Cyber security news February 2022

This posting is here to collect cyber security news in February 2022.

I post links to security vulnerability news to comments of this article.

You are also free to post related links to comments.

511 Comments

  1. Tomi Engdahl says:

    Ransomware Used as Decoy in Destructive Cyberattacks on Ukraine
    https://www.securityweek.com/ransomware-used-decoy-destructive-cyberattacks-ukraine
    Ransomware was used as a decoy in some of the recent data-wiping cyberattacks against organizations in Ukraine, Symantec reports.
    The cyberattacks employed HermeticWiper, a piece of malware that was designed solely to damage the Master Boot Record (MBR) of the target system, rendering the machine unusable.
    Once executed, the wiper adjusts its settings to gain read access control to any file, then gains the privileges required to load and unload device drivers, disables crash dumps to cover its tracks, disables the Volume Shadow Service (VSS), and loads a benign partition manager which it abuses to corrupt the MBR.

    Reply
  2. Tomi Engdahl says:

    Belden Sells Tripwire for $350M After Acquiring It for $710M
    https://www.securityweek.com/belden-sells-tripwire-350m-after-acquiring-it-710m

    Belden on Wednesday announced that it has completed the sale of cybersecurity and compliance solutions provider Tripwire for $350 million in cash, after acquiring it for $710 million in cash.

    Belden acquired Portland, Oregon-based Tripwire in early 2015 from private equity firm Thoma Bravo, which had bought it for an undisclosed sum in 2011.

    The specialty networking solutions provider said at the time that Tripwire would enable it to offer next generation cybersecurity solutions. Belden also said it would incorporate Tripwire technology into some of its own products.

    The companies had been working on a joint initiative to improve critical infrastructure cybersecurity in manufacturing organizations.

    HelpSystems, which specializes in software designed to help organizations secure and automate operations, said that it acquired Tripwire for its file integrity monitoring solutions. The company said the deal will enable it to extend its cybersecurity portfolio.

    Reply
  3. Tomi Engdahl says:

    Russia, Ukraine and the Danger of a Global Cyberwar
    https://www.securityweek.com/russia-ukraine-and-danger-global-cyberwar

    Reply
  4. Tomi Engdahl says:

    Deadbolt Ransomware Targeting Asustor NAS Devices
    https://www.securityweek.com/deadbolt-ransomware-targeting-asustor-nas-devices

    Storage solutions provider Asustor this week issued a warning to alert users of Deadbolt ransomware attacks targeting its network-attached storage (NAS) appliances.

    Claiming to be exploiting a zero-day vulnerability for initial access, Deadbolt ransomware operators have been targeting Internet-facing QNAP NAS devices since January and managed to quickly hack many systems.

    In the attacks targeting QNAP appliances, the ransomware operators were asking victims to pay a 0.03 Bitcoin (roughly $1,100) ransom in exchange for the decryption key. In light of these and other attacks, QNAP extended the security updates for some EOL devices until October 2022.

    Reply
  5. Tomi Engdahl says:

    NSA Informs Cisco of Vulnerability Exposing Nexus Switches to DoS Attacks
    https://www.securityweek.com/nsa-informs-cisco-vulnerability-exposing-nexus-switches-dos-attacks

    Cisco this week announced the availability of patches for four vulnerabilities in its FXOS and NX-OS network operating systems, including one denial of service bug that was reported by the NSA.

    The most severe of the security holes – based on its CVSS score of 8.8 – is CVE-2022-20650, a command injection issue that can be exploited remotely, without authentication to execute arbitrary commands as root.

    The bug exists because user supplied data isn’t sufficiently validated, thus allowing an attacker to send a crafted HTTP POST request to the NX-API feature on the affected device, to execute commands on the operating system. The NX-API feature, Cisco notes, is disabled by default.

    Nexus 3000, 5500, 5600, 6000, and 9000 series switches are affected by this vulnerability if they run an unpatched NX-OS software release and have the NX-API feature enabled.

    All of the three remaining vulnerabilities could be exploited to cause denial of service (DoS) conditions.

    Reply
  6. Tomi Engdahl says:

    Cloudflare Plans to Acquire Email Security Startup Area 1
    https://www.securityweek.com/cloudflare-plans-acquire-email-security-startup-area-1

    Reply
  7. Tomi Engdahl says:

    GE SCADA Product Vulnerabilities Show Importance of Secure Configurations
    https://www.securityweek.com/ge-scada-product-vulnerabilities-show-importance-secure-configurations
    GE Digital has released patches and mitigations for two high-severity vulnerabilities affecting its Proficy CIMPLICITY HMI/SCADA software, which is used by plants around the world to monitor and control operations.
    The flaws were found by industrial cybersecurity firm OTORIO, which this week published a brief blog post describing the issues. GE and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have released separate advisories for each of the vulnerabilities.
    One of the security holes, tracked as CVE-2022-23921, can be exploited for privilege escalation and remote code execution. However, successful exploitation requires access to the device running Proficy CIMPLICITY and the targeted server must not be running a project and it must be licensed for multiple projects. GE has released an update that should patch this vulnerability.
    “CVE-2022-23921 may allow an attacker with a limited access to the CIMPLICITY server to escalate privileges by dropping a malicious file within the CIMPLICITY runtime project,” Matan Dobrushin, VP of research at OTORIO, told SecurityWeek.
    The second issue, identified as CVE-2022-21798, is related to the transmission of credentials in clear text. An attacker who can capture the credentials through a man-in-the-middle (MitM) attack can use them to authenticate to the HMI and obtain information about alerts and other parts of the system. GE said an attacker — in some cases — may also be able to change values in the system.
    “Given CIMPLICITY’s central role in OT environments, the two vulnerabilities introduce a huge disruptive impact potential on this operational server. We can assume that if and when attackers establish a foothold in the network, CIMPLICITY will be on top of their list,” OTORIO warned in its blog post.
    GE said users can prevent exploitation of CVE-2022-21798 by enabling encrypted communications. In fact, OTORIO noted that both vulnerabilities can be mitigated if the server has a secure configuration. The company noted, however, that this is often not the case.
    2 New Vulnerabilities Discovered in GE’s CIMPLICITY Servers
    https://www.otorio.com/blog/2-new-vulnerabilities-discovered-in-ge-s-cimplicity-servers/

