Ukraine-Russia cyber war

Ukraine and Russia seems to be at the moments on both traditional and cyber war. We could call that hybrid warfare. We are at a cyber war. Countless examples exist of damage to infrastructure from hostile acts via computer attacks. Russia’s invasion of Ukraine has been a hybrid war from the start, a mix of conventional military strategy — traditional “boots on the ground” — and a slightly more unconventional, digital or cyberwar. On the morning of February 22, 2022, the world woke to the news that Russia had moved troops into two separatist regions of eastern Ukraine. Russia started to conduct attacks to Ukraine on February 24. Before physical attacks Russia did several cyber attacks towards IT systems in Ukraine.

Here are links to some material on the cyber side of this war:

How the Eastern Europe Conflict Has Polarized Cyberspace
https://blog.checkpoint.com/2022/02/27/how-the-eastern-europe-conflict-polarized-cyberspace/
The war between Russia and Ukraine is advancing. People everywhere are deciding who they will support. The same dynamic happens in the cyberspace. Hacktivists, cybercriminals, white hat researchers or even technology companies are picking a clear side, emboldened to act on behalf of their choices. Historically, Russia has had superiority over Ukraine in the cyberspace. And last week, Ukraine was attacked by destructive wiping malware. However, the situation is starting to change, as most of the non-nation cyber state actors are taking the side of Ukraine. To defend itself, the Ukrainian government has created an international IT army of hacktivists.

As war escalates in Europe, it’s ‘shields up’ for the cybersecurity industry
https://techcrunch.com/2022/03/02/as-war-escalates-in-europe-its-shields-up-for-the-cybersecurity-industry/
In unprecedented times, even government bureaucracy moves quickly. As a result of the heightened likelihood of cyberthreat from Russian malactor groups, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) — part of the Department of Homeland Security — issued an unprecedented warning recommending that “all organizations — regardless of size — adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.”

Digital technology and the war in Ukraine
https://blogs.microsoft.com/on-the-issues/2022/02/28/ukraine-russia-digital-war-cyberattacks/
All of us who work at Microsoft are following closely the tragic, unlawful and unjustified invasion of Ukraine. This has become both a kinetic and digital war, with horrifying images from across Ukraine as well as less visible cyberattacks on computer networks and internet-based disinformation campaigns. We are fielding a growing number of inquiries about these aspects and our work, and therefore we are putting in one place a short summary about them in this blog. This includes four areas: protecting Ukraine from cyberattacks; protection from state-sponsored disinformation campaigns; support for humanitarian assistance; and the protection of our employees.. Also:
https://threatpost.com/microsoft-ukraine-foxblade-trojan-hours-before-russian-invasion/178702/

Ukraine: Cyberwar creates chaos, ‘it won’t win the war’
https://www.dw.com/en/ukraine-cyberwar-creates-chaos-it-wont-win-the-war/a-60999197
There have been at least 150 cyberattacks in Ukraine since Russia’s invasion. Their effect is mainly psychological, and experts say they won’t decide the war.
Russia’s invasion of Ukraine has been a hybrid war from the start, a mix of conventional military strategy — traditional “boots on the ground” — and a slightly more unconventional, digital or cyberwar.
The global technology company Microsoft has said its Threat Intelligence Center (MSTIC) detected “destructive cyberattacks directed against Ukraine’s digital infrastructure” hours before the first launch of missiles or movement of tanks on February 24.
Those attacks, which Microsoft dubbed FoxBlade, included so-called wipers — malicious software or malware — that make their way inside computer networks and literally wipe the data from all connected devices.
Cybersecurity experts in Germany have said there have been over a hundred cyberattacks, in various forms, since then. But their effect has mainly been psychological.

Why Russia Hasn’t Launched Major Cyber Attacks Since the Invasion of Ukraine
https://time.com/6153902/russia-major-cyber-attacks-invasion-ukraine/
In the relatively short and rapidly evolving history of cyber conflict, perhaps nothing has been established with greater certainty and more widely accepted than the idea that Russia has significant cyber capabilities and isn’t afraid to use them—especially on Ukraine. In 2015, Russian government hackers breached the Ukrainian power grid, leading to widespread outages. In 2017, Russia deployed the notorious NotPetya malware via Ukrainian accounting software and the virus quickly spread across the globe costing businesses billions of dollars in damage and disruption.
As tensions escalated between Russia and Ukraine, many people were expecting the conflict to have significant cyber components.
But as the invasion continues with few signs of any sophisticated cyber conflict, it seems less and less likely that Russia has significant cyber capabilities in reserve, ready to deploy if needed. Instead, it begins to look like Russia’s much vaunted cyber capabilities have been neglected in recent years, in favor of developing less expensive, less effective cyber weapons that cause less widespread damage and are considerably easier to contain and defend against. For instance, many of the cyberattacks directed at Ukraine in the past month have been relatively basic distributed denial-of-service attacks.
Given Russia’s past willingness to deploy cyberattacks with far-reaching, devastating consequences, it would be a mistake to count out their cyber capabilities just because they have so far proven unimpressive. And it’s all but impossible to prove the absence of cyber weapons in a nation’s arsenal. But the longer the conflict goes on without any signs of sophisticated cyber sabotage, the more plausible it becomes that the once formidable Russian hackers are no longer playing a central role in the country’s military operations.

Crowd-sourced attacks present new risk of crisis escalation
https://blog.talosintelligence.com/2022/03/ukraine-update.html
An unpredictable and largely unknown set of actors present a threat to organizations, despite their sometimes unsophisticated techniques.
Customers who are typically focused on top-tier, state-sponsored attacks should remain aware of these highly motivated threat actors, as well. Misattribution of these actors carries the risk of nations escalating an already dangerous conflict in Ukraine. Based on data from our fellow researchers at Cisco Kenna, customers should be most concerned about threat actors exploiting several recently disclosed vulnerabilities, highlighting the importance of consistently updating software and related systems.

Russia, Ukraine and the Danger of a Global Cyberwar
https://www.securityweek.com/russia-ukraine-and-danger-global-cyberwar
On the morning of February 22, 2022, the world woke to the news that Russia had moved troops into two separatist regions of eastern Ukraine. At the time of writing, it is not yet a full invasion of Ukraine, but Russia did conduct attacks on February 24, hitting cities with airstrikes and artillery in what was called a “special military operation” by Russian President Vladamir Putin.
Russia has been waging its own cyberwar against Ukraine for many years.
Since the beginning of 2022, however, it seems that Russian cyber activity against Ukraine has increased. This includes evidence that wiper malware has again disrupted some Ukrainian government networks, and attacks from the FSB-linked Gamaredon have targeted around 5,000 entities, including critical infrastructure and government departments. So far, however, there has not been the same scale of disruption as occurred in 2015, 2016 and 2017.
The purpose of such cyber activity is to weaken critical infrastructure, damage government’s ability to respond to any aggression, and to demoralize the population.
The U.S. has been warning the rest of the world against a potential widening scope of Russian cyber activity, and that cyber defenses generally should be tightened.
“Part of the worry,” said Willett, “is that cyberattacks against Ukraine might bleed over, like NotPetya, to affect other countries and cause wider damage unintentionally. There is some concern that the Russians may intentionally do stuff more widely, but that would probably be in retaliation for something that the U.S. or NATO might do.
This raises the whole question of ‘attribution’. The received belief is it is impossible to do accurate cyber attribution. ““It would be a mistake for any one nation to think it could attack another without being known,” said Willett.That is absolutely wrong,” said Willett.
But accidents happen. The two iconic cyberweapons have been Stuxnet and NotPetya. It is assumed that the U.S. developed Stuxnet (although this has never been admitted). NotPetya has been confidently attributed to the Russian government. Both malwares escaped from their assumed targets into the wider world. This was probably accidental – but similar accidents could lead to wider implications during a period of global geopolitical tension.
On the morning of February 24, 2022, Russian troops invaded Ukraine. This was accompanied by a further increase in cyber activity.

Ukraine Digital Army Brews Cyberattacks, Intel and Infowar
https://www.securityweek.com/ukraine-digital-army-brews-cyberattacks-intel-and-infowar
Formed in a fury to counter Russia’s blitzkrieg attack, Ukraine’s hundreds-strong volunteer “hacker” corps is much more than a paramilitary cyberattack force in Europe’s first major war of the internet age. It is crucial to information combat and to crowdsourcing intelligence.
Inventions of the volunteer hackers range from software tools that let smartphone and computer owners anywhere participate in distributed denial-of-service attacks on official Russian websites to bots on the Telegram messaging platform that block disinformation, let people report Russian troop locations and offer instructions on assembling Molotov cocktails and basic first aid.
The movement is global, drawing on IT professionals in the Ukrainian diaspora whose handiwork includes web defacements with antiwar messaging and graphic images of death and destruction in the hopes of mobilizing Russians against the invasion.
The cyber volunteers’ effectiveness is difficult to gauge. Russian government websites have been repeatedly knocked offline, if briefly, by the DDoS attacks, but generally weather them with countermeasures.
It’s impossible to say how much of the disruption — including more damaging hacks — is caused by freelancers working independently of but in solidarity with Ukrainian hackers.
A tool called “Liberator” lets anyone in the world with a digital device become part of a DDoS attack network, or botnet. The tool’s programmers code in new targets as priorities change.

Ukraine Cyber Official: We Only Attack Military Targets
https://www.securityweek.com/ukraine-cyber-official-we-only-attack-military-targets
A top Ukrainian cybersecurity official said Friday a volunteer army of hundreds of hackers enlisted to fight Russia in cyberspace is attacking only what it deems military targets, prioritizing government services including the financial sector, Kremlin-controlled media and railways.
Victor Zhora, deputy chair of the state special communications service, also said that there had been about 10 hostile hijackings of local government websites in Ukraine to spread false text propaganda saying his government had capitulated. He said most of Ukraine’s telecommunications and internet were fully operational.
Zhora told reporters in a teleconference that presumed Russian hackers continued to try to spread destructive malware in targeted email attacks on Ukrainian officials and — in what he considers a new tactic — trying to infect the devices of individual citizens.

