This posting is here to collect cyber security news in March 2022.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in March 2022.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
888 Comments
Tomi Engdahl says:
Not all heroes wear capes
Teen Who Tracked Elon Musk’s Jet Is Now Chasing Russian Tycoons
https://www.bloomberg.com/news/articles/2022-02-28/why-russian-oligarchs-can-t-escape-the-twitter-teen-who-tracked-elon-musk-s-jet?utm_content=business&cmpid=socialflow-facebook-business&utm_source=facebook&utm_campaign=socialflow-organic&utm_medium=social
Tomi Engdahl says:
”We’ve had an uptick in usage in Eastern Europe & rumors are circulating that Signal is hacked & compromised. This is false. Signal is not hacked. We believe these rumors are part of a coordinated misinformation campaign meant to encourage people to use less secure alternatives.”
https://mobile.twitter.com/signalapp/status/1498437474611343367
Tomi Engdahl says:
Kommentti: Lännen ja Venäjän taloussodassa aineksia paitsi energiakriisiin myös vakavaan elintarvikepulaan https://www.is.fi/taloussanomat/art-2000008648072.html
Tomi Engdahl says:
Google teki tärkeän muutoksen Mapsiin Ukrainassa https://www.is.fi/digitoday/art-2000008648766.html
Tomi Engdahl says:
Tiedustelulähteet: Huonoon sotamenestykseen turhautunut Putin rähjää alaisilleen https://www.is.fi/ulkomaat/art-2000008650329.html
Frustrated Putin may order escalation of violence in Ukraine, U.S. officials say
The U.S. has solid intelligence that Putin is directing unusual bursts of anger at people in his inner circle over the state of the military campaign, officials said.
https://www.nbcnews.com/investigations/frustrated-putin-may-order-escalation-violence-ukraine-us-officials-sa-rcna18026
U.S. intelligence agencies have determined that Russian President Vladimir Putin is growing increasingly frustrated by his military struggles in Ukraine and may see his only option as doubling down on violence, current and former U.S. officials briefed on the matter told NBC News.
As the Russian economy teeters under unprecedented global sanctions and his purportedly superior military force appears bogged down, Putin has lashed out in anger at underlings, even as he remains largely isolated from the Kremlin in part because of concerns about Covid, the sources said.
Tomi Engdahl says:
Hakkeriryhmä estänyt Venäjän sotakuljetuksia – halvaannutti raideliikenteen
Valkovenäläinen hakkeriryhmä kertoo hidastaneensa Venäjän liikkumista Ukrainaan.
https://www.iltalehti.fi/digiuutiset/a/471ecb18-1256-42d7-8088-61434f1f6341
Valkovenäläinen hakkeriryhmä Cyber Partisans eli Kyberpartisaanit on halvaannuttanut raideliikennettä Valko-Venäjällä, Bloomberg uutisoi. Ryhmän kerrotaan päässeen tunkeutumaan koneille, jotka kontrolloivat Valko-Venäjän raiteita. Jotkin raidelinjat ovat hakkereiden mukaan olleet kokonaan pois käytöstä, mikä on vaikeuttanut Venäjän etenemistä.
https://www.bloomberg.com/news/articles/2022-02-27/belarus-hackers-allegedly-disrupted-trains-to-thwart-russia
Tomi Engdahl says:
Fingridin Ruusunen: ”Ne ajat ovat takana, kun Suomi oli riippuvainen venäläisestä sähköstä”
Venäjältä virtaa edelleen sähkö Suomeen normaaliin tapaan.
https://www.iltalehti.fi/politiikka/a/232d18c6-f921-443c-be15-73ad5e0070c9
Uhkaako Suomea sähkökriisi, jos sähkön tuonti Venäjältä Suomeen pysähtyisi Venäjän vastapakotteiden seurauksena.
Tuskin.
– Ne ajat ovat takana, kun Suomi oli riippuvainen venäläisestä sähköstä. Näin voin kyllä sanoa, kantaverkkoyhtiö Fingridin toimitusjohtaja Jukka Ruusunen kommentoi Iltalehdelle tiistaiaamuna.
Suomeen on virrannut koko talven ja virtaa edelleen venäläistä sähköä normaaliin tapaan.