    Yesterday, GE Digital published 2 advisories of vulnerabilities in GE’s SCADA/HMI product – Proficy CIMPLICITY that were discovered by OTORIO’s research team.
    The two vulnerabilities are –
    CVE-2022-23921- Privilege Execution Vulnerability (CVSS – 7.5)
    CVE-2022-21798 – Credentials Vulnerability (CVSS – 7.5)
    GE Digital is a leading provider of industrial software solutions and IIoT services. As such, their systems can be found in almost every industry. The GE CIMPLICITY is a well known HMI/SCADA system with a well-established track record. Where installed, CIMPLICITY is typically the key component that controls and monitors the operations in the manufacturing environment.
    Given CIMPLICITY’s central role in OT environments, the two vulnerabilities introduce a huge disruptive impact potential on this operational server. We can assume that if and when attackers establish a foothold in the network, CIMPLICITY will be on top of their list.
    The OTORIO Research team addressed the issues in the past. If we look at CVE-2022-21798 for example, the default configuration of the affected CIMPLICITY servers is vulnerable and exposes sensitive information to the network. However, If configured correctly with the existing security features of the system, the risk is immediately mitigated. Our recommendations, along with an open-source hardening tool we designed can be found below or by using this link: https://github.com/otoriocyber/CIMPLICITY-Hardening-Tool

    Reply
  8. Tomi Engdahl says:

    Email Security and Brand Protection Firm Red Sift Raises $54 Million
    https://www.securityweek.com/email-security-and-brand-protection-firm-red-sift-raises-54-million

    Reply
  9. Tomi Engdahl says:

    https://www.securityweek.com/us-uk-warn-iranian-cyberattacks-government-commercial-networks

    Reply
  10. Tomi Engdahl says:

    https://www.securityweek.com/nso-sues-israeli-paper-after-explosive-articles-police

    Reply
  11. Tomi Engdahl says:

    Nokia-puhelimet myyntikieltoon Saksassa audiokoodekin takia
    https://etn.fi/index.php/13-news/13225-nokia-puhelimet-myyntikieltoon-saksassa-audiokoodekin-takia

    HMD Global on Barcelonan kännykkämessujen alla saanut ikävää julkisuutta, kun yrityksen vanhoja Nokia-puhelimia on asetettu myyntikieltoon Saksassa. Kiellon on saanut aikaan patenttitrolli VoiceAgeEVS, jonka mukaan Nokia-puhelimet käyttävät luvatta sen puheenlaatua parantavaa EVS-koodekkia.

    EVS (Enhanced Voice Services) on 3GPP:n audiokoodekkistandardi. VoiceAgeEVS on syyttänyt koodekin kuvattomasta käytöstä muitakin valmistajia, mutta nämä ovat sopineet riitansa rahalla ennen julkista oikeusprosessia. Tämä toki on patenttitrollin tyyppinen toimintatapa ja tavoitekin.

    Tällä hetkellä HMD myy Saksassa enää uusimpia Nokia G21- ja G11-malleja, joten näistä EVS-koodekki puuttuu. HMD on valittanut Mannheimin alueoikeuden päätöstä ja valitti siitä Karlsruhen korkeampaan oikeusasteeseen.

    Reply
  12. Tomi Engdahl says:

    https://etn.fi/index.php/13-news/13224-uusi-virus-ottaa-haltuunsa-some-tilejae

    Reply
  13. Tomi Engdahl says:

    “TASS website hacked

    The websites of Fontanka, Kommersant, and Izvestia were also hacked .

    @radiomirby”

    Website of Russia’s TASS news agency displays anti-Putin message after hack
    https://nationalpost.com/pmn/news-pmn/website-of-russias-tass-news-agency-displays-anti-putin-message-after-hack

    MOSCOW — The website of Russian state news agency TASS was hacked on Monday, Reuters checks from several devices showed, with the regular site replaced with an anti-war message and calls to stop President Vladimir Putin’s invasion of Ukraine.

    “We urge you to stop this madness, do not send your sons and husbands to certain death,” the message read. “Putin is forcing us to lie and is putting us in danger…It’s not our war, let’s stop him!”

    Russia says its forces intervened in Ukraine in a “special military operation” to demilitarize the country. (Reporting by Reuters in Moscow)

    Reply
  14. Tomi Engdahl says:

    https://www.cnn.com/europe/live-news/ukraine-russia-news-02-26-22/index.html

    Reply
  15. Tomi Engdahl says:

    Kybersodassa käänne – syynä hakkeriryhmä Anonymous
    Hakkerikollektiivi Anonymous on sekoittanut merkittävästi Ukrainaan hyökkäävän Venäjän pakkaa.
    https://www.iltalehti.fi/digiuutiset/a/02b0417d-44e2-475d-b40c-91d8e2ede2cc

    Kansainvälinen hakkeriryhmä Anonymous julisti kybersodan Venäjää vastaan viime viikolla. Ryhmä on onnistunut kaatamaan useita merkittäviä sivustoja, mukaan lukien Kremlin, duuman sekä Venäjän puolustusministeriön sivustot.