Army of Cyber Hackers Rise Up to Back Ukraine
https://www.securityweek.com/army-cyber-hackers-rise-back-ukraine
An army of volunteer hackers is rising up in cyberspace to defend Ukraine, though internet specialists are calling on geeks and other “hacktivists” to stay out of a potentially very dangerous computer war.
According to Livia Tibirna, an analyst at cyber security firm Sekoia, nearly 260,000 people have joined the “IT Army” of volunteer hackers, which was set up at the initiative of Ukraine’s digital minister Mykhailo Fedorov.
The group, which can be accessed via the encrypted messaging service Telegram, has a list of potential targets in Russia, companies and institutions, for the hackers to target.
It’s difficult to judge the effect the cyber-army is having.

Russia Releases List of IPs, Domains Attacking Its Infrastructure with DDoS Attacks
https://thehackernews.com/2022/03/russia-releases-list-of-ips-domains.html
Russia Blocks Access to Facebook Over War
https://www.securityweek.com/russia-blocks-access-facebook-over-war
Russia’s state communications watchdog has ordered to completely block access to Facebook in Russia amid the tensions over the war in Ukraine.
The agency, Roskomnadzor, said Friday it decided to cut access to Facebook over its alleged “discrimination” of the Russian media and state information resources. It said the restrictions introduced by Facebook owner Meta on the RT and other state-controlled media violate the Russian law.

Cyberattack Knocks Thousands Offline in Europe
https://www.securityweek.com/cyberattack-knocks-thousands-offline-europe
Thousands of internet users across Europe have been thrown offline after what sources said Friday was a likely cyberattack at the beginning of Russia’s offensive in Ukraine.
According to Orange, “nearly 9,000 subscribers” of a satellite internet service provided by its subsidiary Nordnet in France are without internet following a “cyber event” on February 24 at Viasat, a US satellite operator of which it is a client.
Eutelsat, the parent company of the bigblu satellite internet service, also confirmed to AFP on Friday that around one-third of bigblu’s 40,000 subscribers in Europe, in Germany, France, Hungary, Greece, Italy and Poland, were affected by the outage on Viasat.
In the US, Viasat said on Wednesday that a “cyber event” had caused a “partial network outage” for customers “in Ukraine and elsewhere” in Europe who rely on its KA-SAT satellite.
Viasat gave no further details, saying only that “police and state partners” had been notified and were “assisting” with investigations.
General Michel Friedling, head of France’s Space Command said there had been a cyberattack.

Cybercriminals Seek to Profit From Russia-Ukraine Conflict
https://www.securityweek.com/cybercriminals-seek-profit-russia-ukraine-conflict
Dark web threat actors are looking to take advantage of the tensions between Russia and Ukraine, offering network access and databases that could be relevant to those involved in the conflict, according to a new report from Accenture.
Since mid-January, cybercriminals have started to advertise compromised assets relevant to the Russia-Ukraine conflict, and they are expected to increase their offering of databases and network access, with potentially crippling effects for the targeted organizations.
Just over a month ago, soon after the destructive WhisperGate attacks on multiple government, IT, and non-profit organizations in Ukraine, threat actors started to advertise on the dark web access to both breached networks and databases that allegedly contained personally identifiable information (PII).
Amid Russian invasion, Ukraine granted formal role with NATO cyber hub https://therecord.media/amid-russian-invasion-ukraine-granted-formal-role-with-nato-cyber-hub/
Ukraine was granted the formal role of “contributing participant” to the hub, known as the Cooperative Cyber Defence Centre of Excellence (CCDCOE), by its 27-member steering committee, the organization announced. “Ukraine’s presence in the Centre will enhance the exchange of cyber expertise, between Ukraine and CCDCOE member nations, ” Col.
Jaak Tarien, the institution’s director, said in a statement.

This Ukrainian cyber firm is offering hackers bounties for taking down Russian sites https://therecord.media/this-ukrainian-cyber-firm-is-offering-hackers-bounties-for-taking-down-russian-sites/
In the days following Russia’s invasion of Ukraine, dozens of hacking groups have taken sides in the conflict, launching attacks on various organizations and government institutions. Cyber Unit Technologies, a Kyiv-based cybersecurity startup, has been particularly outspoken on Tuesday, the company started a campaign to reward hackers for taking down Russian websites and pledged an initial $100, 000 to the program.

High Above Ukraine, Satellites Get Embroiled in the War
https://www.wired.com/story/ukraine-russia-satellites/
While the Russian invasion rages on the ground, companies that operate data-collecting satellites find themselves in an awkward position.
Some researchers are worried that the reliance on satellite imagery has given too much power to the companies that control this technology. “There’s companies like Maxar and Planet that are privately owned and they have the final say on whether or not they want to share the information, ” says Anuradha Damale. The role of private companies in conflicts such as Ukraine means commercial satellites could become targets. In the days before Russia invaded, US space officials warned satellite companies that the conflict could extend into space.

CISA Releases Advisory on Destructive Malware Targeting Organizations in Ukraine https://www.cisa.gov/uscert/ncas/current-activity/2022/02/26/cisa-releases-advisory-destructive-malware-targeting-organizations
CISA and the Federal Bureau of Investigation have released an advisory on destructive malware targeting organizations in Ukraine. The advisory also provides recommendations and strategies to prepare for and respond to destructive malware. Additionally, CISA has created a new Shields Up Technical Guidance webpage that details other malicious cyber activity affecting Ukraine. The webpage includes technical resources from partners to assist organizations against these threats.
Alert: https://www.cisa.gov/uscert/ncas/alerts/aa22-057a

US firms should be wary of destructive malware unleashed on Ukraine, FBI and CISA warn – CNNPolitics
https://www.cnn.com/2022/02/26/politics/ukraine-malware-warning-cybersecurity-fbi-cisa/index.html
EU Activates Cyber Rapid Response Team Amid Ukraine Crisis

https://www.bankinfosecurity.com/eu-activates-cyber-rapid-response-team-amid-ukraine-crisis-a-18584

Amid rapid escalation in the Russia-Ukraine conflict derived from historical grievances and qualms with Ukraine’s plan to join the military alliance NATO, the world’s network defenders remain on high alert. And on Tuesday, the European Union confirmed that it will activate its elite cybersecurity team to assist Ukrainians if Russian cyberattacks occur.

UK alludes to retaliatory cyber-attacks on Russia
https://therecord.media/uk-alludes-to-retaliatory-cyber-attacks-on-russia/
The UK government alluded yesterday that it might launch offensive cyber operations against Russia if the Kremlin attacks UK computer systems after an invasion of Ukraine.

Amazon: Charities, aid orgs in Ukraine attacked with malware
https://www.bleepingcomputer.com/news/security/amazon-charities-aid-orgs-in-ukraine-attacked-with-malware/
Charities and non-governmental organizations (NGOs) providing critical support in Ukraine are targeted in malware attacks aiming to disrupt their operations and relief efforts seeking to assist those affected by Russia’s war. Amazon has detected these attacks while working with the employees of NGOs, charities, and aid organizations, including UNICEF, UNHCR, World Food Program, Red Cross, Polska Akcja Humanitarna, and Save the Children.

Ransomware Used as Decoy in Destructive Cyberattacks on Ukraine
https://www.securityweek.com/ransomware-used-decoy-destructive-cyberattacks-ukraine
Destructive ‘HermeticWiper’ Malware Targets Computers in Ukraine

https://www.securityweek.com/destructive-hermeticwiper-malware-targets-computers-ukraine

Just as Russia was preparing to launch an invasion of Ukraine, Ukrainian government websites were disrupted by DDoS attacks and cybersecurity firms reported seeing what appeared to be a new piece of malware on hundreds of devices in the country.
The new malware, dubbed “HermeticWiper” by the cybersecurity community, is designed to erase infected Windows devices. The name references a digital certificate used to sign a malware sample — the certificate was issued to a Cyprus-based company called Hermetica Digital.
“At this time, we haven’t seen any legitimate files signed with this certificate. It’s possible that the attackers used a shell company or appropriated a defunct company to issue this digital certificate,” explained endpoint security firm SentinelOne, whose researchers have been analyzing the new malware.
The malware has also been analyzed by researchers at ESET and Symantec. Each of the companies has shared indicators of compromise (IoCs) associated with HermeticWiper.
ESET first spotted HermeticWiper on Wednesday afternoon (Ukraine time) and the company said hundreds of computers in Ukraine had been compromised.

HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine https://www.sentinelone.com/labs/hermetic-wiper-ukraine-under-attack/
On February 23rd, the threat intelligence community began observing a new wiper malware sample circulating in Ukrainian organizations. Our analysis shows a signed driver is being used to deploy a wiper that targets Windows devices, manipulating the MBR resulting in subsequent boot failure. This blog includes the technical details of the wiper, dubbed HermeticWiper, and includes IOCs to allow organizations to stay protected from this attack. This sample is actively being used against Ukrainian organizations, and this blog will be updated as more information becomes available. Also:
https://www.welivesecurity.com/2022/02/24/hermeticwiper-new-data-wiping-malware-hits-ukraine/
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ukraine-wiper-malware-russia
https://www.bleepingcomputer.com/news/security/new-data-wiping-malware-used-in-destructive-attacks-on-ukraine/

HermeticWiper: A detailed analysis of the destructive malware that targeted Ukraine https://blog.malwarebytes.com/threat-intelligence/2022/03/hermeticwiper-a-detailed-analysis-of-the-destructive-malware-that-targeted-ukraine/
The day before the invasion of Ukraine by Russian forces on February 24, a new data wiper was unleashed against a number of Ukrainian entities. This malware was given the name “HermeticWiper” based on a stolen digital certificate from a company called Hermetica Digital Ltd. This wiper is remarkable for its ability to bypass Windows security features and gain write access to many low-level data-structures on the disk. In addition, the attackers wanted to fragment files on disk and overwrite them to make recovery almost impossible.