Tänään tiistaina kello 8.31 tilanne oli se, että Suomen sähkön kulutus oli Fingridin mukaan 10696 megawattia ja sähkön tuotanto oli 9858 megawattia. Sähkön tuonnin ja viennin erotus (netto) oli 836 megawattia.
Tuonti Venäjältä oli samaan aikaan 836 megawattia. Usein tuonti Venäjältä on ollut jopa kaksinkertainen.
Suomi tuo runsaasti sähköä myös Ruotsista.
https://www.fingrid.fi/sahkomarkkinat/sahkojarjestelman-tila/
Tomi Engdahl says:
[1420] Worst Kept Secret in Security… It’s All Keyed Alike
https://www.youtube.com/watch?v=YeFevEGoPF0
LPL has made the entire world realize a duct-taped door is more secure than most of our locks!
Tomi Engdahl says:
Näin ihmisiä huijataan: Somessa leviää ”sotavideoita”, jotka ovat peräisin videopeleistä
https://www.is.fi/digitoday/esports/art-2000008650500.html
Kaikki ei ole aina sitä miltä näyttää. Somessa on jaettu viime päivinä runsaasti videoita Venäjän sodasta Ukrainaa vastaan, mutta osa niistä on otettu videopeleistä.
Venäjän sota Ukrainaa vastaan on johtanut ilmiöön, jossa peleistä taltioituja videoita on jaettu sosiaalisessa mediassa aitoina sotavideoina.
Asiasta ovat viime päivinä uutisoineet muun muassa BBC, Reuters, Bloomberg ja Kotaku. Jopa miljoonia näyttökertoja keränneitä videoita on havaittu esimerkiksi Twitterissä, Facebookissa ja TikTokissa.
Ukraine invasion: Misleading claims continue to go viral
https://www.bbc.com/news/60554910
Five days into the Russian invasion of Ukraine, false or misleading videos and images about the invasion continue to go viral.
Among the things spreading quickly are old videos being depicted as current – along with claims that pictures such as the one above are old, even when they verifiably come from the present conflict.
We’ve been looking into some of the most viral claims.
Tomi Engdahl says:
Mitä tehdä, kun lapsi näkee Tiktokissa sotavideoita ja ahdistuu? Asiantuntija neuvoo
https://www.is.fi/kotimaa/art-2000008644539.html
Lapset näkevät omilta päätelaitteiltaan tällä hetkellä hurjaa materiaalia. Miten suojella lasta sotakuvien näkemisestä johtuvasta järkytyksestä?
Sosiaalisessa mediassa kiertää tällä hetkellä lapsia järkyttävää sisältöä Ukrainan sodasta. Palveluissa nähtävä materiaali on huomattavasti rankempaa kuin perinteisen median käyttämä kuvasto.
Venäjä julisti sodan Ukrainalle tämän viikon torstaina neljältä aamuyöllä.
Tiktok on lasten ja nuorten suosima sosiaalisen median alusta, ja useat vanhemmat ovat huolestuneet sinne ilmestyneestä sotasisällöstä.
Sosiaalisen median kanavissa on voinut nähdä ukrainalaisten silmin esimerkiksi ohjusiskun asuinkerrostalon ulkopuolelle, vauvan itkemässä Venäjän hävittäjän lentäessä yli ja tankkeja vyörymässä Kiovan esikaupunkialueelle.
Selfie-videoissa Tiktok-käyttäjien kanssa samanikäiset ukrainalaiset nuoret kuvaavat tuhoutunutta kotiaan ja itkevät kotonaan yleishälytyksen ääni taustalla.
Tomi Engdahl says:
Salaperäiseen ”Kiovan aaveeseen” viittaava video oli otettu videopelistä
Tuntematon hävittäjälentäjä ehti kerätä kiitosta Ukrainassa.
https://www.is.fi/ulkomaat/art-2000008645244.html
Tuntematon hävittäjälentäjä nousi ilmiöksi sodan riepottelemassa Ukrainassa. Sosiaalisen median käyttäjien ”Kiovan aaveeksi” ristimän lentäjän väitettiin ampuneen alas useamman venäläisen hävittäjälentokoneen. Asiasta kertoo Newsweek.
Tarkemmassa tarkastelussa on myöhemmin selvinnyt, että Ukrainan puolustusministeriön lataama video, jossa viitataan ”Kiovan aaveeseen” on todellisuudessa otettu Digital Combat Simulator -pelistä.
