt-to-suspected-chinese-threat-actor-scarab/
Ukraine’s Computer Emergency Response Team (CERT-UA) published evidence this week indicating that Chinese threat actors are targeting their systems publicly for the first time since Russia invaded Ukraine. Lisäksi: https://cert.gov.ua/article/38097
Tomi Engdahl says:
Russia hacked Ukrainian satellite communications, officials believe
https://www.bbc.com/news/technology-60796079
Western intelligence agencies have been investigating the incident and while they have not yet made a public accusation, they believe Russia was behind it.
Tomi Engdahl says:
A month into the Russian invasion, Ukraine is still mostly online https://therecord.media/ukraine-internet-russia-invasion/
A month into the Russian invasion of Ukraine, the country’s internet is still largely online thanks to its diverse telecommunications ecosystem and frontline technicians braving a warzone to keep Ukraine connected.
Tomi Engdahl says:
Racoon Stealer malware suspends operations due to war in Ukraine https://www.bleepingcomputer.com/news/security/racoon-stealer-malware-suspends-operations-due-to-war-in-ukraine/
The cybercrime group behind the development of the Racoon Stealer password-stealing malware has suspended its operation after claiming that one of its developers died in the invasion of Ukraine.
Tomi Engdahl says:
HackerOne kicks Kaspersky’s bug bounty program off its platform https://www.bleepingcomputer.com/news/security/hackerone-kicks-kaspersky-s-bug-bounty-program-off-its-platform/
Bug bounty platform HackerOne disabled Kaspersky’s bug bounty program on Friday following sanctions imposed on Russia and Belarus after the invasion of Ukraine.
Tomi Engdahl says:
Meet the Secretive US Company Building an Unbreakable’ Internet Inside Russia https://www.vice.com/en/article/z3n5e9/russian-internet-lantern
The company is Lantern, which says it has seen staggering growth inside Russia in the last four weeks for its app that allows users to bypass restrictions the Kremlin has put in place on platforms like Facebook, Twitter, and Instagram.
Tomi Engdahl says:
Chinese Hackers Seen Targeting Ukraine Post-Invasion
https://www.securityweek.com/chinese-hackers-seen-targeting-ukraine-post-invasion
A known threat actor has launched what appears to be the first Chinese hacking attempts targeting Ukraine digital assets since the Russian invasion a month ago.
The suspected activity was first detailed in a short summary published by Ukraine CERT (Computer Emergency Response Team) earlier this week and confirmed by SentinelLabs on Thursday to be connected to the Chinese threat actor known as ‘Scarab’.
Active since at least 2012, Scarab was previously observed targeting individuals worldwide, including people in the United States, Russia, and elsewhere.
The threat actor is mainly known for the use of the custom backdoor Scieron, which is believed to be the predecessor of the HeaderTip malware family used in the recent Ukrainian campaign.
The malware appears mainly designed to function as a first stager, likely meant to deploy a more advanced second stage payload.
Tomi Engdahl says:
North.Realities / Radio Free Europe/Radio Liberty:
How Russia’s independent regional press covers the war’s effects even as a new law and state pressure make it impossible to accurately report on the war itself — Funerals are being held for soldiers. Shopping malls have more and more vacant storefronts. Prices are rising, and goods are disappearing from store shelves.
‘No Room For Journalism’: Russia’s Independent Regional Press Fights To Survive Under Wartime Conditions
https://www.rferl.org/a/russia-journalism-independent-press-war-struggles-censorship/31768511.html
Funerals are being held for soldiers. Shopping malls have more and more vacant storefronts. Prices are rising, and goods are disappearing from store shelves.
These are some of the stories that Russia’s non-state regional media outlets have reported on in recent weeks. But what they can’t tell their audiences is the story behind all of these stories: the story of what the Kremlin euphemistically calls its “special military operation,” the war in Ukraine.
Tomi Engdahl says:
Will Oremus / Washington Post:
Social media platforms are hastily rewriting their rules on hate, violence, and propaganda amid the war on Ukraine, setting precedents that may haunt them later — A month ago, praising a neo-Nazi militia or calling for violence against Russians could get you suspended from Facebook in Ukraine.
https://www.washingtonpost.com/technology/2022/03/25/social-media-ukraine-rules-war-policy/
Tomi Engdahl says:
Over 100 Building Controllers in Russia Vulnerable to Remote Hacker Attacks
https://www.securityweek.com/over-100-building-controllers-russia-vulnerable-remote-hacker-attacks
A researcher has identified critical vulnerabilities that can allegedly be exploited to remotely hack a building controller predominantly used by organizations in Russia.