    Hyökkäykset on toteutettu palvelunestohyökkäyksinä, mutta myös haavoittuvuuksia on saatu hyökkäyksissä hyödynnettyä. Kollektiivin tavoitteena on myös vuotaa tietoja, jotka ovat peräisin korkatuilta sivustoilta. Esimerkiksi 200 gigan edestä dataa valkovenäläisestä asevalmistaja Tetraedrista ja puolustusministeriön sivustolta kaivetusta datasta on paljastettu.

    Anonymous on ottanut kohteekseen myös venäläiset tv-kanavat. Ryhmä kertoi Twitter-tilillään viikonloppuna päässeensä sisään televisiokanavien järjestelmiin ja saaneensa näytettyä ”mitä Ukrainassa todella tapahtuu”.

    Anonymousin Twitter-tilillä kerrotaan reaaliajassa, mitä ryhmä on saanut kybersotarintamalla aikaiseksi. Venäjän hallinnon sivustot ovat olleet esimerkiksi monesti alhaalla. Lisäksi Venäjän sotavoimien yhteyksiä on häiritty.

    Anonymous on nimensä mukaan anonyymi ryhmä, johon kuuluu hakkereita ympäri maailmaa. Ryhmä on käytännössä jättimäinen mielenosoittajien ryhmä, jolla voi olla suuria vaikutuksia sotaan verkkopuolella.

    Reply
  16. Tomi Engdahl says:

    https://twitter.com/YourAnonTV/status/1497678663046905863?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1497685639273205768%7Ctwgr%5E%7Ctwcon%5Es3_&ref_url=https%3A%2F%2Fwww.iltalehti.fi%2Fulkomaat%2Fa%2F0eec3d84-867d-4993-bed1-10e75f31a698
    JUST IN: #Russian state TV channels have been hacked by #Anonymous to broadcast the truth about what happens in #Ukraine.

    Kremlin website goes down as Russian TV channels ‘hacked to play Ukrainian songs’
    Hacking collective Anonymous announced it was “at war with Russia” hours before the outage
    https://www.independent.co.uk/news/world/europe/ukraine-russia-kremlin-website-hacked-b2024046.html?amp

    Reply
  17. Tomi Engdahl says:

    Tulli valvomaan teknologian vientiä Venäjälle
    https://www.uusiteknologia.fi/2022/02/26/tulli-valvomaan-teknologian-vientia-venajalle/

    Venäjän hyökättyä Ukrainaan on EU määrännyt pakotteiden lisäksi myös teknologian vientiä kieltäviä määräyksiä. Suomessa vientipakotteiden valvonta tehdään osana vientiyritysten tullimenettelyä. Kiellettyjä ovat energian lisäksi lento- ja avaruusteknologiat.

    Reply
  18. Tomi Engdahl says:

    Elon Musk Says SpaceX Starlink Satellite Internet Is Active in Ukraine
    Musk says SpaceX is sending Starlink terminals to Ukraine, though it’s unclear when or how many.
    https://www.vice.com/en/article/n7n94q/elon-musk-says-spacex-starlink-satellite-internet-is-active-in-ukraine

    Elon Musk said Saturday afternoon that SpaceX has activated Starlink satellite internet service in Ukraine and that the company is sending internet terminals to the country. It was not immediately clear how widely available the service would be, whether it would be free, or how the company would be getting the terminals to the country.

    “@elonmusk, while you try to colonize Mars—Russia try to occupy Ukraine! While your rockets successfully land from space—Russian rockets attack Ukrainian civil people! We ask you to provide Ukraine with Starlink stations and to address sane Russians to stand,” Mykhailo Federovl, Vice Prime Minister of Ukraine and Minister of Digital Transformation of Ukraine, tweeted at Musk Saturday morning. Musk responded Saturday afternoon that “Starlink service is now active in Ukraine. More terminals en route.”

    Starlink is the low-Earth orbit internet service that SpaceX has been building out for the past several years. It is a constellation of connected satellites that, in theory, will be able to provide high-speed internet to large swaths of the world. So far, SpaceX has launched more than 2,000 of these satellites; it put nearly 100 satellites into orbit this week alone on two separate launches. The entire constellation is planned to have more than 4,000 satellites when complete.

    Reply
  19. Tomi Engdahl says:

    Venäjä hyökkää Ukrainaan myös verkossa
    https://etn.fi/index.php/13-news/13237-venaejae-hyoekkaeae-ukrainaan-myoes-verkossa

    Tietoturvayritys Check Point Researchin mukaan kyberhyökkäykset Ukrainan hallitusta ja sotilassektoria vastaan ​​lisääntyivät 196 prosenttia kolmen ensimmäisen taistelupäivän aikana. Samaan aikaan kyberhyökkäykset venäläisiä organisaatioita vastaan ​​lisääntyivät 4 prosenttia.