Who is the Ghost of Kyiv? Ukraine MiG-29 Fighter Pilot Becomes the Stuff of Legend
https://www.newsweek.com/who-ghost-kyiv-ukraine-fighter-pilot-mig-29-russian-fighter-jets-combat-1682651?amp=1
Tomi Engdahl says:
A wartime plea to Western satellite companies: “We need this data, please”
“Within one hour there will be an attack on Kyiv again.”
https://arstechnica.com/science/2022/02/a-wartime-plea-to-western-satellite-companies-we-need-this-data-please/
Ukrainian entrepreneur Max Polyakov was emotional and, at times, angry, during a 20-minute call with reporters on Monday evening as he spoke about the attack by the Russian military on his homeland.
“Within one hour there will be an attack on Kyiv again,” Polyakov said, pointing emphatically to his watch. “We need the data now.”
The data he referred to were real-time observations made by commercial satellites flying over Ukraine. Polyakov pleaded with the operators of these satellites, primarily Western-based companies who sell data to governments and private customers, to freely share their data with one of his companies, EOS Data Analytics.
Tomi Engdahl says:
Kommentti: EU sössi tehokkaimman Venäjä-pakotteensa
Kreeta Karvala
EU päätti pakotepaketista, mutta torppasi kaikkein tehokkaimpana pidetyn Venäjä-pakotteen, kirjoittaa Iltalehden Kreeta Karvala.
https://www.iltalehti.fi/politiikka/a/2eecef68-a0b1-4290-bcb5-69dd3f31d90b
Tomi Engdahl says:
Nämä maat antavat aseita Ukrainaan
https://www.iltalehti.fi/ulkomaat/a/e2906282-7aaf-4dea-a224-aec88645ff8c
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/technology/namecheap-is-banning-russians-asks-them-to-switch-registrars/
Tomi Engdahl says:
Live Camera from #Ukraine #Kyiv
https://www.youtube.com/watch?v=HIPNVm6lNfM
LIVE VIEW of Kyiv, Ukraine, after Russian invasion.
Tomi Engdahl says:
9 Cameras of Kyiv Ukraine LIVE Camera Kiev (Ukraine border live camera) Day 5
https://www.youtube.com/watch?v=x3yMxxAkN4w
9 Cameras of Kyiv Ukraine LIVE Camera Kiev (Ukraine border live camera) Day 5
Russia Ukraine LIVE Camera News (Ukraine border live camera)
Multiple camera feeds all on one screen LIVE all over Ukraine, Belarus & Russia along with Twitter & news feeds as the, what looks to be an imminent invasion of Russia into Ukraine unfolds.
Tomi Engdahl says:
Schneider Relay Flaws Can Allow Hackers to Disable Electrical Network Protections
https://www.securityweek.com/schneider-relay-flaws-can-allow-hackers-disable-electrical-network-protections
Vulnerabilities discovered by researchers in some of Schneider Electric’s Easergy relays can allow hackers to disable protections for electrical networks. The vendor has released patches that should address the security flaws.
Three high-severity vulnerabilities have been found in Easergy medium-voltage protection relays — two impact Easergy P5 devices and one affects Easergy P3 devices. Schneider Electric informed customers about these vulnerabilities in January and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory last week.
Vulnerabilities found in Schneider Easergy protection relaysAccording to the advisories from Schneider and CISA, P3 relays are affected by a buffer overflow (CVE-2022-22725) that can lead to arbitrary code execution or a denial-of-service (DoS) condition if specially crafted packets are sent to the targeted device over the network.
Easergy P5 relays are also affected by a buffer overflow (CVE-2022-22723) that can allow an attacker to cause program crashes and achieve code execution using specially crafted packets sent over the network. These devices also have hardcoded credentials (CVE-2022-22722) that can pose a security risk.
“If an attacker were to obtain the SSH cryptographic key for the device and take active control of the local operational network connected to the product they could potentially observe and manipulate traffic associated with product configuration,” Schneider explained.
Tomi Engdahl says:
A Free-for-All But No Crippling Cyberattacks in Ukraine War
https://www.securityweek.com/free-all-no-crippling-cyberattacks-ukraine-war
Russia has some of the best hackers in the world, but in the early days of the war in Ukraine, its ability to create mayhem through malware hasn’t had much of a noticeable impact.
