Russia's Cyber War Operations Begin

Uploaded on 2022-01-28 in INTELLIGENCE--International, GOVERNMENT-Defence, FREE TO VIEW, INTELLIGENCE-Hot Spots-Russia

The US Department of Homeland Security (DHS) is warning that Russia may pursue a cyber attack against the US as tensions escalate over Moscow’s buildup of forces near the border with Ukraine. In Britain, organisations are being urged to bolster their defences amid fears cyber attacks linked to the conflict in Ukraine could move beyond its borders.

The National Cyber Security Centre (NCSC) has issued urgent guidance, saying it is vital companies stay ahead of a potential threat. 

These events follow a series of cyber attacks in Ukraine which are suspected to have involved Russia, which Moscow denies, however it is thought Russian organisations are involved. Russia could launch such an attack if it believes Washington’s response to its potential invasion of Ukraine threatens its long-term national security, according to the DHS bulletin released January 23 to law enforcement partners. The bulletin said Russia “almost certainly considers cyber attacks an acceptable option to respond to adversaries” because it lacks the ability to respond with the economic and diplomatic options often preferred by other countries.

In the UK in recent weeks, critical national infrastructure - which includes energy supply, water supply, transportation, health and telecommunications - have been warned by the NCSC about specific vulnerabilities known to be exploited by Russian hackers.

Based on experience in Ukraine, energy and transport are most likely to be targeted if anything were to happen. "While we are unaware of any specific cyber threats to UK organisations in relation to events in Ukraine, we are monitoring the situation closely and it is vital that organisations follow the guidance to ensure they are resilient," Paul Chichester, the NCSC director of operations said in a statement accompanying the latest guidance issued on Friday 28th January.

Hackers, who recently unleashed destructive cyber attacks against Ukrainian government networks, have been lying in wait for months, according to new findings. The malware used to strike Ukrainian government websites has similarities to the NotPetya wiper, but has more capabilities "designed to inflict additional damage," researchers say. Ukraine has already suffered two known cyber attacks in response to the geopolitical situation with Russia. 

Called WhisperGate, the malware is a wiper that was used in cyber attacks against website domains owned by the country's government. 

The attacks led to the defacement of around 70 websites and a further 10 subject to "unauthorised interference," according to the Security Service of Ukraine, State Special Service and Cyber Police. The wave of attacks was made public on January 14th.

Websites impacted included the Ukrainian Foreign Ministry, the Ministry of Education and Science, and various state services. 

  • The first round was a series of nuisance web page defacements that targeted more than 70 Ukrainian government websites. 
  • The second round of attacks executed WhisperGate, a destructive wiper malware disguised as ransomware, that impacted dozens of Ukrainian entities associated with government, non-profit, and technology companies.  

Despite having the appearance of a ransomware attack it did not have a ransom recovery method, a critical part of any ransomware operation. This leads to the conclusion that the primary intention appears to be to render systems inoperable, not collecting financial compensation.

While many observers first thought that Russia to be behind the cyber attack, Ukrainian authorities attributed the attack to a group linked to Belarussian intelligence, using Russian-linked malware.

Though Moscow has denied any association with the attacks, there is some evidence suggesting a malware link. In 2017, Russian military intelligence executed the NotPetya malware attack that initially targeted Ukrainian targets before escaping into the wild. 

Financial institutions, energy companies, government ministries, the Kyiv international airport, metro systems, and other state-owned enterprises were affected in Ukraine.

In December 2015, engineers in Ukrainian power stations saw cursors on their computer screens moving by themselves. They had been hacked. Hundreds of thousands of people lost power for hours. It was the first time a power station had been taken offline, a sign that cyber intrusions were moving beyond stealing information into disrupting the infrastructure on which everyday life depends. Russia was blamed.

Following the cyber attack, the European Union said it was mobilising "all its resources" to assist Ukraine, NATO has pledged its support, and US President Biden has warned Russia of a cyber 'response' if Ukraine continues to be targeted. 