In Ukraine, Online Gig Workers Keep Coding Through the War
https://www.wired.com/story/gig-work-in-ukraine/
Freelancers or gig workers who piece together work on online platforms are a hidden engine of the Ukrainian economyand the world’s. They work as software engineers, project managers, IT technicians, graphic designers, editors, and copywriters. And they work for everyone.
Invading Russian forces have plunged freelancers’ home offices into chaos and uncertainty. Vlad, a video editor in southern Ukraine, says he’s grown accustomed to the air alarm signal, and hiding until it has passed. Now there are battles 30 miles from his home. “But as long as there is water, electricity, and internet, I can work, ” he says.
“Because we all need to live for something, eat

Leaving Russia? Experts Say Wipe Your Phone Before You Go
https://www.forbes.com/sites/thomasbrewster/2022/03/04/russians-escaping-putins-repression-urged-to-wipe-their-phones/
Russians fleeing President Vladimir Putin’s regime as it cracks down on anti-war sentimentand rumors of martial law grow louderare being advised to wipe their phones, especially of any traces of support for Ukraine. If they don’t, experts say they may face detention. They’re starting by deleting messages on Signal, Telegram or any app that promises security. For those leaving the country, they’re deleting the apps themselves, and urging others to do the same. Russian media has first-hand accounts of lengthy interrogations at the border, along with phone and laptop searches, though Forbes could not corroborate those claims.

Why ICANN Won’t Revoke Russian Internet Domains
The organization says cutting the country off would have “devastating” effects on the global internet system.
https://www.wired.com/story/why-icann-wont-revoke-russian-internet-domains/#intcid=_wired-bottom-recirc_8e802014-a05f-48c5-89e8-9dad931361ad_text2vec1-reranked-by-vidi
Ukraine on Monday asked ICANN to revoke Russian top-level domains such as .ru, .рф, and .su; to “contribute to the revoking for SSL certificates” of those domains; and to shut down DNS root servers in Russia. Fedorov argued that the requested “measures will help users seek for reliable information in alternative domain zones, preventing propaganda and disinformation.”
Ukraine’s request to cut Russia off from core parts of the internet has been rejected by the nonprofit group that oversees the Internet’s Domain Name System (DNS). CEO Göran Marby of the Internet Corporation for Assigned Names and Numbers (ICANN) said the group must “maintain neutrality and act in support of the global internet.”
“Our mission does not extend to taking punitive actions, issuing sanctions, or restricting access against segments of the internet—regardless of the provocations,” Marby wrote in his response to Ukraine Vice Prime Minister Mykhailo Fedorov.
https://www.icann.org/en/system/files/correspondence/marby-to-fedorov-02mar22-en.pdf

TikTok Was Designed for War
As Russia’s invasion of Ukraine plays out online, the platform’s design and algorithm prove ideal for the messiness of war—but a nightmare for the truth.
https://www.wired.com/story/ukraine-russia-war-tiktok/#intcid=_wired-bottom-recirc_8e802014-a05f-48c5-89e8-9dad931361ad_text2vec1-reranked-by-vidi

2,079 Comments

  1. Tomi Engdahl says:

    Suuri osa Ukrainasta pimeni, kaikki ydin­­voimalat irti verkosta
    Suuri osa Ukrainaa ja Moldovaa pimeni keskiviikkona laajojen pommitusten vuoksi. Kaikkiaan ilmaiskut tekivät päivästä yhden sodan pahimmista pommitus­päivistä.
    https://www.hs.fi/ulkomaat/art-2000009221958.html

    Reply
  2. Tomi Engdahl says:

    https://www.verkkouutiset.fi/a/sotamenestyksen-arviointi-on-pian-laitonta-venajalla/#6ca42fc6

    Reply
  3. Tomi Engdahl says:

    https://suomensotilas.fi/2022/11/21/halvalla-eroon-vastustajasta/

    Reply
  4. Tomi Engdahl says:

    Cyber as important as missile defences – ex-NATO general https://www.reuters.com/world/cyber-important-missile-defences-ex-nato-general-2022-11-21/
    A cyber attack on the German ports of Bremerhaven or Hamburg would severely impede NATO efforts to send military reinforcements to allies, retired U.S. General Ben Hodges told Reuters.

    Reply
  5. Tomi Engdahl says:

    Belarusian hacktivists claim to breach Russias internet regulator https://therecord.media/belarusian-hacktivists-claim-to-breach-russias-internet-regulator/
    A unit of the Russian internet and media regulator Roskomnadzor confirmed Saturday that hackers had breached its systems after the Belarusian hacktivist group known as the Cyber Partisans claimed to attack the organization.

    Reply
  6. Tomi Engdahl says:

    European Parliament website hit by cyberattack after Russian terrorism vote https://www.politico.eu/article/cyber-attack-european-parliament-website-after-russian-terrorism/
    “I confirm that the Parliament has been subject to an external cyber attack, but the Parliamentary services are doing well to defend the Parliament,” Dita Charanzová, Czech MEP and Parliament vice president responsible for cybersecurity, said in a statement.

    Reply
  7. Tomi Engdahl says:

    Ukraine and Moldova suffer internet disruptions after Russian missile strikes https://therecord.media/ukraine-and-moldova-suffer-internet-disruptions-after-russian-missile-strikes/
    Internet connectivity was disrupted in Ukraine and neighboring Moldova after dozens of Russian missiles hit Ukrainian cities on Wednesday, causing massive power outages across the country. The energy infrastructure in urban areas has been hit hardest, leading to worse internet access in cities than elsewhere. For example, the entire city of Lviv in the west of Ukraine was without electricity for at least several hours during the day. More than half of Moldova was also left without electricity, including its capital Chisinau and the breakaway Russian-backed region of Transnistria, according to Moldovas deputy prime minister Andrei Spinu. The countrys President Maia Sandu said that Moldova cant trust a regime that leaves it in the dark and cold.

    Reply
  8. Tomi Engdahl says:

    New ransomware attacks in Ukraine linked to Russian Sandworm hackers https://www.bleepingcomputer.com/news/security/new-ransomware-attacks-in-ukraine-linked-to-russian-sandworm-hackers/
    New ransomware attacks targeting organizations in Ukraine first detected this Monday have been linked to the notorious Russian military threat group Sandworm. Slovak software company ESET who first spotted this wave of attacks, says the ransomware they named RansomBoggs has been found on the networks of multiple Ukrainian organizations. “While the malware written in .NET is new, its deployment is similar to previous attacks attributed to Sandworm,”
    ESET’s Research Labs said.

    Reply
  9. Tomi Engdahl says:

    Kommentti: Ukrainan avustaminen voittoon vaatisi lännen siirtymistä ”sota­talouteen” https://www.is.fi/ulkomaat/art-2000009233733.html

    Reply
  10. Tomi Engdahl says:

    Brittitutkija: Länsi on yhä sokea Venäjän ”salaiselle sodalle” – kyse ei ole vain Putinista eikä vain Ukrainasta
    https://www.is.fi/ulkomaat/art-2000009234986.html

    Brittiläinen Keir Giles yritti varoitella maailmaa Venäjän ja Vladimir Putinin brutaaleista aikeista vuosikausien ajan, mutta vain harva ymmärsi tai uskoi hänen sanojaan. Giles on parhaillaan vierailulla Helsingissä – ja hänellä on taas uutta ikävää kerrottavaa.

    Britannian johtaviin Venäjä-asiantuntijoihin kuuluva Chatham Housen tutkija Keir Giles on tunnettu suorista puheistaan ja sarkastisesta huumoristaan, jota hän väläyttelee aika ajoin muuten niin vakavien analyysiensä lomassa.

    Niinpä Giles kiiruhtaa heti haastattelun alussa kiittelemään Venäjän presidenttiä Vladimir Putinia siitä, että tämä on tehnyt hänen omasta työstään vihdoin ”ripauksen helpompaa”.

    Ei suinkaan siksi, että Putin olisi tehnyt hyviä asioita. Vaan siksi, että Putinin kammottavia tekoja seuratessaan ihmiset alkavat nyt ymmärtää, mistä kaikesta Giles yritti varoittaa maailmaa jo vuosikausien ajan ennen Krimin kaappausta 2014 ja ennen Venäjän keväistä suurhyökkäystä Ukrainaan.

    – Olenkin omistanut uuden kirjani Putinille. Kiitokseksi siitä, että hän on viimeinkin avannut maailman silmiä Venäjän pahuudelle ja tarpeelle puolustautua sitä vastaan.

    Reply
  11. Tomi Engdahl says:

    Pekka Toverin hyytävä näkemys: Putin haluaa nyt hävittää Ukrainan kokonaan https://www.is.fi/ulkomaat/art-2000009235068.html

    Reply
  12. Tomi Engdahl says:

    Vieras kynä: Kybersota ja kyberrauha
    https://www.tivi.fi/uutiset/tv/2c2a615a-57e2-4257-9455-5e4b2aefa2b5
    Viimeisten parin vuosikymmenen aikana kyber­sodasta on puhuttu paljon, ja monet uskoivat tulevaisuuden sotien tapahtuvan enemmän tai vähemmän kyberavaruudessa. Nyt Ukrainan sodan kiihdyttyä Venäjän laajamittaiseksi hyökkäykseksi viime keväänä suurta kybersotaa ja
    - -tuhoa ei ole varsinaisesti nähty. Merkittävimmät sotanäyttämöt ovat edelleen perinteisillä kartoilla esitettävissä. Ovatko arviot kybersodasta osoittautuneet vääriksi, vai onko pahin vielä tulossa?
    Yksi merkittävä huomio on se, että perinteisen sodan ja rauhan välillä on meidän jokaisen mielessä ja kokemuksissa hyvin suuri ero. Kun emme ole sodassa, olemme rauhassa ja monet asiat ovat meille itsestään selviä, kuten esimerkiksi fyysinen turvallisuus. Emme odota joutuvamme vieraan valtion sotilaiden väkivaltaisen hyökkäyksen kohteeksi, eikä tällaista ole varsinkaan Suomessa perusteltua pelätä tavallisessa arjessa.

