Cyber Attacks On Ukraine Step Up The Pressure

As the war in Ukraine continues, the state sponsored hacker groups aligned with Russia and Belarus are continuing their cyber offensive against Ukraine with malicious cyber attacks and campaigns spreading disinformation, a new Report from Mandiant says. 

According to Mandiant, many of disinformation narratives they observed were aimed at demoralising Ukrainians and provoking internal unrest - dividing Ukraine from its allies and bolstering perceptions of Russia.

Some of the lies have targeted Russian domestic audiences, emphasising the  Russian government's desire to sell the war to its own citizens

So far, Russian, pro-Russian, and Belarusian cyber attackers have employed the most comprehensive array of methods to achieve "tactical and strategic objectives, directly linked to the conflict itself," according to Mandiant. “The recent phase of Russian aggression toward Ukraine, manifested by Russia’s full-scale invasion, has flooded the information environment with disinformation promoted by a full spectrum of actors.” 

The impact may be felt more broadly as hackers working for other countries, including China and Iran, are attempting to get involved 

"While these operations have presented an outsized threat to Ukraine, they have also threatened the US and other Western countries," Mandiant's researchers say. "As a result, we anticipate that such operations, including those involving cyber threat activity and potentially other disruptive and destructive attacks, will continue as the conflict progresses."

Even before Russia's invasion of Ukraine started, in January, the country and its government's websites were already under attack by Russian hackers.

Russia invaded on February 24th and a day before the Ukraine's State Service of Special Communications and Information Protection said the websites of the Ministry of Foreign Affairs, Ministry of Defense, Security Service, and various banks, went down because of a distributed denial-of-service (DDoS) attack.  "Concerted information operations have proliferated, ranging from cyber-enabled information operations, including those that coincided with disruptive and destructive cyber threat activity, to campaigns leveraging coordinated and inauthentic networks of accounts to promote fabricated content and desired narratives across various social media platforms, websites, and forums," the Mandiant researchers say. 

Mandiant  say that most current activity is "disruptive and destructive" and includes the deployment of wiper malware. 

Malware is not the only activity of concern. In March, hackers known as Secondary Infektion  spread a fake message claiming that Ukraine had surrendered through the Ukraine 24 website going so far as to generate a fake artificial intelligence (AI) model of Ukrainian President Zelenskyy delivering the message. While this group continues to promote fake stories, Ghostwriter malware has also been used. In February, the Computer Emergency Response Team for Ukraine (CERT-UA) warned that the group, also tracked as UNC1151, thought to be linked with the Belarus government, was responsible for an array of misinformation campaigns, phishing attempts, and assaults against Ukrainian targets. 

A new campaign discovered by Mandiant is tied to Ghostwriter and is spreading false narratives about refugees, while other groups are promoting a misinformation campaign aimed at an "aggressive defense of Russian strategic interests," according to the researchers. These activities appear to overlap with Ghostwriter, suggesting there may be a collaboration between the teams.

These fake narratives are being spread to try and damage relations between Ukraine and Poland which  portray Ukrainian refugees as a burden. The Russian threat group known as APT28, or Fancy Bear, continues to post content on Telegram channels related to the conflict, focusing on "weakening Ukrainians' confidence in their government and its response to the invasion."

Mandiant:     The Cyberwire:     Cybersecurity-Help:     Infosec Today:     ZDNet:  

You Might Also Read: 

The Ukraine War - By Satellite, Internet & Phone:

 

« Vishing Attacks Reach All Time High
Satellite Systems Security Needs To Be Reinforced Against Cyber Attack »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

RISA

RISA

RISA solutions help to secure networks, improve overall network security, and achieve government regulatory compliance.

Sonatype

Sonatype

Sonatype protects the world's enterprise software from security, compliance, licensing risks, while reducing application development and deployment time.

CybelAngel

CybelAngel

CybelAngel is a leading digital risk protection platform that detects and resolves external threats before these wreak havoc.

Cyber Security For Critical Manufacturing (ManuSec)

Cyber Security For Critical Manufacturing (ManuSec)

Cyber Security For Critical Manufacturing (Manusec) is a global series of summits focusing on Cyber Security for Critical Manufacturing Sectors.

VerSprite

VerSprite

VerSprite is a specialist information security consulting firm. We provide organizations with detection across all their attack surfaces and deliver critical insight into all possible attack methods.

Yaana Technologies

Yaana Technologies

Yaana is a leading provider of intelligent compliance solutions including lawful interception, data retention & disclosure, and advanced security analytics.

SEON Technologies

SEON Technologies

At SEON we strive to help online businesses reduce the costs, time, and challenges faced due to fraud.

Fugue

Fugue

Fugue ensures cloud infrastructure stays in continuous compliance with enterprise security policies.

Institute of Informatics and Telematics (IIT)

Institute of Informatics and Telematics (IIT)

IIT carries out activities of research, assessment, technology transfer and training in the field of Information and Communication Technologies and of Computational Sciences.

ProSearch Partners

ProSearch Partners

ProSearch Partners are national talent acquisition specialists exclusively focussing on Technology and Digital talent including Cybersecurity, Data Analytics and Execs.

Jump Capital

Jump Capital

Jump provides series A and B capital to data-driven tech companies within the FinTech, IT & Data Infrastructure, B2B SaaS and Media sectors.

Authomize

Authomize

Authomize aggregates identities and authorization mechanisms from any applications around your hybrid environment into one unified platform so you can easily and rapidly manage and secure all users.

riskmethods

riskmethods

riskmethods helps you proactively identify, assess and mitigate supply chain risk. You need to master supply chain risk management—we can help.

DAtAnchor

DAtAnchor

Anchor is simply a better way to protect and control sensitive data. Zero-trust, data-centric security. Simplified.

Ekco

Ekco

Ekco is one of Europe’s leading managed cloud providers. With a network of infrastructure and security specialists across Europe, we’ve perfected our approach to supporting digital transformation.

Verisign

Verisign

Verisign is a Global Leader in Domain Names & Internet Security, providing protection for websites and enterprises around the world.