The security flaws were discovered by researcher Jose Bertin in a controller made by Russian company Tekon Avtomatika, which specializes in equipment and software for elevators and other building systems.
A Shodan search shows more than 100 internet-exposed Tekon controllers that the vendor describes as “engineering equipment controllers.” Shodan currently shows 117 devices located in Russia and three in Ukraine.
Tomi Engdahl says:
Chinese cyberattacks on NATO countries increase 116% since Russia’s invasion of Ukraine: study
Cyber attacks from Chinese IPs have also risen 72% worldwide
https://www.foxbusiness.com/technology/chinese-cyberattacks-nato-increase-ukraine
Russia, China are our two biggest threats in cyberspace: Morgan Wright
Cyberattacks from Chinese IPs have also risen 72% worldwide, according to trends analyzed before and after Russia’s invasion of Ukraine by cybersecurity firm Check Point Research.
“As the Russia-Ukraine conflict intensifies, we grew curious around cyber attacks originating from China. We’re seeing significant increases in cyber attacks that originate from Chinese IP addresses,” Omer Dembinsky, data group manager at Check Point Software, the software arm of Check Point, said in an emailed statement.
He noted that while Check Point researchers cannot attribute the attacks to the Chinese government, “as it is difficult to determine attribution in cyber security without more evidence,” it is clear to researchers that “hackers are using Chinese servers to launch cyber attacks world-wide, especially NATO countries.”
Tomi Engdahl says:
NYT: Venäjän vakoilukoneisto toimii Nokian varassa
https://www.is.fi/digitoday/tietoturva/art-2000008712726.html
Nokian teknologia pitää Venäjän vakoilujärjestelmän toiminnassa, The New York Times kirjoittaa. Nokia on vetäytynyt maasta, mutta järjestelmät jäivät.
Ukrainan sodan vuoksi Venäjältä poistunut Nokia jätti jälkeensä laitteita ja ohjelmistoja, jotka kytkevät Venäjän valtion vahvimman digitaalisen vakoilun työkalun maan suurimpaan tietoliikenneverkkoon. Näin kirjoittaa The New York Times (NYT), joka kävi läpi asiaa koskevia asiakirjoja.
Venäjän seurantakoneiston nimi on System for Operative Investigative Activities eli SORM ja se kytkeytyy teleoperaattori MTS:n verkkoon. Tässä liityntäpisteessä Nokialla on NYT:n mukaan vahva rooli, mikä herättää kysymyksiä yhtiön vastuusta.
Nokia kertoi NYT:lle tuomitsevansa Venäjän hyökkäyksen Ukrainaan, mutta sanoi, ettei sillä ole mahdollisuutta hallita mitään laillisia tiedonkeruukeinoja verkoissa, joita sen asiakkaat omistavat ja operoivat. Nokia korosti, ettei se valmista, asenna tai palvele itse SORM-laitteistoja.
Nokian osallisuus Venäjän laajassa tietoliikenteen seurantajärjestelmässä on tullut esiin jo aikaisemmin. Vuonna 2019 vuotaneet asiakirjat kuvailivat Nokian yhteistyön Venäjän suurimman teleyrityksen MTS:n kanssa Venäjän SORM-seurantajärjestelmän parissa.
Nokia on toimittanut laitteita SORMilla harjoitettavan puhelujen, viestien ja nettiliikenteen kaappaamista varten. SORMin arvioidaan antavan Venäjän turvallisuuspalvelu FSB:lle käytännössä täydet mahdollisuudet tietoliikenteen kuunteluun maan sisällä. On myös arvioitu, että SORM menee paljon pidemmälle kuin vastaavat valvontajärjestelmät useissa länsimaissa.