    Reply
  13. Tomi Engdahl says:

    55 PROSENTTIA venäläisistä kannattaa rauhanneuvotteluita Ukrainan kanssa. 25 prosenttia puolestaan tukee sodan jatkamista.

    Venäläisten asenteissa merkittävä muutos – oppositio­media sai käsiinsä Kremlin salaisen sota­kyselyn https://www.is.fi/ulkomaat/art-2000009239151.html

    https://www.hs.fi/ulkomaat/art-2000009238997.html

    Reply
  14. Tomi Engdahl says:

    Killnet Gloats About DDoS Attacks Downing Starlink, White House
    Elon Musk-owned Starlink, WhiteHouse.gov, and the Prince of Wales were targeted by Killnet in apparent retaliation for its support of Ukraine.
    https://www.darkreading.com/threat-intelligence/killnet-gloats-ddos-attacks-starlink-whitehouse-gov

    Reply
  15. Tomi Engdahl says:

    Vatican hit by suspected cyber attack days after Pope criticises Russia https://www.euronews.com/2022/12/01/vatican-hit-by-suspected-cyber-attack
    The Vatican’s website was down on Wednesday evening amid “abnormal access attempts”, according to the Holy See. Technical investigations are ongoing due to abnormal attempts to access the site, Vatican spokesman Matteo Bruni said. He did not give any further information.
    Throughout Wednesday, several Vatican sites were offline and the official Vatican.va website was inaccessible well into the evening.
    The suspected hack came a day after Moscow rebuked Pope Franciss latest condemnation of Russias invasion of Ukraine. In an interview with a Jesuit magazine, the pope had singled out troops from Chechnya and other ethnic minorities in Russia for their particular cruelty during the war.

    Reply
  16. Tomi Engdahl says:

    https://medium.com/@andersentda/leaked-russian-documents-show-the-impossibility-of-deliberate-nuclear-war-f05d82835d18

    Reply
  17. Tomi Engdahl says:

    https://www.tuni.fi/alustalehti/2022/04/08/voidaanko-venaja-erottaa-yksta/

    Reply
  18. Tomi Engdahl says:

    Raportti: Venäjä uskoi voittavansa Ukrainan sodan kymmenessä päivässä – suunnitelmissa perustavan­laatuinen ongelma https://www.is.fi/ulkomaat/art-2000009241670.html

    Reply
  19. Tomi Engdahl says:

    https://www.mtvuutiset.fi/artikkeli/yhdysvaltalaiset-starlink-yhteydet-ovat-ukrainan-sotatoimille-elintarkeat-musk-nostaa-jalleen-palvelun-hintaa/8581832#gs.kdpmo8

    Reply
  20. Tomi Engdahl says:

    Never-before-seen malware is nuking data in Russia’s courts and mayors’ offices
    CryWiper masquerades as ransomware, but its real purpose is to permanently destroy data.
    https://arstechnica.com/information-technology/2022/12/never-before-seen-malware-is-nuking-data-in-russias-courts-and-mayors-offices/

    Reply
  21. Tomi Engdahl says:

    The drones that Ukrainian forces used to strike two Russian bomber bases 300 miles inside Russia on Monday weren’t the satellite-controlled, missile-armed Bayraktar TB-2s that Ukraine acquired from Turkey. No, they reportedly were Tupolev Tu-141s, ex-Soviet antiques that last saw front-line use in the 1980s, flying photo-reconnaissance missions for the Soviet air force.

    Ukraine Pulled Ex-Soviet Recon Drones Out Of Storage, Added Bombs And Sent Them Hurtling Toward Russia
    https://www.forbes.com/sites/davidaxe/2022/12/05/ukraine-pulled-ex-soviet-recon-drones-out-of-storage-added-bombs-and-sent-them-hurtling-toward-russia/?sh=4c5a8ac13348&utm_campaign=socialflowForbesMainFB&utm_medium=social&utm_source=ForbesMainFacebook

    As developments of the first-generation recon drones that the U.S. Air Force deployed in the Vietnam War, the jet-propelled Tu-141 wasn’t very sophisticated by 1980s standards. It’s even less sophisticated today.

    But it’s simple, speedy and big enough to haul a warhead weighing hundreds of pounds, making it much more powerful than a TB-2 with its 49-pound missiles. The Tu-141 works. So it should come as no surprise that the Ukrainians are sending their Tu-141s on one-way missions to blow up Russian bombers.

    Reply
  22. Tomi Engdahl says:

    Preparing for a Russian cyber offensive against Ukraine this winter https://blogs.microsoft.com/on-the-issues/2022/12/03/preparing-russian-cyber-offensive-ukraine/
    As we report more fully below, in the wake of Russian battlefield losses to Ukraine this fall, Moscow has intensified its multi-pronged hybrid technology approach to pressure the sources of Kyivs military and political support, domestic and foreign. This approach has included destructive missile and cyber strikes on civilian infrastructure in Ukraine, cyberattacks on Ukrainian and now foreign-based supply chains, and cyber-enabled influence operations intended to undermine US, EU, and NATO political support for Ukraine, and to shake the confidence and determination of Ukrainian citizens.
    In recent months, cyberthreat actors affiliated with Russian military intelligence have launched destructive wiper attacks against energy, water and other critical infrastructure organizations networks in Ukraine as missile strikes knocked out power and water supplies to civilians across the country.

    Reply
  23. Tomi Engdahl says:

    Massive DDoS attack takes Russias second-largest bank VTB offline https://www.bleepingcomputer.com/news/security/massive-ddos-attack-takes-russia-s-second-largest-bank-vtb-offline/
    Russia’s second-largest financial institution VTB Bank says it is facing the worse cyberattack in its history after its website and mobile apps were taken offline due to an ongoing DDoS (distributed denial of service) attack. “At present, the VTB technological infrastructure is under unprecedented cyberattack from abroad,” stated a VTB spokesperson to TASS (translated). “It is not only the largest cyberattack recorded this year, but in the entire history of the bank.” The bank says its internal analysis indicates the DDoS attack was planned and orchestrated with the specific purpose of causing inconvenience to its customers by disrupting its banking services.

    Reply
  24. Tomi Engdahl says:

    Exposing TAG-53s Credential Harvesting Infrastructure Used for Russia-Aligned Espionage Operations https://www.recordedfuture.com/exposing-tag-53-credential-harvesting-infrastructure-for-russia-aligned-espionage-operations
    Beginning in July 2022, Recorded Futures Insikt Group observed the recurring use of similar infrastructure by the threat activity group TAG-53. This newly discovered infrastructure likely overlaps with other infrastructure tactics, techniques, and procedures (TTPs) previously attributed to Callisto Group, COLDRIVER, and SEABORGIUM, who have been linked to activity aligning with Russian state interests. Insikt Group has observed the recurring use of common traits by TAG-53 when curating its infrastructure, including the use of domain names employing a specific pattern construct along with Lets Encrypt TLS certificates, the use of a specific cluster of hosting providers, and the use of a small cluster of autonomous systems.

    Reply
  25. Tomi Engdahl says:

    Wipers Are Widening: Here’s Why That Matters
    https://www.securityweek.com/wipers-are-widening-heres-why-matters

    In the first half of this year, researchers saw a rising trend of wiper malware being deployed in parallel with the Russia-Ukraine war. However, those wipers haven’t stayed in one place – they’re emerging globally, which underscores the fact that cybercrime knows no borders.

    It’s not just the numbers that are growing; we’re also seeing a rise in variety and sophistication. These wiper varieties are also increasingly targeting critical infrastructure.

    Awash with wipers

    The war in Ukraine has undoubtedly fueled a major uptick in the use of wiper malware; FortiGuard Labs research identified at least seven new wiper variants in the first half of 2022 that were used in campaigns targeting government, military and private organizations. That’s almost as many wiper variants that have been publicly detected in total since 2012, when bad actors used the Shamoon wiper to attack a Saudi Arabian oil company.

    These variants include the following variants:

    • CaddyWiper: Bad actors used this variant to wiper data and partition information from drives on systems belonging to a select number of Ukrainian organizations shortly after the war began.

    • WhisperGate: Discovered by Microsoft in mid-January being used to target organizations in Ukraine.

    • HermeticWiper: Noted in February by SentinelLabs, this tool for triggering boot failures was also found targeting Ukrainian organizations

    • IsaacWiper: A malware tool for overwriting data in disk drives and attached storage to render them inoperable.

    We also observed three other variants targeting Ukrainian companies and organizations: WhisperKill, Double Zero and AcidRain.

    Wipers without borders

    The wiper ware action isn’t limited to Ukraine. We’ve detected more wiper malware outside Ukraine than within the country since the war began in February. We’ve detected wiper activity in 24 counties other than Ukraine.

    Reply
  26. Tomi Engdahl says:

    Venäläistä jättipankkia pommitetaan rajulla verkkohyökkäyksellä “Historian suurin”
    https://www.tivi.fi/uutiset/venalaista-jattipankkia-pommitetaan-rajulla-verkkohyokkayksella-historian-suurin/2b79de41-a1b6-4418-ac52-e02672fbc986
    Isku näyttää olevan peräisin maan ulkopuolelta, mutta mukana on myös venäläisiä ip-osoitteita.

    Reply
  27. Tomi Engdahl says:

    Muutos Putinin puheessa pisti asiantuntijan korvaan
    https://www.is.fi/ulkomaat/art-2000009254124.html

    Vladimir Putin puhui ja sanoi jotain, mitä ei usein ole kuultu. Myös sanat ydinaseista kiinnittivät asiantuntijan huomion.