Instead, it’s Ukraine that’s marshalled sympathetic volunteer hackers in an unprecedented collective global effort to make the Kremlin pay for making war on its neighbor. It’s a kind of cyber free-for-all that experts say risks escalating a moment already fraught with extraordinary danger after Russian President Vladimir Putin put his nuclear forces on alert.
So far, Ukraine’s internet mostly works, its president still able to rally global support via a smartphone, and its power plants and other critical infrastructure still able to function. The kind of devastating cyberattacks thought likely to accompany a large-scale Russian military invasion haven’t happened.
“It has not played as large a component as some people thought it might and it definitely has not been seen outside of Ukraine to the extent that people feared,” said Michael Daniel, a former White House cybersecurity coordinator. “Of course, that could still change.”
Tomi Engdahl says:
Microsoft: Cyberattacks in Ukraine Hitting Civilian Digital Targets
https://www.securityweek.com/microsoft-cyberattacks-ukraine-hitting-civilian-digital-targets
Microsoft is calling attention to a surge in cyberattacks on Ukrainian civilian digital targets, warning that the new “digital war” includes destructive malware attacks on emergency response services and humanitarian aid efforts.
The Redmond, Wash. software giant said the attacks on civilian targets raise serious concerns under the Geneva Convention.
“We remain especially concerned about recent cyberattacks on Ukrainian civilian digital targets, including the financial sector, agriculture sector, emergency response services, humanitarian aid efforts, and energy sector organizations and enterprises,” said Microsoft president Brad Smith.
“These attacks on civilian targets raise serious concerns under the Geneva Convention, and we have shared information with the Ukrainian government about each of them,” Smith said in a statement published Monday.
Tomi Engdahl says:
Critical Vulnerabilities Impact Widely Used Printed Circuit Board File Viewer
https://www.securityweek.com/critical-vulnerabilities-impact-widely-used-printed-circuit-board-file-viewer
Security researchers with Cisco’s Talos division this week disclosed six critical-severity vulnerabilities affecting Gerbv, an open source file viewer for printed circuit board (PCB) designs.
A native Linux application, Gerbv is found on many common UNIX platforms, with a Windows version available as well. Gerbv has been downloaded from SourceForge more than 1 million times.
The software is designed for viewing file formats that display layers of circuit boards, including Excellon drill files, RS-274X Gerber files, and pick-n-place files, and can be used either as a standalone application, or as a library.
“Some PCB manufacturers use software like Gerbv in their web interfaces as a tool to convert Gerber (or other supported) files into images. Users can upload gerber files to the manufacturer website, which are converted to an image to be displayed in the browser, so that users can verify that what has been uploaded matches their expectations,” Talos explained.
This makes it possible for an attacker to reach the software over the network without user interaction or elevated privileges.
Tomi Engdahl says:
Netflix Won’t Add Russian Broadcasters to Service, Defying New Regulation
Russian rule requires services with more than 100,000 subscribers to carry some 20 Russian channels
https://www.wsj.com/articles/netflix-wont-add-russian-channels-to-service-defying-new-regulation-11646076964?mod=e2fb
Tomi Engdahl says:
U.S. Slaps Technology Export Ban on Russia
Feb. 24, 2022
The White House has instructed the U.S. Commerce Department, through its Bureau of Industry and Security (BIS), to impose restrictions on the export of technology, including telecommunications systems and lasers, to Russia.
https://www.mwrf.com/technologies/systems/article/21234551/us-slaps-technology-export-ban-on-russia?utm_source=RF%20MWRF%20Today&utm_medium=email&utm_campaign=CPS220225014&o_eid=7211D2691390C9R&rdx.ident%5Bpull%5D=omeda%7C7211D2691390C9R&oly_enc_id=7211D2691390C9R
In response to Russia’s invasion of Ukraine, the White House has instructed the U.S. Commerce Department, through its Bureau of Industry and Security (BIS), to impose restrictions on the export of technology, including telecommunications systems and lasers, to Russia. The restrictions are intended to shut off Russia’s defense, aerospace, and maritime sectors from critical technology developed in the U.S. or that use components made in the U.S. The European Union and five other countries are expected to impose similar sanctions.