Tietoturva-asiantuntija Jarno Limnéll arvioi jo vuonna 2014, että SORM on viety Ukrainaankin.
https://www.nytimes.com/2022/03/28/technology/nokia-russia-surveillance-system-sorm.html
Tomi Engdahl says:
YK: Ukrainasta paennut lähes 3,9 miljoonaa ihmistä – Ukrainan mukaan Venäjä yrittää rakentaa ”käytävää” Kiovan ympärille
IS seuraa Ukrainan sodan tilannetta tässä artikkelissa.
https://www.is.fi/ulkomaat/art-2000008608788.html
Tomi Engdahl says:
There is a game where farmers steal Russian tanks with tractors now
https://www.altchar.com/game-news/there-is-a-game-where-farmers-steal-russian-tanks-with-tractors-now-aQe397I50CBV
https://www.reddit.com/r/gaming/comments/tdua8o/farmers_stealing_tanks/
https://pixelforest.itch.io/farmers-stealing-tanks?fbclid=IwAR2V20ATZDfJtZSDCbvJQDRSwkt77igzoGfg7HZqJdBMZKHTQ_K151qVW2Y
Tomi Engdahl says:
https://hackaday.com/2022/03/21/one-giant-leap-backwards-for-humankind-what-the-russia-ukraine-war-means-for-the-iss/
Tomi Engdahl says:
Kolumni: Sillat on nyt poltettu jopa vuosikymmeniksi
https://www.iltalehti.fi/kotimaa/a/49da6c9a-9234-4235-a431-e564df35921b
Tomi Engdahl says:
#BREAKING: A “powerful” cyberattack has hit Ukraine’s national telecommunications company, Ukrtelecom. It’s being described as the most severe cyberattack since the start of the Russian invasion in February https://trib.al/Q1dILTD
‘Most Severe’ Cyberattack Since Russian Invasion Crashes Ukraine Internet Provider
https://www.forbes.com/sites/thomasbrewster/2022/03/28/huge-cyberattack-on-ukrtelecom-biggest-since-russian-invasion-crashes-ukraine-telecom/?sh=722f46f37dc2&utm_source=ForbesMainFacebook&utm_campaign=socialflowForbesMainFB&utm_medium=social
A “powerful” cyberattack has hit Ukraine’s biggest fixed line telecommunications company, Ukrtelecom. Described as the most severe cyberattack since the start of the Russian invasion in February, it has sent the company’s services across the country down.
The attack has only been acknowledged by Ukrtelecom in responses to customer comments on Facebook.
“Currently, there are difficulties in using the internet service from Ukrtelecom.
“Due to the abnormal load and problems with internal systems, the operators of the contact center and Facebook cannot process customer requests.”
“gradual loss of connectivity was a giveaway that it wasn’t a power or cable cut.” He’d tweeted that the attack was the most significant since Russia’s invasion.
Ukrtelecom, which claims to be the “largest fixed-line operator in Ukraine,” hadn’t immediately responded to a request for comment at the time of publication. It was once the national provider, but later went private, with the internet market now competitive.
After publication, Zhora’s office said that the attack had been ‘‘neutralized’’ and Ukrtelecom could begin restoring services,
Last week, Ukraine’s Computer Emergency Response Team (CERT) revealed statistics showing the country had been subjected to 60 different cyberattacks. It said 11 had targeted government and local authorities, with 8 hitting military and law enforcement. Just 4 had hit telecoms and other tech companies. The majority of those cyberattacks focused on information gathering, though a series of “wiper” attacks aimed at destroying data on targeted computers have been launched across Ukrainian entities.
“Despite the growing number of attacks, most of them reach no success,” the CERT found. “Even those that are successful, almost have no impact on the work of the critical infrastructure.”
Ukraine’s telecom companies are also having to keep the internet up in the face of rocket strikes. As a Forbes story revealed, teams were going into bombarded cities, from Kharkiv to Okhtyrka, during the quieter hours to replace and fix equipment.
Tomi Engdahl says:
Ukraine is using Elon Musk’s Starlink for drone strikes
https://www.dw.com/en/ukraine-is-using-elon-musks-starlink-for-drone-strikes/a-61270528
Elon Musk’s satellites are connecting Ukraine with the internet. Starlink was conceived as a civilian program — but Ukraine’s military can also use it to guide drones and strike Russian tanks and positions.