    Venäjän presidentti Vladimir Putin ei usein ole ottanut kantaa Ukrainan sodan kestoon. Keskiviikkona hän sanoi suoraan sen, minkä moni on jo tiennyt: kyse ei ole nopeasta operaatiosta.

    – Mitä tulee tulosten saavuttamisen pitkään prosessiin erityisessä sotilasoperaatiossa – tietysti se voi olla pitkä prosessi, Putin sanoi kutsuen sotaa operaatioksi, kuten Venäjällä on tapana.

    – Kyllä tässä nyt tunnustetaan tosiasiat. Kun sota ei ole mennyt niin kuin Venäjä toivoi, niin Venäjän yhteiskunta on ollut pakko saada yhä enemmän tähän sotaan mukaan.

    Totuutta ei voi enää piilotella. Alun perin Venäjä pyrki pitämään kansalaisensa erossa sodasta. Oli tarkoitus, että ammattisotilaat hoitavat asian, eivät reserviläiset eivätkä siviilit, joita nyt on mobilisoitu. Käihkö huomauttaa myös, että lisäksi talouspakotteet näkyvät yhä enemmän monen venäläisen elämässä.

    – Sodasta on tullut konkreettinen asia monelle venäläiselle, viimeistäänkin syyskuun liikekannallepanon jälkeen.

    – Putin on ollut hiljaa tähän mennessä, mutta kyllä ennemmin tai myöhemmin on pakko alkaa myöntää tosiasioita.

    Se hetki tuli nyt. Tappioita Putin ei ole omalle kontolleen ottanut aiemminkaan, Käihkö muistuttaa. Taannoisen Hersonista vetäytymisenkin hoitivat kenraali Sergei Surovikin ja puolustusministeri Sergei Shoigu, jotka puhuivat siitä tv-kameroiden edessä järjestetyssä näytelmässä.

    – Mutta tämä nyt tietysti tappiona voidaan nähdä. Eli että tämä operaatio ei ole onnistunut, Käihkö arvioi Putinin tuoretta lausuntoa.

    Toki Putinin puheessa uusien alueiden liittäminen Venäjään oli onnistuminen ja ”merkityksellinen tulos”.

    – Tietysti tappiota hän ei myöntänyt. Ja varmasti siellä on vielä se toive, että sota saadaan käännettyä, jos ei nyt niin sitten keväällä. Mutta tämä on tietysti toiveajattelua. Ei ole takeita että tämä onnistuu, mutta tällä ostetaan lisää aikaa.

    Putin sanoi, että nyt mobilisoiduista joukoista 150 000 on yhä harjoituskeskuksissa Venäjällä.

    Käihkö arvioi, että Putin toivoo näillä joukoilla kääntävänsä sodan suunnan keväällä, eikä Venäjällä epäsuositun liikekannallepanon jatkamista tarvittaisi. Se ei myöskään olisi hyödyllistä, Käihkö sanoo.

    – Jos ei pystytä kouluttamaan, ylläpitämään eikä varustamaan näitä joukkoja, niin ei siinä silloin sotilaallisestikaan ole mitään järkeä.

    Siksi Putinin oli helppo myös sanoa, ettei liikekannallepanoa ole nyt tulossa – tai ainakaan sitä ei haluta sanoa julkisesti ääneen. Se häiritsisi myös yhteiskuntarauhaa.

    . Käihkön mukaan kovasti näyttää siltä, että kansalaisten taloudellinen asema tulee kurjistumaan entisestään.

    – Tämä tulee olemaan Venäjälle vaikea tilanne. Mutta siellä toivotaan, että tilanne on vaikea myös etenkin eurooppalaisille maille, kun energian hinta nousee, inflaatio jyllää ja korot nousevat. Eli toivotaan, että meillä tapahtuisi jotain poliittisia muutoksia, jotka vaikuttaisivat Venäjälle positiivisesti Ukrainan suhteen.

    – Se on vain toive, kun ei Venäjällä mitään kovin hyvää strategiaa tällä hetkellä ole.

    Reply
  28. Tomi Engdahl says:

    Maggie Miller / Politico:
    A look at Estonia’s efforts to aid cybersecurity workers in Ukraine and coordinate with European and US allies to defend against Russia’s cyberattacks

    How Estonia is helping Ukraine take on Russian cyber threats
    https://www.politico.com/news/2022/12/07/estonia-ukraine-cybersecurity-russian-hackers-00072925

    Estonia is playing a leading role in providing cybersecurity and digital support for Ukraine, areas the Baltic nation dominates in.

    TALLINN, Estonia — Ukraine has surprised the world with its ability to fend off major cyberattacks from Russia. And one small country — Estonia — has played an outsized role in helping them do so.

    The nation of just over 1 million, which has fought off cyberattacks inside its borders from Russia for years, is now leading many of the efforts to provide cyber threat intelligence, funding and critical international connections to protect Ukraine from Russian hackers.

    Luukas Ilves, Estonia’s chief information officer, said he speaks with Ukrainian counterparts weekly, while some of his colleagues are in “daily contact.” Their assistance has included tasking Estonian cybersecurity professionals to help thwart attempted hacks of Ukrainian critical infrastructure such as power substations and satellites.

    “We have been one of the more active European countries in working with them,” Ilves said of Ukraine. While a spokesperson for the European Commission did not respond to a request for comment, it has been reported that Estonia is leading a European Union program worth almost €11 million to provide cyber and digital privacy services to Ukraine.

    In some ways, Estonia was forced to prioritize cybersecurity following a Russian cyberattack in 2007 that attempted to shut down the websites of government, banking and other critical services organizations in retaliation for the removal of a Soviet-era statue. Now, Ilves said, they aim to share the expertise they’ve accumulated.

    While Estonia has boosted cybersecurity investment at striking levels, other regular victims of Russian cyberattacks have also focused on strengthening cybersecurity. Ukraine itself has strong cyber experience following a decade of Russian cyberattacks, including two incidents that turned off the lights in portions of the country in 2015 and 2016, while the Czech Republic is drafting new legislation to vet third party suppliers of IT equipment used in the country’s critical infrastructure networks in the wake of several major cyberattacks in recent years.

    On the financial front, Estonia has consistently been a major contributor in funding to Ukraine. According to data from the non-profit Kiel Institute for World Economy, Estonia ranks second in overall financial support for Ukraine according to its GDP. And while Ilves said it was hard to pin down the amount given for digital efforts, it was certainly “in the millions.”

    And Estonia has tasked its Information Security Authority, or RIA, which works to protect critical Estonian systems against cyberattacks, with providing cybersecurity support and sharing threat information with counterparts in Ukraine.

    Gert Auväärt, the head of cybersecurity and deputy director of RIA, noted that Estonia has long been a “test base” for Russian cyberattacks, such as multiple major efforts to shut down the Estonian Parliament’s websites. While he declined to go into specifics of the support due to security reasons, Auväärt said Estonia was using its “personal experiences” with Russia to help inform its support to Ukraine and that it’s in a “regular information-sharing partnership” with Ukraine.

    In terms of expertise on Russian cyberattacks, few nations surpass Estonia. Cyberattacks from Moscow have kept up at a steady pace in the years since the 2007 strikes, including an August attack on the Estonian Parliament’s website during the Estonian government’s effort to remove a Soviet tank from the Eastern border with Russia. According to Auväärt, the August cyberattack was 100 times higher in volume than the 2007 attack.

    On another occasion, when the Estonian Parliament declared the Russian Federation a terrorist state, Russian hackers flooded the Parliament’s website with the equivalent of seven years of its usual internet traffic in a single 24-hour period. Estonia managed to fend off the attack and the platform didn’t crash.

    “We’ve seen these waves of attacks, it’s calm, calm, calm and then there comes a big wave, then again there is quiet, quiet, quiet, then again it comes,” Auväärt said. “The constant threat level has not changed.”

    One reason Estonia has been able to help Ukraine: Its investments in its own cybersecurity means it has the people at the ready. RIA doubled its personnel and its budget in the last year, and last week, Estonian President Alar Karis visited RIA’s headquarters for a briefing on threats in cyberspace.

    According to Ilves, 50 percent of the government’s overall spending on technology goes toward cybersecurity, and Estonia added €60 million to the budget for cybersecurity this year. The goal is to increase that spending in the future.

    That has turned Estonia into a leading force in NATO on cybersecurity issues. The bloc’s Cooperative Cyber Defense Center of Excellence — which provides cyber training for NATO members and allies such as Ukraine — is headquartered in Tallinn, along with its training base for cybersecurity experts. While a spokesperson for NATO declined to comment on Estonia’s level of cyber support for Ukraine versus other NATO countries, Estonia is certainly viewed as a key ally in the fight against cyberattacks from Russia.

    “It’s no accident that the Cyber COE is there given the Estonian government and the Estonian people’s investment in high tech and information technology and the related industries,” David Cattler, assistant secretary general for NATO’s Joint Intelligence and Security Division, said during a virtual briefing with reporters last week. “They are a strong ally and a strong contributor on many things and especially on cyber issues.”

    The nation also shares threat intelligence extensively with its NATO partners and with Ukraine. This includes regular contact with the United States’ Cybersecurity and Infrastructure Security Agency on both threats from Russia and how to secure elections. The relationship is warm

    Reply
  29. Tomi Engdahl says:

    The sky over Ukraine is one of the most dangerous places in the world for aircrews. Ukrainian and Russian air defenses blanket the entire country. But there are thin patches in these defenses. Holes the Ukrainians partially have filled with fake radars from the U.S. “Threat emitters,” they’re called.