    Itäslaavilaisilla kielillä tehtyjen tietojenkalasteluviestien määrä kasvoi 7-kertaiseksi. Kolmannes haitallisista phishing-sähköpostiviesteistä oli suunnattu ukrainalaisista sähköpostiosoitteista lähetetyille venäläisille vastaanottajille. CPR varoittaa myös petollisista sähköpostiviesteistä, jotka lähetetään huijatuille ihmisille, jotka haluavat lahjoittaa rahaa Ukrainaan.

    https://blog.checkpoint.com/2022/02/27/how-the-eastern-europe-conflict-polarized-cyberspace/

    Reply
  20. Tomi Engdahl says:

    Uskaltaako Ukrainan armeijan tilille lahjoittaa rahaa? Asiantuntija vastaa https://www.is.fi/uutiset/art-2000008647809.html

    Reply
  21. Tomi Engdahl says:

    https://www.guru3d.com/news-story/vulnerability-in-synology-dsm-allows-execution-of-arbitrary-commands.html

    Reply
  22. Tomi Engdahl says:

    Hackers to NVIDIA: Remove mining cap or we leak hardware data
    https://www.bleepingcomputer.com/news/security/hackers-to-nvidia-remove-mining-cap-or-we-leak-hardware-data/

    The Lapsus$ data extortion group has released what they claim to be data stolen from the Nvidia GPU designer. The cache is an archive that is almost 20GB large.

    While the U.S. chipmaker giant has yet to confirm a breach on its network, the threat actor has been active with messages about the alleged hack since February 24.

    Nvidia silent to extortionist’s claims and leak
    Replying to a request for comments from BleepingComputer on Friday about an incident that reportedly took down some of its systems for two days, Nvidia said that it was investigating what looked like a cyberattack.

    Reply
  23. Tomi Engdahl says:

    CISA Warns of High-Severity Flaws in Schneider and GE Digital’s SCADA Software
    https://thehackernews.com/2022/02/cisa-warns-of-high-severity-flaws-in.html

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) last week published an industrial control system (ICS) advisory related to multiple vulnerabilities impacting Schneider Electric’s Easergy medium voltage protection relays.

    “Successful exploitation of these vulnerabilities may disclose device credentials, cause a denial-of-service condition, device reboot, or allow an attacker to gain full control of the relay,” the agency said in a bulletin on February 24, 2022. “This could result in loss of protection to your electrical network.”

    Reply
  24. Tomi Engdahl says:

    Ukraine recruits “IT Army” to hack Russian entities, lists 31 targets
    https://www.bleepingcomputer.com/news/security/ukraine-recruits-it-army-to-hack-russian-entities-lists-31-targets/

    Ukraine says its ‘IT Army’ has taken down key Russian sites
    https://www.bleepingcomputer.com/news/security/ukraine-says-its-it-army-has-taken-down-key-russian-sites/

    Key Russian websites and state online portals have been taken offline by attacks claimed by the Ukrainian cyber police force, which now openly engages in cyber-warfare.

    As the announcement of the law enforcement agency’s site details, specialists from the force have teamed with volunteers to attack the web resources of Russia and Belarus.

    The three countries are currently involved in an ongoing and large-scale armed forces conflict that includes a cyber frontline, which manifested even before the invasion.

    On Saturday, Ukraine’s officials decided to form a special “IT Army” consisting of cyber-operatives and volunteer hackers from around the globe.

    The Ukrainian cyber police have announced having targeted the websites of the Investigative Committee of the Russian Federation, the FSB (Federal Security Service), and the Sberbank, Russia’s state-owned bank.

    As a result of these attacks, the following sites have been taken offline:

    sberbank.ru
    vsrf.ru
    scrf.gov.ru
    kremlin.ru
    radiobelarus.by
    rec.gov.by
    sb.by
    belarus.by
    belta.by
    tvr.by
    Bleeping Computer confirms that the above websites are beyond reach at the time of this writing.

    Reply
  25. Tomi Engdahl says:

    The most recent operations targeting Ukraine include the following:

    Belarusian phishing campaigns targeting Ukraine’s military personnel.
    Data wiper malware (HermericWiper) was deployed on Ukrainian networks to wreak havoc.
    DDoS attacks against vital Ukrainian entities attributed to the GRU (Russian special cyber-force).
    As the conflict continues, we will likely see cyberattacks escalate outside of Ukraine to other countries.
    https://www.bleepingcomputer.com/news/security/ukraine-says-its-it-army-has-taken-down-key-russian-sites/

    Reply
  26. Tomi Engdahl says:

    EU lisää uusia pakotteita – Kaksi oligarkkia vaatii loppua Putinin hyökkäykselle
    Sunnuntaina Ukraina valloitti Harkovan takaisin ja suostui neuvotteluihin Venäjän kanssa.
    https://suomenkuvalehti.fi/jutut/ulkomaat/putin-nosti-ydinasevalmiutta-vastauksena-lannen-pakotteille-suomi-paatti-lahettaa-ukrainalle-taisteluvarusteita/#Echobox=1645989160

    Reply
  27. Tomi Engdahl says:

    Most concerned with cyber war in critical infrastructure and financial sector, says TrustedSec CEO
    David Kennedy, TrustedSec CEO and former NSA and Marine Corps hacker, joins ‘Power Lunch’ to discuss what companies and American consumers should prepare for in the event of Russian cyber warfare, what the dangers are of further cyber war and more.
    https://www.cnbc.com/video/2022/02/25/most-concerned-with-cyber-war-in-critical-infrastructure-and-financial-sector-says-trustedsec-ceo.html

    Reply
  28. Tomi Engdahl says:

    Moscow Exchange, Sberbank Websites Knocked Offline—Was Ukraine’s Cyber Army Responsible?
    https://www.forbes.com/sites/thomasbrewster/2022/02/28/moscow-exchange-and-sberbank-websites-knocked-offline-was-ukraines-cyber-army-responsible/

    Reply
  29. Tomi Engdahl says:

    Pro-Russia Conti Ransomware Gang Targeted, Internal Chats Leaked
    “Glory to Ukraine!” a message from the leaker reads
    https://www.vice.com/en/article/z3ng84/pro-russia-conti-ransomware-messages-leaked

    Someone has targeted the Conti ransomware group, a likely Russian-led hacking gang, and leaked a treasure trove of internal chat messages belonging to the group’s members.