This tactic, using destructive malware, is a classic Russian move that Moscow has used countless times before as tensions with Ukraine and other countries have sparked.

Russian hackers were behind the sweeping destructive attacks of 2017 known as NotPetya, which caused billions of dollars in damages around the world. Cyber attacks rained down on Georgia in 2008, too, when Russia started a shooting war to go after some territory in the country.

According to preliminary results from a joint investigation from Ukraine’s cyber security agency, the State Service for Special Communication and Information Protection, Russia is behind these cyber attacks. 

Russia denies any involvement in the cyber attacks, and disclaims any intention to invade Ukraine. Kremlin spokesman Dmitry Peskov, said, in a CNN interview. “We have nothing to do with it. Russia has nothing to do with these cyber-attacks. Ukrainians are blaming everything on Russia, even their bad weather in their country,”

NCSC:     Palo Alto Networks / Unit 42:     BBC:   Oodaloop:     ZDNet:     Daily Beast:     Techtarget:     

Cyber Wire:      GovInfoSecurity:      I-HLS:      BBC:

You Might Also Read: 

NATO & Ukraine Agree Deeper Cyber Co-operation:

 

« Top Tips For SMEs To Dodge Hackers
Canadian Government Ministry Under Attack »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Foregenix

Foregenix

Foregenix are global specialists in Digital Forensics and information security including Penetration testing and Website Security.

International Association for Cryptologic Research (IACR)

International Association for Cryptologic Research (IACR)

(IACR is a non-profit scientific organization whose purpose is to further research in cryptology and related fields.

ERNW

ERNW

ERNW is an independent IT Security service provider with a focus on consulting and testing in all areas of IT security.

Upstream Security

Upstream Security

Upstream Security is the first cloud-based cyber-security solution that protects the technologies and applications of connected and autonomous vehicles.

OneSpan

OneSpan

OneSpan (formerly Vasco Data Security) is a global leader in digital identity security, transaction security and business productivity.

Anitian

Anitian

The Anitian Compliance Automation platform builds, configures, and monitors cloud environments to accelerate compliance for standards such as FedRAMP, PCI, ISO/GDPR and CJIS.

Chainkit

Chainkit

Chainkit detects adversarial anti-forensic tampering techniques that attackers use to evade detection and prolong dwell times inside a system.

Sertainty

Sertainty

Sertainty enables developers to mix intelligence into data files for active risk mitigation and data control. Discover the impact of Data: Empowered.

The Citadel Department of Defense Cyber Institute (CDCI)

The Citadel Department of Defense Cyber Institute (CDCI)

CDCI is established to address the critical national security needed for a skilled cybersecurity workforce.

Kontex

Kontex

Kontex is a Cyber Security consultancy creating resilient solutions. From Strategy, Advisory and Implementation to Management and everything in between.

East Midlands Cyber Resilience Centre (EMCRC)

East Midlands Cyber Resilience Centre (EMCRC)

The East Midlands Cyber Resilience Centre is set up to support and help protect businesses across the region against cyber crime.

AutoSec

AutoSec

AutoSec supports the FFI program Electronics, Software and Communication by dissemination and exploitation of the results of projects related to automotive cybersecurity.

Certihash

Certihash

Certihash have developed the world’s first blockchain empowered suite of information security tools based on the NIST cybersecurity framework.

Seemplicity

Seemplicity

Seemplicity revolutionizes the way security teams work by automating, optimizing and scaling all risk reduction workflows in one workspace.

Aptum

Aptum

Aptum is a global hybrid multi-cloud managed service provider delivering complex and high-performance cloud solutions with an integrated secure network.

Ampcus Cyber

Ampcus Cyber

Ampcus Cyber specialize in providing comprehensive security solutions and services that are tailored to safeguard our clients' networks, infrastructure, and valuable assets.