Tomi Engdahl says:
Racoon Stealer malware suspends operations due to war in Ukraine
https://www.bleepingcomputer.com/news/security/racoon-stealer-malware-suspends-operations-due-to-war-in-ukraine/
Tomi Engdahl says:
https://liveuamap.com/
https://www.scribblemaps.com/maps/view/The-War-in-Ukraine/091194
Tomi Engdahl says:
Warmongering US
By Global Times
https://www.globaltimes.cn/page/202203/1256639.shtml
As the Russia-Ukraine military conflict enters its 28th day on Wednesday, most of the stakeholders, including Moscow, Kiev, Paris and Berlin, have made efforts to seek a way out of the crisis, but Washington continues to supply weapons to keep the conflict from ending. Analysts point out that the US, which seemingly stands with Ukraine, actually does not care about restoring peace in the country, and some US arms firms and politicians would even be happy to take advantage of wars to become rich.
Data and facts speak louder than anything else. A recent report showed that the US increased its arms exports by 14 percent in the past five years despite the downward trend in the global arms trade.
Tomi Engdahl says:
Independent Russian newspaper Novaya Gazeta announced Monday it will pause all operations due to increasing pressure from the Russian government, leaving the Russian media landscape nearly barren of independent reporting
Famed Russian Paper Suspends Operations Amid Censorship Laws As Kremlin Restricts War Reporting
https://lm.facebook.com/l.php?u=https%3A%2F%2Ftrib.al%2F86XGBw0&h=AT1-pKSfQLXW4ufQhHMdmf7S0VSHVc9QeIKKcqyY3qbWlM7i4-ByWufYsUluv-7n_r5QdLpqF84x54ZJhqYxgNCqq1xnYE0XWYYbjfc433sTU6AsvNgZ9FNcr2NcM3iCQA
Independent Russian newspaper Novaya Gazeta, whose editor-in-chief Dmitry Muratov won the 2021 Nobel Peace Prize, announced Monday it will pause all operations due to increasing pressure from the Russian government, leaving the Russian media landscape nearly barren of independent reporting.
Tomi Engdahl says:
Ukraine dismantles 5 disinformation bot farms, seizes 10,000 SIM cards >
https://www.bleepingcomputer.com/news/security/ukraine-dismantles-5-disinformation-bot-farms-seizes-10-000-sim-cards/
The Ukrainian Security Service (SSU) has announced that since the start of the war with Russia, it has discovered and shut down five bot farms with over 100,000 fake social media accounts spreading fake news.
The network, which operated in Kharkiv, Cherkasy, Ternopil, and Zakarpattia, aimed to discourage Ukrainian citizens and instill panic by distributing false information about the Russian invasion and the status of the defenders.
According to the SSU’s announcement, the goal of the network was to destabilize the sociopolitical situation in various regions, thus curbing the resistance of the Ukrainian militia.
On Saturday, the Ukrainian cyber-police in the region of Vinnytsia announced the arrest of a man who was hacking social network accounts through phishing links and used them to run fake ammunition fundraisers.
Today, the Computer Emergency Response Team of Ukraine announced the discovery of a phishing campaign loosely attributed to the UAC-0010 (Armageddon) Russian threat group.
The campaign uses document lures that supposedly contain information about the losses of Ukrainian servicemen to drop the “PseudoSteel” malware which enables its operators to remotely search for local files and upload them to an FTP server.
Tomi Engdahl says:
Venäläinen piirroshahmo sanoo Putinille suorat sanat tämän bunkkerissa – sarjan luoja joutui heti viranomaisten hampaisiin
https://www.is.fi/ulkomaat/art-2000008712536.html
Tässä mainittu piirretty englanniksi tekstitettynä. https://www.youtube.com/watch?v=kzx_N8AJiKw
Tässä mainittu piirretty englanniksi tekstitettynä. https://www.youtube.com/watch?v=kzx_N8AJiKw
Tomi Engdahl says:
https://www.iflscience.com/technology/starlink-satellites-are-helping-ukraines-drone-unit-halt-russian-advances/
Tomi Engdahl says:
Tällaista on Venäjän kybersota – näin Ukrainaa murjotaan verkossa https://www.is.fi/digitoday/tietoturva/art-2000008711553.html
Tomi Engdahl says:
Breaking|Mar 28, 2022, 12:40pm EDT
https://www.forbes.com/sites/thomasbrewster/2022/03/28/huge-cyberattack-on-ukrtelecom-biggest-since-russian-invasion-crashes-ukraine-telecom/
Most Severe’ Cyberattack Since Russian Invasion Crashes Ukraine Internet Provider. A “powerful” cyberattack has hit Ukraine’s biggest fixed line telecommunications company, Ukrtelecom.
