Cyber Attacks On Ukraine Step Up The Pressure

As the war in Ukraine continues, the state sponsored hacker groups aligned with Russia and Belarus are continuing their cyber offensive against Ukraine with malicious cyber attacks and campaigns spreading disinformation, a new Report from Mandiant says. 

According to Mandiant, many of disinformation narratives they observed were aimed at demoralising Ukrainians and provoking internal unrest - dividing Ukraine from its allies and bolstering perceptions of Russia.

Some of the lies have targeted Russian domestic audiences, emphasising the  Russian government's desire to sell the war to its own citizens

So far, Russian, pro-Russian, and Belarusian cyber attackers have employed the most comprehensive array of methods to achieve "tactical and strategic objectives, directly linked to the conflict itself," according to Mandiant. “The recent phase of Russian aggression toward Ukraine, manifested by Russia’s full-scale invasion, has flooded the information environment with disinformation promoted by a full spectrum of actors.” 

The impact may be felt more broadly as hackers working for other countries, including China and Iran, are attempting to get involved 

"While these operations have presented an outsized threat to Ukraine, they have also threatened the US and other Western countries," Mandiant's researchers say. "As a result, we anticipate that such operations, including those involving cyber threat activity and potentially other disruptive and destructive attacks, will continue as the conflict progresses."

Even before Russia's invasion of Ukraine started, in January, the country and its government's websites were already under attack by Russian hackers.

Russia invaded on February 24th and a day before the Ukraine's State Service of Special Communications and Information Protection said the websites of the Ministry of Foreign Affairs, Ministry of Defense, Security Service, and various banks, went down because of a distributed denial-of-service (DDoS) attack.  "Concerted information operations have proliferated, ranging from cyber-enabled information operations, including those that coincided with disruptive and destructive cyber threat activity, to campaigns leveraging coordinated and inauthentic networks of accounts to promote fabricated content and desired narratives across various social media platforms, websites, and forums," the Mandiant researchers say. 

Mandiant  say that most current activity is "disruptive and destructive" and includes the deployment of wiper malware. 

Malware is not the only activity of concern. In March, hackers known as Secondary Infektion  spread a fake message claiming that Ukraine had surrendered through the Ukraine 24 website going so far as to generate a fake artificial intelligence (AI) model of Ukrainian President Zelenskyy delivering the message. While this group continues to promote fake stories, Ghostwriter malware has also been used. In February, the Computer Emergency Response Team for Ukraine (CERT-UA) warned that the group, also tracked as UNC1151, thought to be linked with the Belarus government, was responsible for an array of misinformation campaigns, phishing attempts, and assaults against Ukrainian targets. 

A new campaign discovered by Mandiant is tied to Ghostwriter and is spreading false narratives about refugees, while other groups are promoting a misinformation campaign aimed at an "aggressive defense of Russian strategic interests," according to the researchers. These activities appear to overlap with Ghostwriter, suggesting there may be a collaboration between the teams.

These fake narratives are being spread to try and damage relations between Ukraine and Poland which  portray Ukrainian refugees as a burden. The Russian threat group known as APT28, or Fancy Bear, continues to post content on Telegram channels related to the conflict, focusing on "weakening Ukrainians' confidence in their government and its response to the invasion."

Mandiant:     The Cyberwire:     Cybersecurity-Help:     Infosec Today:     ZDNet:  

You Might Also Read: 

The Ukraine War - By Satellite, Internet & Phone:

 

« Vishing Attacks Reach All Time High
Satellite Systems Security Needs To Be Reinforced Against Cyber Attack »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Digital Gurus Recruitment

Digital Gurus Recruitment

Digital Gurus provide specialist recruitment services in areas including IT and information security

CloudDNA

CloudDNA

CloudDNA deliver solutions that enable users and devices to connect over high performance, secure, efficient, scalable cloud networks.

WeSecureApp (WSA)

WeSecureApp (WSA)

WeSecureApp is specialized in providing Cyber Security Solutions to safeguard your applications and networks.

National Forensic Sciences University (NFSU)

National Forensic Sciences University (NFSU)

National Forensic Sciences University is the world’s first and only University dedicated to Digital Forensic and allied Sciences.

Slice

Slice

Slice offer subscription based Cyber Insurance for small businesses.

LOGbinder

LOGbinder

LOGbinder eliminates blind spots in security intelligence for endpoints and applications.

Blackbird.AI

Blackbird.AI

Blackbird.AI provides an intelligence and early-warning system to help users detect disinformation and take action against threats.

Edureka

Edureka

Edureka is an online technology training provider with the most effective learning system in the world. We help professionals learn trending technologies for career growth.

New Net Technologies (NNT)

New Net Technologies (NNT)

NNT SecureOps provides ultimate protection against all forms of cyberattack and data breaches by automating the essential security controls.

Intellias

Intellias

Intellias is a trusted technology partner to top-tier organizations and digital natives helping them accelerate their pace of sustainable digitalization.

Secret Intelligence Service (SIS - MI6)

Secret Intelligence Service (SIS - MI6)

The UK’s Secret Intelligence Service, also known as MI6, has three core aims: stopping terrorism, disrupting the activity of hostile states, and giving the UK a cyber advantage.

AnaVation

AnaVation

AnaVation is a trusted partner delivering high-value, cost-effective solutions that solve the most complex technical and analytical problems for our customers.

Global Cybersecurity Institute - Rochester Institute of Technology (RIT)

Global Cybersecurity Institute - Rochester Institute of Technology (RIT)

At RIT’s Global Cybersecurity Institute, we educate and train cybersecurity professionals; develop new cybersecurity and AI-based knowledge for industry, academia, and government.

Cycurion

Cycurion

Cycurion is a global leading provider of Network Communications and Information Technology Security Solutions.

Quantum Ventura

Quantum Ventura

Quantum Ventura is a technology innovation company with a single mission of delivering customer-centric advanced solutions to US Federal & State Governments and Private Sector customers.

White Knight Labs

White Knight Labs

White Knight Labs is a cyber security consultancy that specializes in cybersecurity training.