    Fake Air Defenses Are Bolstering Ukraine’s Real Air Defenses
    https://www.forbes.com/sites/davidaxe/2022/12/08/fake-air-defenses-are-bolstering-ukraines-real-air-defenses/?sh=57df9f666f58&utm_campaign=socialflowForbesMainFB&utm_source=ForbesMainFacebook&utm_medium=social

    Holes the Ukrainians partially have filled with fake radars from the U.S. “Threat emitters,” they’re called.

    Aviation Week first reported the supply of threat emitters by the U.S. to Ukraine.

    A threat emitter—which militaries normally use for training aircrews—broadcasts a signal similar to an air-defense radar without possessing the same signal-processing systems and without cueing an actual missile or gun. It’s just frightening noise.

    But that noise is useful to a clever planner. A threat emitter could create the impression that local defenses are more powerful than they actually are, potentially deterring air raids. Emitters also could draw enemy fire—and even lure attacking forces into traps.

    It’s unclear exactly which threats the emitters in question replicate.

    Deception is a time-honored tradition in the practice of air defense. Decoy guns once played the same role that threat-emitters do today. The Ukrainians and Russians haven’t totally abandoned the art of the physical decoy.

    Indeed, fake air-defense systems—inflatable, wooden or inoperable versions of operational systems—have appeared on both sides in the war. The Ukrainians in particular are adept at drawing Russian missiles away from real air defenses and toward fake ones. Threat-emitters add electronic realism to the deception.

    Reply
  30. Tomi Engdahl says:

    Stoltenberg NRK:lle: Pelkään suur­sotaa Naton ja Venäjän välillä
    https://www.is.fi/ulkomaat/art-2000009255782.html

    Eurooppa elää kohtalon aikaa, Naton pääsihteeri Jens Stoltenberg sanoo Norjan television haastattelussa.

    Reply
  31. Tomi Engdahl says:

    Stoltenberg: ”Ukrainan sota on kauhea. Se voi muuttua täysimittaiseksi ja laajentua” https://www.is.fi/ulkomaat/art-2000009217548.html

    Reply
  32. Tomi Engdahl says:

    Ohjusisku Kiovaan paljasti hätkähdyttävän tosi­­asian Venäjän ase­järjestelmistä – ”aivan absurdia” https://www.is.fi/kotimaa/art-2000009259228.html

    Lännen pakotteet eivät ole estäneet sitä, että Venäjä hyödyntää edelleen länsimaista teknologiaa asejärjestelmissään. Venäjän kalustotappioita tutkineen OSINT-asiantuntijan mukaan toimitusketju täytyy katkaista.

    VENÄJÄ pystyy yhä valmistamaan länsimaisesta teknologiasta riippuvaisia ohjuksia, osoittaa brittiläisen Conflict Armament Research (CAR) -järjestön tuore raportti. Järjestön tutkijat saivat selville, että Venäjän marraskuussa Kiovaan tekemissä iskuissa käytettiin risteilyohjuksia, jotka tuotettiin vain muutamia kuukausia sitten.

    – Venäläisissä asejärjestelmissä käytetään satoja ellei tuhansia länsimaisia komponentteja, joiden saatavuutta ei olla edelleenkään pystytty estämään, Salmela huomauttaa.

    VENÄJÄ on Warspottingin tietojen mukaan menettänyt tähän mennessä esimerkiksi jo lähes 1 425 taistelupanssarivaunua. Se on jo yli puolet Venäjän aktiivikalustosta. Venäjän kalusto ei silti ole toistaiseksi ehtymässä, mutta tappioiden vuoksi rintamalla nähdään entistä enemmän varmuusvarastoista kaivettua tavaraa.

    Jopa neuvostoaikana valmistetuissa raskaissa taisteluajoneuvoissa käytetään ranskalaisia lämpökameroita

    – Venäjällä ei ole kehittynyttä teollisuutta, jotta pystyttäisiin valmistamaan tällaisia komponentteja. Joko ne on suoraan hankittu Euroopasta, Yhdysvalloista, Kiinasta tai välikäsien kautta, Salmela sanoo.

    Iran on toimittanut Venäjälle lennokkeja, joiden elektronisista komponenteista suurin osa on tuotettu muualla, enimmäkseen lännessä.

    – Toimitusketju vuotaa kautta linjan. Eurooppalaiset yritykset ovat vuodesta 2014 tietoisesti kiertäneet pakotteita. Helmikuun jälkeen toiminta on hieman parantunut, mutta toimitusketjuja ei ole pystytty tai haluttu pistämään kiinni.

    UKRAINE)
    30–50 PROSENTTIA Venäjän menettämästä kalustosta on uutta.

    Venäjän tuotantokapasiteetti on mitätön verrattuna sen varmuusvarastoihin, joissa on pääasiassa Neuvostoliiton aikana valmistettua tavaraa.

    – Ongelma on, että virhe on tehty jo aiemmin. Päivittäin joka ikinen venäläinen asejärjestelmä käyttää länsimaista teknologiaa. Jos toimitusketju pystytään katkaisemaan, eikä Venäjä saa komponentteja enää mistään, kun kalustoa pitää huoltaa, heille tulee valtava ongelma.

    – Poliittinen tahto ei riitä, eikä Eurooppa kokonaisuutena kanna vastuuta.

    Reply
  33. Tomi Engdahl says:

    Ukrainian railway, state agencies allegedly targeted by DolphinCape malware https://therecord.media/ukrainian-railway-state-agencies-allegedly-targeted-by-dolphincape-malware/
    Ukrainian government agencies and the state railway are the latest victims of a new wave of phishing attacks, Ukraines Computer Emergency Response Team (CERT-UA) reported last week.

    Reply
  34. Tomi Engdahl says:

    Ukrainan maakoodi katosi Twitteristä – ikävät seuraukset käyttäjille https://www.is.fi/digitoday/art-2000009265961.html

    Reply
  35. Tomi Engdahl says:

    Reuters:
    An investigation outlines the global supply chain that continues to feed Russia with Western components and electronics, including from Intel, AMD, and Infineon

    The supply chain that keeps tech flowing to Russia
    https://www.reuters.com/investigates/special-report/ukraine-crisis-russia-tech-middlemen/

    Reuters provided to Intel, AMD, Texas Instruments, Analog Devices and Infineon data from Russian customs records that detail shipments of their products that have arrived in Russia in recent months. Reuters excluded data between Feb. 25 and March 31 to account for shipments that might have been in transit before the invasion or before the manufacturers’ announced suspensions.

    A spokesperson for Intel said the company is taking the findings “very seriously and we are looking into the matter.” The spokesperson said Intel adheres to all sanctions and export controls against Russia and “has a clear policy that its distributors and customers must comply with all export requirements and international laws as well.”

    Similarly, a spokesperson for AMD said the firm “strictly complies” with all export regulations and has suspended sales and support for its products in Russia. “That includes requiring all AMD customers and authorized distributors” to stop selling AMD products into Russia.

    Infineon, too, said that after the invasion, it “instructed all distribution partners globally to prevent deliveries and to implement robust measures that will prevent any diversion of Infineon products or services contrary to the sanctions.”

    Texas Instruments said it has not shipped to Russia since the end of February. Analog Devices didn’t respond to requests for comment.

    A spokesperson for the U.S. Department of Commerce said, “Since the start of the invasion, Russia’s access to semiconductors from all sources has been slashed by nearly 70 percent thanks to the actions of the unprecedented 38 nation coalition that has come together to respond to (Russian President Vladimir) Putin’s aggression. It is no surprise that Russia is working hard to circumvent controls.”

    But the Reuters review of Russian customs data found that since the invasion, the declared value of semiconductor imports by Russia has, in fact, risen sharply. The spokesperson said the Commerce Department had analyzed different data and therefore couldn’t comment on Reuters findings.

    Putin’s office and Russia’s Ministry of Industry and Trade didn’t respond to requests seeking comment for this article.

    “We ourselves increase the risks of sanctions by publicly reporting on who will carry what and from where … Such publicity attracts unnecessary attention.”
    Evgeny Krivosheev, F+ tech’s head of production and development

    Pixel Devices said it has been supplying IT equipment to Russia for several years and “it is possible” that it shipped Intel and AMD products this year “as part of long-term contracts.” It said it acquires its products from manufacturers or their resellers and doesn’t supply components “that violate any binding policies imposed on the company by its partners, vendors, or distributors.” Intel and AMD told Reuters that Pixel Devices isn’t an authorized distributor of their products.

    Russian customs records show that Pixel Devices’ main client in Russia is a company in St. Petersburg called OOO KompLiga. Its website, states that the firm can supply a wide range of IT products and parts. According to the customs records, since April 1, KompLiga has imported at least $181 million worth of electronics, almost exclusively from Pixel Devices.

    KompLiga’s general manager, Aleksandr Kotelnikov, told Reuters he was reluctant to provide details on how his company manages to continue procuring Western electronic components. “I’d rather not disclose details about my company’s work so as not to tip off rivals and give them a helping hand in their hard work,” Kotelnikov wrote in an email.

    “Iron curtain”

    Not every Russian company is reluctant to discuss how to deal with export restrictions. A Moscow-based logistics firm, OOO Novelco, has been advising Russian businesses on how to continue importing foreign goods.

    In September, Novelco organized a seminar in Moscow for its clients on “how to find alternative ways to deliver goods” to Russia. In a 45-minute presentation entitled “Foreign trade tactics and strategies to compensate for sanctions,” Novelco’s chief executive, Grigory Grigoriev, urged companies to stockpile products and develop diversified pools of suppliers from more than one country.

    One Novelco executive offered a tip for clients tempted to use the Chinese territory of Macau as a shipping point to Russia: “We do not recommend sending cargo through this airport, despite the attractive rates, as there are enormous waiting times, cancellations.”

    To resolve shipping problems, he and other Novelco executives have recommended on the company’s YouTube channel using lessons learned during the pandemic, such as transporting goods through third countries, rather than directly from a supplier.

    In interviews with Russian media and in a series of posts on LinkedIn, Grigoriev described recent trade restrictions on Russia as tantamount to erecting an “iron curtain” around his country.