As was the case with ZTE and Huawei previously, certain organizations within the Russian defense ecosystem have been placed on the Entity List (see “U.S. Commerce Dept. finds ZTE violated export disciplinary agreement, bans U.S. component supply” and “Huawei faces U.S. technology access ban”). Placement on the list requires that special licenses be obtained for items developed in the U.S. as well as foreign items produced using U.S. equipment, software, and blueprints before they can be sent to these Russian entities. Instructions for filing for such licenses state that the parties involved should assume such license requests will be denied.
The Commerce Department has imposed restrictions on Russian access to semiconductors, computers, telecommunications technology, information security equipment, lasers, and sensors.
Concurrently, BIS added 49 Russian military end-user organizations to its Entity List.
In addition to the EU, Japan, Australia, the United Kingdom, Canada, and New Zealand have agreed to adopt similar sanctions. The Commerce Department said via a release that it expects other countries to follow suit.
U.S slaps technology export ban on Russia
Feb. 24, 2022
The White House has instructed the U.S. Commerce Department, through its Bureau of Industry and Security (BIS), to impose restrictions on the export of technology, including telecommunications systems and lasers, to Russia.
https://www.lightwaveonline.com/optical-tech/components/article/14234536/us-slaps-technology-export-ban-on-russia
Tomi Engdahl says:
Taisteludroonien vallankumous
https://yle.fi/uutiset/3-12328365
Halvat miehittämättömät taisteludroonit ovat olleet monissa viime vuosien konflikteissa hämmästyttävän tehokkaita. Myös Ukraina käyttää niitä nyt.
Tomi Engdahl says:
Katso aikajanalta, miten Venäjän aloittama sota on edennyt
Kokosimme yhteen Ukrainan kriisin tärkeimmät tapahtumat viime kuukausilta.
https://yle.fi/uutiset/3-12331818
Tomi Engdahl says:
Google maps used to spread info to Russia
Netissä keksittiin ovela tapa ujuttaa tietoa sodasta Venäjälle https://www.is.fi/digitoday/art-2000008651435.html
https://mobile.twitter.com/konrad03249040/status/1498350631232356357
Tomi Engdahl says:
Nordean koko päivän jatkuneet ongelmat johtuivat palvelunestohyökkäyksestä – tilanne nyt ok, mutta hitautta voi esiintyä
Häiriö alkoi jo maanantai-iltana. Asiakkaat eivät ole päässeet kirjautumaan Nordean verkko- tai mobiilipankkeihin tänään välttämättä ollenkaan.
https://yle.fi/uutiset/3-12338542
Tomi Engdahl says:
Nordean palveluihin kohdistui palvelunestohyökkäys – kirjautumisessa voi vielä olla hitautta
https://www.mtvuutiset.fi/artikkeli/nordealla-tilapainen-hairio-tunnistautumisessa/8367136
Nordea kertoo Twitterissä, että osaan pankin palveluista on kohdistunut ulkopuolista häirintää eli palvelunestohyökkäys.
– Olemme saaneet varmistettua palvelut niin, että asiakkaat voivat kirjautua mobiili- ja verkkopankkiin. Palveluissamme on kuitenkin tällä hetkellä hitautta, Nordea tviittasi puoli kuuden maissa tänään.
Tomi Engdahl says:
It turns out parts for the stations were made in Ukraine, and they still had access to the system.
Hackers Make Russian Charging Stations Display “Putin Is A Dickhead” Message
https://www.iflscience.com/technology/hackers-make-russian-charging-stations-display-putin-is-a-dickhead-message/
Tomi Engdahl says:
https://www.nytimes.com/2022/02/28/us/politics/ukraine-russia-microsoft.html
Tomi Engdahl says:
https://techcrunch.com/2022/03/01/facebook-and-instagram-cut-the-reach-of-russian-state-linked-media/?tpcc=tcplusfacebook
Tomi Engdahl says:
War in Ukraine: We Need to Talk About Fossil Fuels The E.U.’s dependence on Russian oil and gas greatly complicates the current conflagration
https://spectrum.ieee.org/russia-ukraine-fossil-fuels?utm_campaign=RebelMouse&socialux=facebook&share_id=6934265&utm_medium=social&utm_content=IEEE+Spectrum&utm_source=facebook
Tomi Engdahl says:
‘If you happen to find a free or abandoned armored personnel carrier, here’s a life-hack on how to start it.’