    The leak comes just days after Conti warned it would retaliate if U.S. or Western powers hacked critical infrastructure in Russia or Russian-speaking parts of the world. The leak is also part of a wave of activity from the digital underground with hackers targeting various other Russian-aligned targets.

    https://www.forbes.com/sites/thomasbrewster/2022/02/28/a-ransomware-crew-pledged-allegiance-to-russia-now-its-data-has-been-leaked-by-pro-ukraine-hacker/

    Reply
  30. Tomi Engdahl says:

    Hybridivaikuttaminen on harmaa alue sodan ja rauhan välissä – miten siltä voi suojautua?
    Riippuvuus tietotekniikasta altistaa meidät propagandalle ja kyberhyökkäyksille. Yhteiskuntia voi horjuttaa myös ääriliikkeitä tukemalla.
    https://www.helsinki.fi/fi/uutiset/talous/hybridivaikuttaminen-harmaa-alue-sodan-ja-rauhan-valissa-miten-silta-voi-suojautua

    Reply
  31. Tomi Engdahl says:

    Toimittaja kutsui Putinia vahingossa Hitleriksi Naton tiedotustilanteessa: “Hitler, anteeksi Putin”
    https://www.msn.com/fi-fi/uutiset/other/toimittaja-kutsui-putinia-vahingossa-hitleriksi-naton-tiedotustilanteessa-hitler-anteeksi-putin/vi-AAUfIvu

    Opinion
    Why Putin is no Hitler
    The Ukraine invasion isn’t a replay of the Second World War
    https://unherd.com/2022/02/why-putin-is-no-hitler/

    Ukraine’s Got a Real Problem with Far-Right Violence (And No, RT Didn’t Write This Headline)
    https://www.atlanticcouncil.org/blogs/ukrainealert/ukraine-s-got-a-real-problem-with-far-right-violence-and-no-rt-didn-t-write-this-headline/

    Reply
  32. Tomi Engdahl says:

    Russian Strategy Relied On Technology: It Appears Inadequate
    https://www.forbes.com/sites/vikrammittal/2022/02/27/russian-strategy-relied-on-technology-it-appears-inadequate/

    Last week, many political and military experts predicted that the Russians would be successful in their invasion of Ukraine. However, the war is clearly not going as the Kremlin planned. Their gains have been small, and they have been met with fierce resistance. As the conflict continues, they are also losing on the world stage. Although initial reports from the war are filled with disinformation and propaganda, it appears that the culprit for the Russian failure is their technology.

    At the culmination of the war, the Russians assembled a force of approximately 200,000 troops along the Ukrainian border. This force may seem formidable, but by most military doctrine, it was somewhat small. The Ukrainian military has approximately 360,000 troops. Doctrine holds that an offensive operation should have a 3-to-1 advantage in manpower

    While the exact doctrine being followed by the Russians is unclear, they appear to have adopted a multi-domain approach heavily leveraging technology. The Russians started with cyberattacks aimed at disrupting Ukraine’s financial sector and command zones. They then launched a multi-prong offensive with a strong push to capture Kiev. The ground forces are supported by the Russian Air Force and Navy. Their overall goal was to destabilize the Ukrainian defense, put them on their heels, and then quickly rout them. However, the Russian offensive stalled and the military was not able to make the gains that they had planned.

    The Russians had also planned to use cyber weaponry to destabilize the country, as evidenced through the cyberattacks on Ukrainian financial and military websites on the day prior to the attack. However, systems have become more resilient to cyberattacks in recent years. The impact of the cyberattack were not as destabilizing as expected. Meanwhile, there are reports of independent hackers having performed similar cyberattacks on the Kremlin, Russian media and a Belarusian defense company.

    The strategy itself is also fundamentally flawed, since technology becomes a moot point when fighting in an urban environment, as evident in the Global War on Terror. Military technology is made to maximize standoff between a fighter and their adversary. Urban environments shrink this standoff and limits the effectiveness of military technology. Additionally, tanks and armored vehicles do not have freedom to maneuver and are easy targets. Although the efficacy of the technology has already been lacking, it will become even more evident if the fighting enters the major cities.

    It is no longer a foregone conclusion that Russia will win this war. If they lose, the primary culprit will be that their strategy over-leveraged technology and that technology simply was not good enough.

    Reply
  33. Tomi Engdahl says:

    Ukraine Targets Putin With Hitler Cartoon And A Stinging Caption
    On Thursday, the Russian Defence Ministry said it destroyed air bases and air defence systems in Ukraine with precision weapons.
    https://www.ndtv.com/world-news/ukraine-responds-to-russia-invasion-with-a-cartoon-of-vladimir-putin-and-adolf-hitler-2786524#aoh=16460578818979&amp_ct=1646057905705&referrer=https%3A%2F%2Fwww.google.com&amp_tf=Julkaisija%3A%20%251%24s&ampshare=https%3A%2F%2Fwww.ndtv.com%2Fworld-news%2Fukraine-responds-to-russia-invasion-with-a-cartoon-of-vladimir-putin-and-adolf-hitler-2786524

    “This Is Not A Meme”: Ukraine Tweets Hitler-Putin Cartoon Amid War
    Russia-Ukraine crisis: Russian forces invaded Ukraine by land, air and sea on Thursday, confirming the West’s worst fears.
    https://www.ndtv.com/world-news/this-is-not-a-meme-ukraine-tweets-hitler-putin-cartoon-amid-war-2787108#aoh=16460578818979&referrer=https%3A%2F%2Fwww.google.com&amp_tf=Julkaisija%3A%20%251%24s&ampshare=https%3A%2F%2Fwww.ndtv.com%2Fworld-news%2Fthis-is-not-a-meme-ukraine-tweets-hitler-putin-cartoon-amid-war-2787108