    Grigoriev said in one LinkedIn post that Novelco had set up an affiliate in Istanbul and has been shipping goods to Russia from Turkey, which doesn’t enforce all U.S. and EU Russian trade restrictions. Once merchandise arrives in Turkey, “shipments are processed for re-export and cargo can follow to Russia by air, sea, road and rail transport,” Grigoriev said in the post.

    In March, Grigoriev registered in Istanbul a company called Smart Trading Ltd Sti, Turkish corporate records show. Since then, the company has shipped at least $660,000 worth of products made by U.S. semiconductor makers, according to Russian customs records.

    Some other Russian firms believe it is unwise to discuss publicly how to handle trade restrictions.

    EU shipments

    Many recent shipments of Western computer parts to Russia have arrived from China and other countries that haven’t joined the United States and the EU in restricting exports to Russia.

    But there are some exceptions, Reuters found. Customs records show shipments of Analog Devices and other U.S. components directly from the EU.

    Elmec Trade Oü, an electronic-components wholesaler based in the Estonian capital Tallinn, shipped at least $17 million worth of goods to Russia between April 1 and Oct. 31, according to Russian customs records. These included chips made by Analog Devices and other U.S. manufacturers, the records show.

    Asked how his company could continue to export Analog Devices and other Western chips months after the manufacturers announced they had suspended sales to Russia, he said that “the majority” were orders placed last year. The shipments were delayed because of pandemic-related transit disruptions, he said. Analog Devices didn’t respond to requests for comment.

    A spokesperson for the European Commission didn’t respond to questions about Elmec Trade. In general, the spokesperson said, “The EU takes circumvention very seriously, as it is a practice that can undermine the effectiveness of EU sanctions.” The spokesperson noted that the 27-member bloc has been encouraging other countries to align with EU measures adopted against Russia.

    Eleventh floor

    The U.S. government has placed export restrictions on scores of companies to try to stop the flow of sensitive high-tech components to Russia. But the probe by Reuters and RUSI found that there appears to be an active roster of substitute players ready to replace such entities.

    Reply
  36. Tomi Engdahl says:

    Trojanized Windows 10 Operating System Installers Targeted Ukrainian Government https://www.mandiant.com/resources/blog/trojanized-windows-installers-ukrainian-government
    Mandiant uncovered a socially engineered supply chain operation focused on Ukrainian government entities that leveraged trojanized ISO files masquerading as legitimate Windows 10 Operating System installers. The trojanized ISOs were hosted on Ukrainian- and Russian-language torrent file sharing sites. Upon installation of the compromised software, the malware gathers information on the compromised system and exfiltrates it. At a subset of victims, additional tools are deployed to enable further intelligence gathering. In some instances, we discovered additional payloads that were likely deployed following initial reconnaissance including the STOWAWAY, BEACON, and SPAREPART backdoors.

    Reply
  37. Tomi Engdahl says:

    Lisää huolia Venäjälle – Kiina rajoittaa sirujen vientiä https://www.is.fi/digitoday/art-2000009271047.html

    Reply
  38. Tomi Engdahl says:

    Dark Web Profile: Killnet Russian Hacktivist Group https://socradar.io/dark-web-profile-killnet-russian-hacktivist-group/
    Killnet is a pro-Russian hacktivist group known for its DDoS campaigns against countries supporting Ukraine, especially NATO countries since the Russia-Ukraine war broke out last year. DDoS is the primary type of cyber-attack that can cause thousands of connection requests and packets to be sent to the target server or website per minute, slowing down or even stopping vulnerable systems.

    Reply
  39. Tomi Engdahl says:

    Data Destruction Policies in the Age of Cloud Computing
    https://www.darkreading.com/cloud/data-destruction-policies-in-the-age-of-cloud-computing-
    We must develop a cloud-compatible way of doing destruction that meets the DoD standards, or we must stop pretending and adjust our standards to this new reality. Maybe cloud providers can come up with a service to provide this capability, since only they have direct access to the underlying hardware. They have never been shy about inventing new services to charge for, and certainly plenty of companies would be eager to pay for such a service, if the appropriate certificates of destruction were provided. It would probably be cheaper than fees charged by some of the companies providing certified physical-destruction services.

    Reply
  40. Tomi Engdahl says:

    EU tiukentaa Venäjä-pakotteitaan tarkastus- ja testauspalveluihin
    https://www.uusiteknologia.fi/2022/12/19/eu-tiukentaa-venaja-pakotteitaan-tarkastus-ja-testauspalveluihin/

    Euroopan unioni julkaisi perjantaina uusia rajoittavia toimenpiteitä, joilla kielletään esimerkiksi kaivosteollisuuden lisäksi kaikenlaisen elektroniikan ja it-tekniikan vienti Venäjälle. Nyt myös tuotetestaus- ja teknisten tarkastuspalveluiden tarjoaminen kielletään. Vientikiellot koskevat muiden EU-maiden tavoin myös Suomen tuontia ja vientiä Venäjälle.

    EU:n yhdeksännessä pakotepaketissa vientikiellon piiriin lisätään Venäjän sotakoneistoa ja teollista kapasiteettia tukevia yrityksiä ja teknologiaa. Laajennetut kiellot koskevat kemiallisia ja biologisia laitteistoja, moottoreita, generaattoreita, sekä elektroniikkaa ja tietotekniikkaa.

    Päätöksessä on varsin yksityiskohtaisesti listattu kielletyt elektroniikan komponentit kellotaajuuksineen, niiden kokoonpanot, tuotantolaitteet ja ratkaisut. Nyt Venäjän energiasektoria koskeva investointikielto ulotetaan kattamaan nyt myös kaivosteollisuus, tosin soveltamiskiellon ulkopuolelle jätetään muutamia EU-maille tärkeitä raaka-aineita, kuten alumiini, koboltti, rautamalmi, nikkeli. Lisäksi huoltovarmuuden takaamiseksi EU:ssa ulkoministeriön vientivalvontayksikkö voi myöntää poikkeusluvan nesteytetyn maakaasun (LNG) varastoinnissa käytettävän kaasukonsentraatin tuontiin Venäjältä.

    Aiemmin asetetun metanolin tuontikiellon soveltamista lykätään kuudella kuukaudella kyseisen raaka-aineen saannin turvaamiseksi. Pakotteilla kielletään myös esimerkiksi tuotetestaus- ja teknisten tarkastuspalveluiden tarjoaminen erilaisten muiden markkinapalveluiden lisäksi.

    Reply
  41. Tomi Engdahl says:

    Russ Mitchell / Los Angeles Times:
    Amazon has invested $75M so far to help Ukraine, including getting 10PB of government data out of the country in suitcase-sized Snowball Edges for AWS uploading

    How Amazon put Ukraine’s ‘government in a box’ — and saved its economy from Russia
    https://www.latimes.com/business/story/2022-12-15/amazon-ukraine-war-cloud-data

    Since Februrary, Amazon has been playing Santa Claus to Ukraine, delivering planeloads of goods, including blankets, hygiene kits, diapers, food and toys, for the war-torn nation and refugees in Poland and other parts of Europe.

    But long term, what’s more important to Ukrainians than the gifts coming in is what’s going out: massive amounts of government, tax, banking and property data vulnerable to destruction and abuse should Russian invaders get their hands on it.

    Since the day Russia launched its invasion Feb. 24, Amazon has been working closely with the Ukrainian government to download essential data and ferry it out of the country in suitcase-sized solid-state computer storage units called Snowball Edge, then funneling the data into Amazon’s cloud computing system.

    “This is the most technologically advanced war in human history,” said Mykhailo Fedorov, Ukraine’s 31-year-old vice prime minister and minister of digital transformation, referring not just to weapons but data too. Amazon Web Services’ “leadership made a decision that saved the Ukrainian government and economy.”

    Amazon has invested $75 million so far in its Ukraine effort, which includes the data transfer via the Snowballs. Fedorov, speaking at a tech conference in Las Vegas this month, called it “priceless.”

    The data, 10 million gigabytes so far, represent “critical information infrastructure. This is core for operation of the economy, of the tax system, of banks, and the government overall,” he said. The data also include property records whose safekeeping can help prevent theft of Ukrainian homes, businesses and land.

    Through history, invaders have “come in and staged fake referendum and parceled out the land to their chums,” said Liam Maxwell, head of government transformation at Amazon Web Services, the company’s highly profitable cloud computing arm. “That kind of thing has been happening since William the Conquerer.”

    At the time, Ukrainian law required the majority of government data and certain private data to be housed on servers in Ukraine. In February, parliament changed that law to allow the information transfer.

    On Feb. 24, the day of the invasion, Maxwell met for lunch with Ukrainian Ambassador Vadym Prystaiko at the Ukrainian Embassy in London.

    They sketched out with pen and paper a list of the most essential data: the population register, land and property ownership records, tax payment records, bank records, education registries, anti-corruption databases and more. The project involved 27 Ukrainian ministries, 18 Ukrainian universities, the country’s largest remote learning K-12 school serving hundreds of thousands of displaced children, and dozens of other private sector companies including Ukraine’s largest private financial institution, PrivatBank.

    Early on, the Snowball units, in their shock-proof gray containers, were flown from Dublin to Krakow, Poland. Then the Ukrainians “spirited these devices over the border” into Ukraine, Maxwell said.

    After the data downloads, much of the information is being sent to the cloud over secure networks, and the Snowballs, loaded with up to 80 terabytes of encrypted data each, are shipped back to Amazon. For good reason, Maxwell doesn’t want to say where, but says “it’s a tense moment around the baggage carousel. Here’s government in a box, literally.”

    Once it’s in the cloud and distributed around the world, everyone breathes easier. “You can’t take out the cloud with a cruise missile,” Maxwell said.

    The mission required speed, organization and deep technical skill. Maxwell said Fedorov, “a man in a hurry,” ticked all the boxes.