Russian Influencer Posts TikTok Showing How to Drive ‘Abandoned’ APCs
https://www.vice.com/en/article/93bgmp/russian-influencer-posts-tiktok-showing-how-to-drive-abandoned-apcs?utm_source=motherboardtv_facebook&utm_medium=social
‘If you happen to find a free or abandoned armored personnel carrier, here’s a life-hack on how to start it.’
A Russian influencer has gone viral on TikTok for a video explaining how to drive a Russian armored personnel carrier (APC).
Tuman’s video comes at a time when reports are flooding social media about Russian soldiers running out of fuel or outright abandoning tanks and APCs in Ukraine. On Feb. 28, Russia’s state telecommunications regulator demanded that TikTok take steps to censor military content on its platform. The video went viral on Twitter Monday with some describing it as footage of a Ukrainian explaining how to pilot abandoned Russian military vehicles. That’s not quite what’s going on.
The video of Tuman in an APC is actually a year old.
Tomi Engdahl says:
Elon Muskia piinaava teini löysi uuden kohteen: Koodari kiusaa nyt myös Putinin lähipiiriin kuuluvia oligarkkeja
Amerikkalainen 19-vuotias Jack Sweeney koodasi botin, joka julkaisee Venäjän oligarkkien lentotietoja.
https://www.hs.fi/talous/art-2000008651271.html
Tomi Engdahl says:
Tutkijat: Ydinaseilla uhkailu kesken sodan on uutta – Putinin tavat eroavat monista kylmän sodan neuvostojohtajista
Tutkija sanoo, että Venäjän Ukrainan ympäristöön tuomien aseiden tuhovoima voi olla jo lähellä heikkotehoisimpia taktisia ydinaseita.
https://yle.fi/uutiset/3-12336763
Tomi Engdahl says:
Apple has paused product sales and limited the use of Apple Pay and other services in Russia, joining a chorus of tech giants taking a stand against the invasion of Ukraine.
Apple Stops Sales in Russia—and Takes a Rare Stand
https://www.wired.com/story/apple-russia-iphone-ukraine-traffic-maps-rt-sputnik-app-store/?mbid=social_facebook&utm_brand=wired&utm_social-type=owned&utm_medium=social&utm_source=facebook
The company joins the chorus of tech giants pushing back against Russian aggression.
Tomi Engdahl says:
Hackers can win $100k for helping Ukraine bring down Russian websites
A cybersecurity company wants to create a “decentralised cyber army” from around the world
https://sifted.eu/articles/ukraine-war-russia-websites-hack/
A global “hackathon” calling for volunteers to help expose Russian software vulnerabilities got underway at 4am this morning (2am GMT), as Ukraine’s frantic defence against Moscow took its latest unconventional turn.
Kyiv-based cybersecurity company Cyber Unit Technologies is organising the giant hacker effort, promising a $100k bounty payable in cryptocurrency to the best online attacks against Russian websites (the firm is also calling for donations to grow the reward pot).
The global competition — dubbed “Fuck Hack Russia” — is the latest in an unprecedented cyber effort to repel Moscow’s army, which continues to shell Ukrainian cities this week.
Tomi Engdahl says:
“In the public eye Russian state institutions have been dealt a major blow and perceptions matter”
Tomi Engdahl says:
Rabobank: If Putin Has Lost, So Have Markets
https://www.zerohedge.com/markets/rabobank-if-putin-has-lost-so-have-markets
The fight is here: I need ammo, not a ride
This will be a longer than normal Daily: we live in extraordinary times and a few extra paragraphs are needed to cover it. However, let’s start with the key point: Vladimir Putin has lost this war – and so have markets. The greatest risks lie in how much damage he is prepared to inflict on to attempt to deny that fact.
The ferocity of Ukrainian resistance is the polar opposite of the collapse of the Afghan government, which exited in jets filled with US cash. On Friday, as Bloomberg was reporting Kyiv would fall in hours, the US offered President Zelenskiy an airlift out. His response: “The fight is here: I need ammo, not a ride.” He is prepared to die for his cause, in contrast to leaders who won’t even risk a bad opinion poll.
Overall, the Russian military is performing extremely poorly: they still don’t have air superiority due to Ukraine moving its air defences around, and Russian missile strikes having only hit old, static targets. Russia’s attempts to rapidly seize Kyiv while minimising losses to Ukrainian civilians and its infrastructure are resulting in massive losses on their side.