    Reply
  34. Tomi Engdahl says:

    https://www.bleepingcomputer.com/news/security/ukraine-recruits-it-army-to-hack-russian-entities-lists-31-targets/

    Reply
  35. Tomi Engdahl says:

    Fightback against Putin’s propaganda machine: Anonymous collective hack THREE state news agencies urging Russians to ‘stop this madness’ after Moscow painted Ukrainian troops as Nazis and banned its media from calling attack an ‘assault, invasion or war’
    https://www.dailymail.co.uk/news/article-10560131/amp/Anonymous-collective-THREE-Russian-news-agency-websites.html

    Anonymous collective have taken down three Russian news agency websites amid ‘cyber war’ against Putin
    When MailOnline tried to access on Monday, error messages appeared on TASS, Fontanka and Kommersant
    On Fontanka, a message urged citizens to ‘stop this madness’ and says Vladimir Putin has ‘put us in danger’
    Moscow has been accused of producing Hollywood-style ‘fake news’ videos to inflame tensions with Ukraine
    Misinformation about the ongoing conflict includes the notion that Ukrainian soldiers are ‘radical nationalists’
    Mail readers gave £268,000 on the first day of Ukraine Appeal as Britain’s political leaders united behind it

    Reply
  36. Tomi Engdahl says:

    Russia-owned TASS news agency hacked, anti-Putin messages displayed
    https://www.wionews.com/world/russia-owned-tass-news-agency-hacked-anti-putin-messages-displayed-457467/amp

    Reply
  37. Tomi Engdahl says:

    Anonymous ‘hacks Russian TV to show footage from Ukraine front lines’
    https://metro.co.uk/2022/02/27/anonymous-hacks-russian-tv-to-show-footage-from-ukraine-front-lines-16183530/#aoh=16460518141895&referrer=https%3A%2F%2Fwww.google.com&amp_tf=Julkaisija%3A%20%251%24s&ampshare=https%3A%2F%2Fmetro.co.uk%2F2022%2F02%2F27%2Fanonymous-hacks-russian-tv-to-show-footage-from-ukraine-front-lines-16183530%2F

    Hacking group Anonymous has claimed it was able to hack into Russian TV stations and show footage from Ukraine.

    The group said it was trying to ‘broadcast the truth’ about what is happening in the conflict.

    Pro-Kremlin Russian television stations have been criticised for repeating Vladimir Putin’s ‘propaganda’ that the invasion is a ‘special operation’ and Russia is not the aggressor.

    Social media networks have also been restricted in the country during the conflict, preventing images of the suffering in Ukraine reaching people in Moscow and St Petersburg.

    Ukraine’s leaders have called for the hacker underground to form an ‘IT army’ to fight against Russia and protect critical infrastructure.

    As an information war raged, Moscow on Friday said it was partially limiting access to Facebook, accusing it of ‘censoring’ Russian media.

    This was in response to the social network banning certain pro-Russian TV channels from running ads and monetizing through its platform.

    Google is also limiting access to Russian media’s YouTube channels in Ukrainian territory, at the request of the government in Kyiv.

    Twitter is being restricted for some users in Russia, with people struggling to load newsfeeds and send tweets.

    Reply
  38. Tomi Engdahl says:

    HACK ATTACK Kremlin websites down & Russian TV channels ‘hacked to broadcast Ukrainian songs’ after Anonymous declares war on Putin
    https://www.thesun.co.uk/news/17781441/kremlin-websites-down-russian-tv-channels-hacked/#aoh=16460862606158&referrer=https%3A%2F%2Fwww.google.com&amp_tf=Julkaisija%3A%20%251%24s&ampshare=https%3A%2F%2Fwww.thesun.co.uk%2Fnews%2F17781441%2Fkremlin-websites-down-russian-tv-channels-hacked%2F

    https://mobile.twitter.com/youranontv/status/1497678663046905863

    Reply
  39. Tomi Engdahl says:

    https://therecord.media/conti-ransomware-gang-chats-leaked-by-pro-ukraine-member/

    Reply
  40. Tomi Engdahl says:

    Cyber war intensifies: Kremlin website, Russian TV hacked to broadcast Ukrainian songs
    Russian government websites, including the official page of Kremlin, appeared to be down after alleged cyberattacks on multiple state media websites
    https://meaww.com/tit-for-tat-cyberattack-ukraine-hacks-kremlin-website-russian-tv-to-broadcast-songs

    Reply
  41. Tomi Engdahl says:

    ICC: Syytä olettaa, että Ukrainassa on tapahtunut sota­rikoksia ja rikoksia ihmisyyttä vastaan vuodesta 2014 alkaen https://www.is.fi/ulkomaat/art-2000008608788.html

    Reply
  42. Tomi Engdahl says:

    Venäjä sulki ilmatilansa – professori arvioi katastrofaalisia seurauksia: Finnairin 3 kipupistettä https://www.iltalehti.fi/kotimaa/a/1f56ab56-cc67-4787-b81b-78e6d42c6c45

    Reply
  43. Tomi Engdahl says:

    In response to Russia threat, U.S. cybersecurity firms offer free services, data, threat intel
    https://www.cyberscoop.com/ukraine-russia-us-cybersecurity-companies/

    BSCRIBE
    GEOPOLITICS
    In response to Russia threat, U.S. cybersecurity firms offer free services, data, threat intel
    A protestor holds a Ukrainian flag during a demonstration against the ongoing war in Ukraine in front of the Russian Embassy on Feb. 27, 2022 in Madrid, Spain. (Photo by Aldara Zarraoa/Getty Images)
    TwitterFacebookLinkedInRedditGmail

    Written by Tonya Riley
    Feb 28, 2022 | CYBERSCOOP
    U.S. cybersecurity companies are offering products and services for free to help cyberdefenders at home and abroad during Russia’s invasion of Ukraine. As of Monday, a crowdsourced list on GitHub listed more than a dozen experts, nonprofits and companies available for security assistance.