Tomi Engdahl says:
Russia facing internet outages due to equipment shortage https://www.bleepingcomputer.com/news/technology/russia-facing-internet-outages-due-to-equipment-shortage/
Russia’s RSPP Commission for Communications and IT, the country’s largest entrepreneurship union, has warned of imminent large-scale service Internet service outages due to the lack of available telecom equipment.
Tomi Engdahl says:
Venäjän joukkojen keskuudessa vallitsee viestintäkaaos – sekoilua koodinimissä, suojaamattomat yhteydet altistaneet vastaiskuille https://www.is.fi/ulkomaat/art-2000008714437.html
Tomi Engdahl says:
Näin Ukraina valmistautui kaikessa hiljaisuudessa – asiantuntija kertoo osa-alueen, jossa maa on ylivoimainen https://www.is.fi/digitoday/tietoturva/art-2000008715220.html
Tomi Engdahl says:
Järeä kyberisku Ukrainaan: Suuri nettioperaattori lamautettiin https://www.is.fi/digitoday/tietoturva/art-2000008714200.html
Tomi Engdahl says:
A programmer behind the popular open-source npm program node-ipc poisoned it with malware that erased the hard drives of computers located in Russia or Belarus.
Corrupted open-source software enters the Russian battlefield
https://www.zdnet.com/article/corrupted-open-source-software-enters-the-russian-battlefield/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&utm_source=facebook
A programmer behind the popular open-source npm program node-ipc poisoned it with malware that erased the hard drives of computers located in Russia or Belarus.
Tomi Engdahl says:
Europe’s quest for energy independence and how cyberrisks come into play https://www.welivesecurity.com/2022/03/29/europe-quest-energy-independence-cyber-risks/
Soaring energy prices and increased geopolitical tensions amid the Russian invasion of Ukraine bring a sharp focus on European energy security. It is generally understood that the world is deeply interconnected, especially when it comes to energy supplies and the global energy trade. Maintaining complex, but reliable business and nation-state relationships has been central to ensuring a smooth and sustained functioning of the energy supply chain.
Tomi Engdahl says:
Ukraine war: Major internet provider suffers cyber-attack
https://www.bbc.com/news/60854881
Ukraine’s national telecoms operator Ukrtelecom is restoring internet services after driving back a major cyber-attack. Lisäksi:
https://www.is.fi/digitoday/tietoturva/art-2000008714200.html
Tomi Engdahl says:
New spear phishing campaign targets Russian dissidents https://blog.malwarebytes.com/threat-intelligence/2022/03/new-spear-phishing-campaign-targets-russian-dissidents/
Several threat actors have taken advantage of the war in Ukraine to launch a number of cyber attacks. The Malwarebytes Threat Intelligence team is activity monitoring these threats and has observed activities associated with the geopolitical conflict.
Tomi Engdahl says:
Hacked WordPress sites force visitors to DDoS Ukrainian targets https://www.bleepingcomputer.com/news/security/hacked-wordpress-sites-force-visitors-to-ddos-ukrainian-targets/
Hackers are compromising WordPress sites to insert a malicious script that uses visitors’ browsers to perform distributed denial-of-service attacks on Ukrainian websites.
Tomi Engdahl says:
Ukraine destroys five bot farms that were spreading ‘panic’ among citizens https://www.zdnet.com/article/ukraine-takes-out-five-bot-farms-spreading-panic-among-citizens/
Over 100, 000 fake accounts were allegedly used to spread misinformation about Russia’s invasion. Lisäksi:
https://www.theregister.com/2022/03/29/ukriane-russia-bot-farm-disinformation/.
Lisäksi:
https://www.bleepingcomputer.com/news/security/ukraine-dismantles-5-disinformation-bot-farms-seizes-10-000-sim-cards/
Tomi Engdahl says:
Data-harvesting code in mobile apps sends user data to “Russia’s Google”
https://arstechnica.com/information-technology/2022/03/data-harvesting-code-in-mobile-apps-sends-user-data-to-russias-google/
Data from apps on Apple- and Google-powered mobile devices is sent to Russian servers. Yandex collects user data harvested from mobile phones before sending the information to servers in Russia.
Researchers have raised concerns the same “metadata” may then be accessed by the Kremlin and used to track people through their mobile phones.