There are now reports of Russian conscripts looting or begging for food or fuel, which suggests supply chain collapse; of them pouring fuel away to not be able to drive on to Kyiv; and of mutinies.
If Putin wants to win militarily he will have to get even more destructive; yet the more he does, the more Ukrainians and the West will resist. War is a continuation of politics by other means. There is no political means by which Putin can reintegrate Ukraine with Russia: he has irretrievably broken the ‘Russkiy mir’ (Russian world) he wanted to recreate. Some now start to fear Putin may decide if he cannot hold Ukraine then he will cause massive damage in order to punish it for its defiance.
Yet if Putin has lost, so have markets.
First, Europe has woken up from a 30-year geopolitical slumber. Ukraine will be resupplied militarily by NATO members and the EU
Second, Russia is being removed from the global community, economy, and financial markets.
Tomi Engdahl says:
https://www.iflscience.com/technology/why-google-maps-has-blocked-live-traffic-data-in-ukraine/
Tomi Engdahl says:
IsaacWiper and HermeticWizard: New wiper and worm targeting Ukraine https://www.welivesecurity.com/2022/03/01/isaacwiper-hermeticwizard-wiper-worm-targeting-ukraine/
As the recent hostilities started between Russia and Ukraine, ESET researchers discovered several malware families targeting Ukrainian organizations. As stated in this ESETResearch tweet and WLS blogpost, we uncovered a destructive attack against computers in Ukraine that started around 14:52 on February 23rd, 2022 UTC. This followed distributed denial-of-service (DDoS) attacks against major Ukrainian websites and preceded the Russian military invasion by a few hours..
Also:
https://www.bleepingcomputer.com/news/security/new-worm-and-data-wiper-malware-seen-hitting-ukrainian-networks/.
https://thehackernews.com/2022/03/second-new-isaacwiper-data-wiper.html.
https://www.zdnet.com/article/security-researchers-spot-another-form-of-wiper-malware-that-was-used-against-ukraines-networks/
Tomi Engdahl says:
Nordea: Verkkopankin ongelmat johtuvat ulkopuolisesta häirinnästä, palveluiden hitaus jatkuu https://www.hs.fi/talous/art-2000008650264.html
Nordean verkkopankkipalvelut ovat kärsineet maanantaina ja tiistaina ongelmista palvelunestohyökkäyksen takia. Häiriöt olivat vakavia, sillä kaikki asiakkaat eivät päässeet kirjautumaan verkkopankkitunnuksilla lainkaan. Tilapäisen häiriön vuoksi Nordean pankkitunnuksilla tai tunnuslukusovelluksella ei voi tunnistautua
verkko- tai mobiilipankkiin tai muiden palveluntarjoajien palveluihin, yhtiö kertoi aamulla verkkosivuillaan.. Myös:
https://www.tivi.fi/uutiset/tv/a9494fc2-b799-40ee-81b7-f3bbd8fb0e22
Tomi Engdahl says:
TCP Middlebox Reflection: Coming to a DDoS Near You https://www.akamai.com/blog/security/tcp-middlebox-reflection
In recent weeks, Akamai researchers began observing multiple distributed denial of service (DDoS) attack campaigns against Akamai customers that had included SYN flooding and high volumes of traffic:
up to 11 Gbps at 1.5 million packets per second (Mpps). Upon examining the TCP packets used in the attack, we realized that they are leveraging a new technique known as TCP Middlebox Reflection.
Tomi Engdahl says:
Digital technology and the war in Ukraine https://blogs.microsoft.com/on-the-issues/2022/02/28/ukraine-russia-digital-war-cyberattacks/
All of us who work at Microsoft are following closely the tragic, unlawful and unjustified invasion of Ukraine. This has become both a kinetic and digital war, with horrifying images from across Ukraine as well as less visible cyberattacks on computer networks and internet-based disinformation campaigns. We are fielding a growing number of inquiries about these aspects and our work, and therefore we are putting in one place a short summary about them in this blog. This includes four areas: protecting Ukraine from cyberattacks; protection from state-sponsored disinformation campaigns; support for humanitarian assistance; and the protection of our employees.. Also:
https://threatpost.com/microsoft-ukraine-foxblade-trojan-hours-before-russian-invasion/178702/
Tomi Engdahl says:
TeaBot is now spreading across the globe https://www.cleafy.com/cleafy-labs/teabot-is-now-spreading-across-the-globe
TeaBot is an Android banking trojan emerged at the beginning of 2021 designed for stealing victims credentials and SMS messages. TeaBot RAT capabilities are achieved via the device screens live streaming (requested on-demand) plus the abuse of Accessibility Services for remote interaction and key-logging. This enables Threat Actors (TAs) to perform ATO (Account Takeover) directly from the compromised phone, also known as On-device fraud. In the last months, we detected a major increase of targets which now count more than 400 applications, including banks, crypto exchanges/wallets and digital insurance, and new countries such as Russia, Hong Kong, and the US.