    Among the firms is GreyNoise, which announced Thursday it had upgraded all Ukrainian email accounts to include full enterprise access to its products.

    “In terms of our offer to support defenders in Ukraine, we’ve been in contact with dozens of different groups to help them get set up on our tools and leverage our data, as well as connect them with others in the InfoSec community doing the same,” Dan Maier, head of marketing at GreyNoise told CyberScoop in an email. The company is also offering the public free data on IP addresses that the firm has observed targeting Ukraine.

    Ukraine and Russia meet on Monday for the first day of peace talks, but the threat of cyberattacks related to the conflict remains high. Ransomware gangs have vowed to retaliate on behalf of the Russian government, and U.S. cybersecurity officials have preached vigilance to organizations of all sizes.

    “If Russia pursues cyberattacks against our companies, our critical infrastructure, we are prepared to respond,” President Biden said in a speech on Thursday. “For months, we’ve been working closely with the private sector to harden our cyberdefenses [and] sharpen our response to Russian cyberattacks as well.”

    ‘Whatever it takes’
    Industrial control systems security firm Dragos, in response to concerns over retaliatory cyber responses outside of Ukraine, on Thursday offered up free cybersecurity support and incident response to cooperative and municipally-owned utilities in the United States, United Kingdom and New Zealand. The new users will be automatically enrolled in Dragos’ Neighborhood Keeper, a real-time threat detection and information sharing platform that counts the NSA and CISA as partners. The service will stay free for the next two years, Dragos CEO and founder Rob Lee said.

    Lee expected that his team would have the capacity for 30 companies at most. But by the end of the day, 60 had reached out. Dragos employees were immediately on board to volunteer their time to expand the effort, he said. Lee also received messages from other professionals and even large owner-operators asking how they could help.

    “A bigger credit is honestly owed to the infrastructure community for stepping up and saying, ‘Hey, whatever it takes, we’ll do it,’ and I think that’s awesome to see,” Lee said.

    In addition to social media, Dragos and other firms are using trade associations and private channels to amplify their offers.

    Reply
  44. Tomi Engdahl says:

    Netflix Declines to Carry Russian Propaganda Channels
    https://lm.facebook.com/l.php?u=https%3A%2F%2Fvariety.com%2F2022%2Ftv%2Fglobal%2Fnetflix-russian-propaganda-channels-1235192082%2F&h=AT2Kl7BqQ5m2l8JouiEH7LicJ8ulEJdYLTvTRJWjkS_c2RPdRCCyW7HcEod16P4rSZ3k-55kOGRlJ50FTtEVxMduVs7PBeHfg70EaIsNdKfE-ouuHGMtePDcjRTBWYHFvyqK9r4kTWdHVCzG1w

    Netflix won’t carry the 20 Russian free-to-air propaganda channels that they could be required to host under Russian law.

    In December 2021, Netflix was added by the Russian regulator, Roskomnadzor, to its register for audiovisual services because the SVOD reached over 100,000 subscribers. Consequently, Netflix is theoretically required as part of a law — known locally as the Vitrina TV law — to distribute 20 “must-carry” free-to-air Russian news, sports and entertainment TV channels.

    “Given the current situation, we have no plans to add these channels to our service,” a Netflix spokesperson told Variety.

    Reply
  45. Tomi Engdahl says:

    Ukraine-Russia Cyber Warzone Splits Cyber Underground
    https://threatpost.com/ukraine-russia-cyber-warzone-splits-cyber-underground/178693/

    A pro-Ukraine Conti member spilled 13 months of the ransomware group’s chats, while cyber actors are rushing to align with both sides.

    The Russia-Ukraine cyber warzone has split the Conti ransomware gang into warring factions, leading to a Ukrainian member spilling 60,000 of the group’s internal chat messages online.

    On Monday, vx-underground – an internet collection of malware source code, samples and papers that’s generally considered to be a benign entity – shared on Twitter a message from a Conti member saying that “This is a friendly heads-up that the Conti gang has just lost all their sh•t.”

    Reply
  46. Tomi Engdahl says:

    Toyota to Close Japan Plants After Suspected Cyberattack
    https://threatpost.com/toyota-to-close-japan-plants-after-suspected-cyberattack/178686/

    The plants will shut down on Tuesday, halting about a third of the company’s global production. Toyota doesn’t know how long the 14 plants will be unplugged.

    What was potentially a cyberattack hit one of Toyota’s parts suppliers, causing the company to move to shut down about a third of the company’s global production tomorrow, the company announced on Monday.

    Toyota doesn’t know how long the 14 plants will be unplugged. The closure will mean that the company’s output will shrink by around 13,000 cars.

    Reuters reported that within hours of Japan having joined Western allies in blocking some Russian banks from accessing the SWIFT international payment system and committing to giving Ukraine $100 million in emergency aid, a spokesperson at Toyota supplier Kojima Industries Corp. said that it had apparently been hit by “some kind of cyber attack.”

    Kojima supplies plastic parts and electronic components to Toyota.

