Cyber Attacks On Ukraine Step Up The Pressure

As the war in Ukraine continues, the state sponsored hacker groups aligned with Russia and Belarus are continuing their cyber offensive against Ukraine with malicious cyber attacks and campaigns spreading disinformation, a new Report from Mandiant says. 

According to Mandiant, many of disinformation narratives they observed were aimed at demoralising Ukrainians and provoking internal unrest - dividing Ukraine from its allies and bolstering perceptions of Russia.

Some of the lies have targeted Russian domestic audiences, emphasising the  Russian government's desire to sell the war to its own citizens

So far, Russian, pro-Russian, and Belarusian cyber attackers have employed the most comprehensive array of methods to achieve "tactical and strategic objectives, directly linked to the conflict itself," according to Mandiant. “The recent phase of Russian aggression toward Ukraine, manifested by Russia’s full-scale invasion, has flooded the information environment with disinformation promoted by a full spectrum of actors.” 

The impact may be felt more broadly as hackers working for other countries, including China and Iran, are attempting to get involved 

"While these operations have presented an outsized threat to Ukraine, they have also threatened the US and other Western countries," Mandiant's researchers say. "As a result, we anticipate that such operations, including those involving cyber threat activity and potentially other disruptive and destructive attacks, will continue as the conflict progresses."

Even before Russia's invasion of Ukraine started, in January, the country and its government's websites were already under attack by Russian hackers.

Russia invaded on February 24th and a day before the Ukraine's State Service of Special Communications and Information Protection said the websites of the Ministry of Foreign Affairs, Ministry of Defense, Security Service, and various banks, went down because of a distributed denial-of-service (DDoS) attack.  "Concerted information operations have proliferated, ranging from cyber-enabled information operations, including those that coincided with disruptive and destructive cyber threat activity, to campaigns leveraging coordinated and inauthentic networks of accounts to promote fabricated content and desired narratives across various social media platforms, websites, and forums," the Mandiant researchers say. 

Mandiant  say that most current activity is "disruptive and destructive" and includes the deployment of wiper malware. 

Malware is not the only activity of concern. In March, hackers known as Secondary Infektion  spread a fake message claiming that Ukraine had surrendered through the Ukraine 24 website going so far as to generate a fake artificial intelligence (AI) model of Ukrainian President Zelenskyy delivering the message. While this group continues to promote fake stories, Ghostwriter malware has also been used. In February, the Computer Emergency Response Team for Ukraine (CERT-UA) warned that the group, also tracked as UNC1151, thought to be linked with the Belarus government, was responsible for an array of misinformation campaigns, phishing attempts, and assaults against Ukrainian targets. 

A new campaign discovered by Mandiant is tied to Ghostwriter and is spreading false narratives about refugees, while other groups are promoting a misinformation campaign aimed at an "aggressive defense of Russian strategic interests," according to the researchers. These activities appear to overlap with Ghostwriter, suggesting there may be a collaboration between the teams.

These fake narratives are being spread to try and damage relations between Ukraine and Poland which  portray Ukrainian refugees as a burden. The Russian threat group known as APT28, or Fancy Bear, continues to post content on Telegram channels related to the conflict, focusing on "weakening Ukrainians' confidence in their government and its response to the invasion."

Mandiant:     The Cyberwire:     Cybersecurity-Help:     Infosec Today:     ZDNet:  

You Might Also Read: 

The Ukraine War - By Satellite, Internet & Phone:

 

« Vishing Attacks Reach All Time High
Satellite Systems Security Needs To Be Reinforced Against Cyber Attack »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Palo Alto Networks

Palo Alto Networks

Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate.

NordForsk

NordForsk

NordForsk facilitates and provides funding for Nordic research cooperation and research infrastructure. Project areas include digitalisation and digital security.

Cyber DriveWare

Cyber DriveWare

DriveWare analyzes new traffic in the I/O layer and blocks malware and cyber attacks which organizations have no means to protect against.

Securely

Securely

Securely Ltd. is an IT consulting and services firm specializing in PKI solutions and products.

7 Elements

7 Elements

7 Elements is an independent IT security testing company providing expertise in technical information assurance through security testing, incident response and consultancy.

CyberSec Hub - The Kosciuszko Institute

CyberSec Hub - The Kosciuszko Institute

The goal of CyberSec Hub is to create a centre of excellence for cybersecurity in Krakow, a new European “Cyber-Silicon Valley”.

BotRx

BotRx

BotRx is the only AI-enabled, automated fraud protection technology that allows fast & easy deployment - continually keeping invisible bad bots and agents at bay, so you can rest easy.

Quside

Quside

Quside, a spin-off from The Institute of Photonic Sciences in Barcelona, designs and manufactures innovative quantum technologies for a wide range of applications including cyber security.

Regulativ.ai

Regulativ.ai

Regulativ.ai is an innovative and comprehensive platform, driven by AI, to address the regulatory and compliance needs of Cyber Security Regulatory compliance and reporting.

Fireblocks

Fireblocks

Fireblocks is a digital asset security platform that helps financial institutions protect digital assets from theft or hackers.

SecurWeave

SecurWeave

SecurWeave's Configurable Hardware Enforced Safety and Security (CHESS) platform has been designed to meet the security and safety criticality needs of the evolving digital industry.

Ingenics Digital

Ingenics Digital

Ingenics Digital is a recognized initiator and leading service provider in the areas of software development and embedded systems.

Camms

Camms

Camms are a team of experienced professionals dedicated to providing innovative GRC software solutions that help organizations manage risk, make informed decisions, and drive positive change.

Cyro Cyber

Cyro Cyber

Cyro Cyber is a collective of some of the UK’s most experienced and savvy cybersecurity, information assurance, data protection, IT governance and compliance experts.

Cyber Brain Academy

Cyber Brain Academy

At Cyber Brain Academy, our mission is to provide high-quality IT certification training for the cyber security workforce.

Symbiotic Security

Symbiotic Security

Symbiotic Security revolutionizes code security by integrating an AI-driven security coach directly within developers' IDEs.