Russia's Cyber War Operations Begin

Uploaded on 2022-01-28 in INTELLIGENCE--International, GOVERNMENT-Defence, FREE TO VIEW, INTELLIGENCE-Hot Spots-Russia

The US Department of Homeland Security (DHS) is warning that Russia may pursue a cyber attack against the US as tensions escalate over Moscow’s buildup of forces near the border with Ukraine. In Britain, organisations are being urged to bolster their defences amid fears cyber attacks linked to the conflict in Ukraine could move beyond its borders.

The National Cyber Security Centre (NCSC) has issued urgent guidance, saying it is vital companies stay ahead of a potential threat. 

These events follow a series of cyber attacks in Ukraine which are suspected to have involved Russia, which Moscow denies, however it is thought Russian organisations are involved. Russia could launch such an attack if it believes Washington’s response to its potential invasion of Ukraine threatens its long-term national security, according to the DHS bulletin released January 23 to law enforcement partners. The bulletin said Russia “almost certainly considers cyber attacks an acceptable option to respond to adversaries” because it lacks the ability to respond with the economic and diplomatic options often preferred by other countries.

In the UK in recent weeks, critical national infrastructure - which includes energy supply, water supply, transportation, health and telecommunications - have been warned by the NCSC about specific vulnerabilities known to be exploited by Russian hackers.

Based on experience in Ukraine, energy and transport are most likely to be targeted if anything were to happen. "While we are unaware of any specific cyber threats to UK organisations in relation to events in Ukraine, we are monitoring the situation closely and it is vital that organisations follow the guidance to ensure they are resilient," Paul Chichester, the NCSC director of operations said in a statement accompanying the latest guidance issued on Friday 28th January.

Hackers, who recently unleashed destructive cyber attacks against Ukrainian government networks, have been lying in wait for months, according to new findings. The malware used to strike Ukrainian government websites has similarities to the NotPetya wiper, but has more capabilities "designed to inflict additional damage," researchers say. Ukraine has already suffered two known cyber attacks in response to the geopolitical situation with Russia. 

Called WhisperGate, the malware is a wiper that was used in cyber attacks against website domains owned by the country's government. 

The attacks led to the defacement of around 70 websites and a further 10 subject to "unauthorised interference," according to the Security Service of Ukraine, State Special Service and Cyber Police. The wave of attacks was made public on January 14th.

Websites impacted included the Ukrainian Foreign Ministry, the Ministry of Education and Science, and various state services. 

  • The first round was a series of nuisance web page defacements that targeted more than 70 Ukrainian government websites. 
  • The second round of attacks executed WhisperGate, a destructive wiper malware disguised as ransomware, that impacted dozens of Ukrainian entities associated with government, non-profit, and technology companies.  

Despite having the appearance of a ransomware attack it did not have a ransom recovery method, a critical part of any ransomware operation. This leads to the conclusion that the primary intention appears to be to render systems inoperable, not collecting financial compensation.

While many observers first thought that Russia to be behind the cyber attack, Ukrainian authorities attributed the attack to a group linked to Belarussian intelligence, using Russian-linked malware.

Though Moscow has denied any association with the attacks, there is some evidence suggesting a malware link. In 2017, Russian military intelligence executed the NotPetya malware attack that initially targeted Ukrainian targets before escaping into the wild. 

Financial institutions, energy companies, government ministries, the Kyiv international airport, metro systems, and other state-owned enterprises were affected in Ukraine.

In December 2015, engineers in Ukrainian power stations saw cursors on their computer screens moving by themselves. They had been hacked. Hundreds of thousands of people lost power for hours. It was the first time a power station had been taken offline, a sign that cyber intrusions were moving beyond stealing information into disrupting the infrastructure on which everyday life depends. Russia was blamed.

Following the cyber attack, the European Union said it was mobilising "all its resources" to assist Ukraine, NATO has pledged its support, and US President Biden has warned Russia of a cyber 'response' if Ukraine continues to be targeted. 

This tactic, using destructive malware, is a classic Russian move that Moscow has used countless times before as tensions with Ukraine and other countries have sparked.

Russian hackers were behind the sweeping destructive attacks of 2017 known as NotPetya, which caused billions of dollars in damages around the world. Cyber attacks rained down on Georgia in 2008, too, when Russia started a shooting war to go after some territory in the country.

According to preliminary results from a joint investigation from Ukraine’s cyber security agency, the State Service for Special Communication and Information Protection, Russia is behind these cyber attacks. 

Russia denies any involvement in the cyber attacks, and disclaims any intention to invade Ukraine. Kremlin spokesman Dmitry Peskov, said, in a CNN interview. “We have nothing to do with it. Russia has nothing to do with these cyber-attacks. Ukrainians are blaming everything on Russia, even their bad weather in their country,”

NCSC:     Palo Alto Networks / Unit 42:     BBC:   Oodaloop:     ZDNet:     Daily Beast:     Techtarget:     

Cyber Wire:      GovInfoSecurity:      I-HLS:      BBC:

You Might Also Read: 

NATO & Ukraine Agree Deeper Cyber Co-operation:

 

« Top Tips For SMEs To Dodge Hackers
Canadian Government Ministry Under Attack »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

QASymphony

QASymphony

QASymphony software testing and QA tools help companies create better software by improving speed, efficiency and collaboration during the testing lifecycle.

Certes

Certes

Certes is a pioneer in delivering cutting-edge security technology solutions, with a specific focus on Data Protection Risk Mitigation (DPRM).

Idemia

Idemia

Idemia is a global leader in security and identity solutions.

Verve Industrial

Verve Industrial

Verve specialize in providing software and services to help protect and secure critical industrial control systems.

CyBOK - University of Bristol

CyBOK - University of Bristol

CyBOK is a comprehensive Body of Knowledge to inform and underpin education and professional training for the cyber security sector.

MONITORAPP

MONITORAPP

MONITORAPP is responsible for complete web security. Protect your business environment with Application Security Solutions from MONTORAPP.

Quantifind

Quantifind

Quantifind enables financial crimes/fraud analysts and investigators to make better decisions, faster, with intelligent automation.

ShardSecure

ShardSecure

ShardSecure Microshard technology eliminates data sensitivity, providing security, privacy and compliance beyond encryption.

Fifosys

Fifosys

Fifosys is a professional technology infrastructure specialist, delivering a broad portfolio of high quality technical and strategic managed services.

Communicate Technology

Communicate Technology

Communicate Technology are IT, telecoms and cyber-security specialists, keeping over 500 businesses and 50,000 users connected and secure across the UK.

BastionZero

BastionZero

BastionZero is leveraging cryptography to reimagine the tools used to manage remote access to servers, containers, clusters, applications and databases across cloud and on-prem environments.

Eventus Security

Eventus Security

Eventus, are a team of highly skilled professionals who are committed to deliver excellence in next generation cyber security services and customized solutions for your enterprise.

DigitalPlatforms

DigitalPlatforms

DigitalPlatforms SpA is an Italian group with the mission of providing end-to-end solutions and Internet of Things and Cyber technologies to companies that manage critical infrastructures.

SEALSQ

SEALSQ

For the last 25 years, SEALSQ have been developing secure semiconductor chips, secure embedded firmware, and tested hardware provisioning services to serve the vision of a safer connected world.

CYTUR

CYTUR

CYTUR provide trusted and secured maritime cybersecurity solutions to keep ships safe, protecting them, their crews, cargo and all stakeholders from maritime cyber threats.

Cyberlocke

Cyberlocke

Cyberlocke is dedicated to finding inventive solutions to meet the distinct IT obstacles of each organization we support.