    If the incident does turn out to be a cyberattack, it wouldn’t be the first to affect Toyota. In 2020, its Australian subsidiary confirmed that it was under attack – an attack that forced it to send employees home.

    The giant automaker uses Just-in-Time (JiT) manufacturing, Reuters pointed out. That means that it doesn’t stockpile parts sent by suppliers. Rather, Toyota makes cars one at a time, eschewing the stockpiling of parts and instead using supplier-provided parts in its production line as soon as they arrive.

    The Weak Spot of Securing Supply Chains
    It’s an approach that has its downsides, experts said. As it is, supply chains have already been disrupted by the pandemic.

    Danielle Jablanski, operational technology (OT) security strategist at OT and IoT security provider Nozomi Networks, told Threatpost on Monday that the incident highlights “a single point of failure for business interruption resulting in a loss of production.”

    It’s also an example of “a major cyber risk for ‘Just-In-Time’ manufacturing,” Jablanski asserted. “Toyota has thwarted direct attacks in the past, but the difficulty in securing entire supply chains from multiple vendors is a wider and more daunting task,” Jablanski said. “Here in the United States, supply-chain attacks are on the mind of the federal government, think tanks and standards bodies looking for ways to address things like open-source software after the SolarWinds attack, and device vulnerabilities throughout the manufacturing industry.”

    Jablanski said more supply-chain attacks are sure to come, given the shrinking of the supplier pool: “We see the number of suppliers for some critical hardware components across manufacturing continue to decrease,” she said. “There is no easy fix to this complexity, and we will likely continue to see similar incidents.”

    Reply
  47. Tomi Engdahl says:

    @josephfcox: New: electric vehicle charging stations in Russia are not working and instead are displaying the messages “GLORY TO UKRAINE,” “PUTIN IS A DICKHEAD.” Seemingly possible because charger company outsourced production to a Ukraine company that had access

    Russian Electric Vehicle Chargers Hacked, Tell Users ‘PUTIN IS A DICKHEAD’
    https://www.vice.com/en/article/akvya5/russian-electric-vehicle-chargers-hacked-tell-users-putin-is-a-dickhead

    The chargers no longer work and display a scrolling message reading “Glory to Ukraine / Glory to the heroes”

    Electric vehicle charging stations along Russia’s M11 motorway, which stretches from Moscow to Saint Petersburg, are not working because a Ukrainian company that provided parts for the chargers hacked them using a backdoor in the chargers’ control systems, according to a Facebook post by Russian energy company Rosseti.

    According to the post, the chargers were purchased through a Russian company which had outsourced production to a Ukrainian parts supplier called AutoEnterprise, a Kharkiv-based EV charging company. This morning, posts began to appear on social media showing the chargers were disabled and programmed to display pro-Ukrainian messages.

    AutoEnterprise’s Facebook page re-posted a video taken by an Instagram user from the M11 motorway showing the disabled chargers.

    https://m.facebook.com/AutoEnterprise/posts/4671684592940582?__cft__%5B0%5D=AZWCSjCE-aSPx_uxdMSNHD2cvpdrRTJjEfNgitDpHx_IX79Rvp9J0l4-UXtADG9CjUWaSC5Ebnyapx9rO15GjEYtS-xGHLQrCH-wa5EMLSmEBfMcI5tYrB3VOJDkmD5Ipv9VYy2tcPhjJtUbiUb8NWTczl2Ij511achexLFtETT36w&__tn__=%2CO%2CP-R

    Reply
  48. Tomi Engdahl says:

    MaaS
    (Military as a Service)
    Rent military drones with pre approved flight paths to weapons-hot areas…
    just aim and click

    Reply
  49. Tomi Engdahl says:

    https://www.vice.com/en/article/z3ng84/pro-russia-conti-ransomware-messages-leaked

    Reply
  50. Tomi Engdahl says:

    Hackers attack train network to stop Putin moving troops from Russia to Ukraine
    https://finance.yahoo.com/news/hackers-attack-train-network-stop-135206104.html

    Hackers in Belarus have claimed an attack on the country’s trains that brought them to a halt in order to stop Russia moving troops into Ukraine.

    The ‘Cyber Partisans’ group said that trains had been stopped in Minsk, Orsha, and Osipovichi due to them compromising the routing system and switching devices by encrypting the data on them.

    The hackers claimed that the attack was to “slow down the transfer” of troops moving from Belarus to northern Ukraine, saying that they had put the trains in “manual control” mode which would “significantly slow down the movement of trains, but will not create emergency situations.”

    An ideological aversion to high-stakes situations has been expressed by other hacking groups. Anonymous, which has claimed a number of attacks on Russia’s banks and services, the websites of the President of the Russian Federation and Russia’s Ministry of Defence, has said that critical infrastructure is a “no-go” due to the risk of exacerbating the already tumultuous situation in eastern Europe.

    Sergei Voitehowich, a former employee of Belarus’s state-owned Belarus Railway company, said that the Cyber Partisans had damaged the train traffic control system and that while it has been restored, other systems were experiencing issues and making it “impossible to buy tickets”, according to Bloomberg.

    Another former Belarus railway worker sad that the systems in Minsk and Orsha had been “paralyzed.”

    Yesterday, the hacking group Anonymous renamed Russian president’s Vladimir Putin’s yacht to “FCKPTN” by vandalising maritime tracking data.

    “Putin, who is using hacker squads and troll armies against Western democracies, is getting a sip of his own bitter medicine”, they wrote in a blog post.

    https://www.bloomberg.com/news/articles/2022-02-27/belarus-hackers-allegedly-disrupted-trains-to-thwart-russia

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*