Russia continues digital onslaught against Ukrainian systems
News

Russia continues digital onslaught against Ukrainian systems

Posted: April 30, 2022 by Malwarebytes Labs

According to Microsoft, at least six Kremlin-backed hacking groups have been attacking Ukraine in the digital space in an onslaught that began before the invasion in late February. The company counted more than 237 cyberattack operations against Ukrainian systems and critical infrastructure.

These attacks involve destructive malware that “threaten civilian welfare”, accompanied by intelligence gathering and reconnaissance.

APT28 (aka FancyBear), DEV-0586, Energetic Bear(aka Dragonfly), Gamaredon, Nobelium, Sandworm, and Turlaare the nation-state actors carrying out the attacks.

“Russia’s use of cyberattacks appears to be strongly correlated and sometimes directly timed with its kinetic military operations targeting services and institutions crucial for civilians,” Microsoft said. The company gave several examples to illustrate this correlation: “While Russian forces besieged the city of Mariupol, Ukrainians began receiving an email from a Russian actor masquerading as a Mariupol resident, falsely accusing Ukraine’s government of ‘abandoning’ Ukrainian citizens.”

Russia was seen using various techniques in its attack to gain initial access. This includes phishing campaigns, vulnerability exploitation, and compromising upstream IT services. The country is also not shy about using wiper malware—destructive malware CISA (the Cybersecurity and Infrastructure Security Agency) and the FBI (Federal Bureau of Investigation) highlighted in an updated alert initially released in late February.

HermeticWiper, IsaacWiper, HermeticWizard, and CaddyWiper were deployed to Ukrainian networks in January 2022.

Microsoft believes that Russian cyberattacks will continue to escalate. Nation-state threat actors may also expand their destructive attacks outside Ukraine to retaliate against countries helping Ukraine or continuing to inflict punitive measures against Russia.

“We’ve observed Russian-aligned actors active in Ukraine show interest in or conduct operations against organizations in the Baltics and Turkey—all NATO member states actively providing political, humanitarian or military support to Ukraine.”

You can read more about Russian cyberattack activities against Ukraine in Microsoft’s Special Report: Ukraine.

RELATED ARTICLES

Fishing in a lake
Cybercrime

Law enforcement reels in phishing-as-a-service whopper

April 18, 2024 - A major international law enforcement effort has disrupted the notorious LabHost phishing-as-a-service platform.

CONTINUE READING 0 Comments
Cerebral logo
News | Privacy

Mental health company Cerebral failed to protect sensitive personal data, must pay $7 million

April 18, 2024 - The Federal Trade Commission (FTC) has reached a settlement with online mental health services company Cerebral after the company was charged with failing to secure and protect sensitive health data.

CONTINUE READING 0 Comments
JuicyFields investment scam
News | Scams

Cannabis investment scam JuicyFields ends in 9 arrests

April 18, 2024 - JuicyFields was an investment scam that urged victims to invest in cannabis production.

CONTINUE READING 0 Comments
A mobile phone in the hands of a young woman in a dark colored t-shirt.
Privacy

Should you share your location with your partner?

April 17, 2024 - Location sharing is popular among couples. But is it something you want in your own relationship?

CONTINUE READING 0 Comments
Giant Tiger logo
News | Personal

Giant Tiger breach sees 2.8 million records leaked

April 16, 2024 - A threat actor claims to be in possession of 2.8 million records originating from a hack at Canadian retail chain Giant Tiger

CONTINUE READING 0 Comments

ABOUT THE AUTHOR

Malwarebytes Labs

Malwarebytes Labs

Contributors icon

Contributors

Threat Center icon

Threat Center

Podcasts icon

Podcast

Glossary icon

Glossary

Scams icon

Scams