Tomi Engdahl says:
Namecheap is banning Russians, asks them to switch registrars https://www.bleepingcomputer.com/news/technology/namecheap-is-banning-russians-asks-them-to-switch-registrars/
Domain registrar Namecheap is emailing customers registered in Russia saying it will no longer provide them with services because of Russia’s invasion of Ukraine. “Unfortunately, due to the Russian regime’s war crimes and human rights violations in Ukraine, we will no longer be providing services to users registered in Russia,” the company says in the emails sent earlier today. “While we sympathize that this war may not affect your own views or opinion on the matter, the fact is, your authoritarian government is committing human rights abuses and engaging in war crimes so this is a policy decision we have made and will stand by.”
Tomi Engdahl says:
Conti Ransomware Gang’s Internal Chats Leaked Online After Siding With Russia https://thehackernews.com/2022/03/conti-ransomware-gangs-internal-chats.html
Days after the Conti ransomware group broadcasted a pro-Russian message pledging its allegiance to Vladimir Putin’s ongoing invasion of Ukraine, a disgruntled member of the cartel has leaked the syndicate’s internal chats. The file dump, published by malware research group VX-Underground, is said to contain 13 months of chat logs between affiliates and administrators of the Russia-affiliated ransomware group from January 2021 to February 2022, in a move that’s expected to offer unprecedented insight into the gang’s workings..
Also:
https://blog.malwarebytes.com/threat-intelligence/2022/03/the-conti-ransomware-leaks/.
https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-i-evasion/.
https://www.bleepingcomputer.com/news/security/conti-ransomware-source-code-leaked-by-ukrainian-researcher/
Tomi Engdahl says:
The invasion of Ukraine started online long before troops marched on Kyiv https://therecord.media/the-war-for-ukraine-started-online-long-before-troops-marched-on-kyiv/
Riga, LatviaI left Ukraine on Feb. 18 for a journalism training in Riga feeling uneasy. Just days before, I covered yet another cyberattack this one targeting Ukrainian government websites and national banks, striking after months of rising tensions in the region. Yet even while constantly checking my phone for news updates as my plane left Kyiv, I didnt realize I was about to become a refugee reporting on the invasion of my own country from the outside. On Feb.
24, I woke up in the middle of the night to watch YouTube videos of Russian troops entering Ukraine Ive hardly slept since.
Tomi Engdahl says:
NVIDIA says employee credentials, proprietary information stolen during cyberattack https://www.zdnet.com/article/nvidia-says-employee-credentials-proprietary-information-stolen-during-cyberattack/
NVIDIA said employee credentials and proprietary information were stolen during a cyberattack they announced on Friday. The microchip company said it first became aware of the incident on February 23 and added that it impacted its IT resources. “Shortly after discovering the incident, we further hardened our network, engaged cybersecurity incident response experts, and notified law enforcement. We have no evidence of ransomware being deployed on the NVIDIA environment or that this is related to the Russia-Ukraine conflict.. Also:
https://www.bleepingcomputer.com/news/security/nvidia-confirms-data-was-stolen-in-recent-cyberattack/
Tomi Engdahl says:
Cyber threat activity in Ukraine: analysis and resources https://msrc-blog.microsoft.com/2022/02/28/analysis-resources-cyber-threat-activity-ukraine/
Microsoft has been monitoring escalating cyber activity in Ukraine and has published analysis on observed activity in order to give organizations the latest intelligence to guide investigations into potential attacks and information to implement proactive protections against future attempts. Weve brought together all our analysis and guidance for customers who may be impacted by events in Ukraine into this single location for ease of consumption, all of which is linked below.