    Still, Amazon spent time training the Ukrainians on how the AWS system works. That free training has been extended to refugees in Poland and in other locations in Europe. There’s an upside for Amazon, in addition to recognition for its efforts: Maxwell notes that the program is equipping those refugees with crucial tech skills — and in the process expanding AWS’ talent base.

    Reply
  42. Tomi Engdahl says:

    Matt Burgess / Wired:
    Analysis: several major Russian cities appear to have faced widespread GPS disruption in the past week, experts say to evade Ukraine’s long-range drone attacks

    GPS Signals Are Being Disrupted in Russian Cities
    Navigation system monitors have seen a recent uptick in interruptions since Ukraine began launching long-range drone attacks.
    https://www.wired.com/story/gps-jamming-interference-russia-ukraine/

    Every day, billions of people use the GPS satellite system to find their way around the world—but GPS signals are vulnerable. Jamming and spoofing attacks can cripple GPS connections entirely or make something appear in the wrong location, causing disruption and safety issues. Just ask Russia.

    New data analysis reveals that multiple major Russian cities appear to have faced widespread GPS disruption during the past week. The signal interference follows Ukraine launching long-range drone attacks deep into Russian territory, and it may act as a way to potentially stop drones that rely upon GPS for navigation, experts say.

    The GPS interference has “expanded on a scale that hasn’t been seen before,” says Erik Kannike, a program manager at Estonian defense intelligence firm SensusQ who has been monitoring the situation. “What we’re seeing now, since about a week ago, is GPS jamming bubbles covering hundreds if not thousands of kilometers around tactical cities.”

    The GPS issues were first spotted by the monitoring system GPSJam, which uses data from planes to track problems with the satellite navigation system. The website has logged an increasing number of GPS disturbances in the Russian cities of Saratov, Volgograd, and Penza since the start of December. All of the cities are in western Russia and within hundreds of kilometers of the border with Ukraine.

    On December 5, GPSJam logged a limited amount of GPS interference in Russia—the majority of registered interference took place around Moscow, where the Kremlin for years has tampered with GPS connections. However, since December 11, multiple areas of the country have faced GPS disruption, data gathered by GPSJam shows. In addition, wireless data analytics firm Aurora Insight measured an increase in GPS signal levels in the area at the start of December—a sign that potential GPS interference could have happened.

    At the start of Russia’s full-scale invasion of Ukraine in February, there was no GPS interference detected by the website in these areas—aside from around Moscow. In recent months, the website has tracked little signal interference around Russia, although there has been some near Belarus. Some GPS disturbances have also been logged near Russia’s border with Finland.

    Disruption to Global Navigation Satellite Systems—a broad term that includes all satellite-based navigation systems, including Russia’ GLONASS, China’s Beidou, and Europe’s Galileo—can be caused in multiple ways. Most commonly, attackers use jamming or spoofing. Jamming can involve overriding radio signals so they don’t operate as intended, while spoofing can create false signals. Jamming can stop drones flying in certain areas and make map apps unreliable. And hundreds of warships appear to have had their locations spoofed since 2020.

    As the most widely used GNSS system, GPS has become an “international utility” in recent decades. This also means it has become “more susceptible and more likely to be interrupted,” says Dana Goward, the president of the Resilient Navigation and Timing Foundation, a nonprofit that helps to protect critical infrastructure. “Doing so causes greater and greater havoc in any number of systems,” Goward adds.

    There are relatively few large-scale monitoring efforts tracking GPS disruptions.

    Wiseman says GPSJam, which launched in July after he began collecting data in mid-February, uses ADS-B data from ADS-B Exchange, a network of aviation followers who track planes. This is generally GPS data, but it can also be other GNSS data if a plane uses a different system. Wiseman then aggregates this data each day to show areas where there appears to be GPS interference.

    The GPSJam map shows potential interference in red hexes across a world map, while areas where there may be some smaller interference are shown in yellow, and green hexes represent no interference.

    Todd Walter, the director of the GNSS laboratory at Stanford University, says GPSJam is a “valuable resource” for those tracking GPS interference.

    “It is not very good at detecting weak jammers or jammers on other frequencies,”

    Throughout Russia’s full-scale war in Ukraine, its forces have attempted to control the information space and communications. Its hack against the ViaSat satellite system disrupted satellite connections across Europe. Cities have had telephone equipment destroyed by missiles, and in some occupied areas Russia has tried to take control of Ukraine’s internet, subjecting people to censorship and surveillance. (At the same time, Russia has been hacked at an unprecedented scale.)

    Electronic warfare—including the jamming and blocking of GPS signals—has also been a part of the war. Russia has a well-documented history of disrupting GNSS signals, including testing electronic warfare systems in Syria. In 2018, taxis around the Kremlin appeared thousands of miles away on maps. Tankers off the Russian coast have also vanished from tracking systems. One 2019 report from the nonprofit C4ADS documented 9,883 cases of GNSS spoofing linked to Russia, saying it often happens when president Vladimir Putin visits an area. (Russia is not the only country with these capabilities: In the past eight years, commercial airlines in the US have reported at least 90 incidents of GPS interference, many of which were reportedly linked to nearby military tests.)

    Since Russia invaded Ukraine in February, GNSS signal disruption has been spotted multiple times. In March, the European Union Aviation Safety Agency issued an alert warning about satellite navigation systems being jammed or spoofed around Ukraine and in nearby regions. The United States has accused Russia of attempting to jam GPS, and reports say Russian jamming technologies have made Ukrainian drones inoperable during battles taking place on the ground.

    At the start of December, Ukraine launched drone attacks against military bases inside Russia. This was followed by reports that the Pentagon supported the long-range strikes. Russia’s media and telecommunications agency Roskomnadzor did not respond to WIRED’s request for comment.

    GPS jamming could stop drones from operating in the areas. Analysis of Russia’s electronic warfare capabilities says the country has multiple types of military equipment that can be used to interfere with GPS. This includes trucks and vehicles, equipped with scores of antennas, that can move to areas where officials may want to block signals. “This suggests that Russia is, at least for the winter, adopting a much more defensive posture where they’re actually focused on preventing incidents in their homeland,” Kannike adds. “The days where Russians underestimate Ukrainian long-range strike capabilities is certainly over.”

    https://gpsjam.org/

    Reply
  43. Tomi Engdahl says:

    CISA researchers: Russia’s Fancy Bear infiltrated US satellite network https://www.cyberscoop.com/apt28-fancy-bear-satellite/
    Because the targeted satellite communications provider used the same credentials for emergency accounts as ordinary ones, the hackers were able to re-use the stolen credentials for emergency accounts that made it easier for the hackers to move around the system. At the time of the intrusion, the company was also transmitting unencrypted supervisory control and data acquisition, or SCADA, traffic, which can include data like the state of industrial devices and commands from control centers, Emmanuel said.

    Reply
  44. Tomi Engdahl says:

    Ukraine’s DELTA military system users targeted by info-stealing malware https://www.bleepingcomputer.com/news/security/ukraines-delta-military-system-users-targeted-by-info-stealing-malware/
    A compromised Ukrainian Ministry of Defense email account was found sending phishing emails and instant messages to users of the ‘DELTA’
    situational awareness program to infect systems with information-stealing malware. The campaign was highlighted in a report today by CERT-UA (Computer Emergency Response Team of Ukraine), which warned Ukrainian military personnel of the malware attack. DELTA is an intelligence collection and management system created by Ukraine with the help of its allies to help the military track the movements of enemy forces.

    Reply
  45. Tomi Engdahl says:

    https://www.iltalehti.fi/ulkomaat/a/9435695b-e455-4c18-8a2d-68e6e241c31f

    Ukrainan väite: Putin siirsi hyökkäyspäätöstä kolmesti

    klo 11:00: Venäjän presidentti Vladimir Putin lykkäsi kolme kertaa hyökkäyksen aloittamista Ukrainaan. Näin väittää Ukrainan sotilastiedustelun varajohtaja Vadim Skibitskyi, joka on kommentoinut asiaa saksalaislehti Bildin haastattelussa.

    – Tietojemme mukaan hyökkäysoperaatiota lykättiin kolme kertaa, viimeisen kerran helmikuun puolivälissä, hän sanoo.

    Ukrainan tiedustelutietojen mukaan Putin oli keskustellut hyökkäyksen aloittamisesta tiiviisti asevoimien pääesikunnan päällikön, kenraali Valeri Gerasimovin ja puolustusministeri Sergei Šoigun kanssa.

    – (Venäjän turvallisuuspalvelu) FSB vaati hyökkäystä, he olivat vakuuttuneita että he olivat valmistautuneet riittävästi invaasiota varten, Skibitskyi kertoo.

    – He olivat satsanneet valtavasti resursseja ja he vaativat Gerasimovia hyökkäämäään.

    Lopulta Gerasimov myöntyi ja hyväksyi hyökkäyksen. Tämä oli kuitenkin virhearvio, sillä venäläisjoukot olivat varautuneet vain kolmen päivän sotaan.

    – Se, että heidän joukkonsa olivat saaneet vain kolmen päivän edestä ruokaa, ammuksia ja polttoainetta, osoittaa heidän virhearvionsa suuruuden, Skibitskyi sanoo.

    Tavalliset ukrainalaiset ilmoittivat hyökkäyksen alkamisen jälkeen ahkerasti tilannetietoja Venäjän joukkojen liikkeistä, mikä oli osoitus koko Ukrainan yhtenäisyydestä vihollisjoukkoja vastaan. Skibitskyin mukaan täsmälliset tiedot jokaisestä kylästä hämmästyttivät jopa Ukrainan liittolaisia ja kumppaneita.

    Reply
  46. Tomi Engdahl says:

    Lukashenkan ”vitsi” Putinista hätkähdytti – ”Olemme hyökkääjä­kumppaneita, myrkyllisimpiä ihmisiä tällä planeetalla”
    https://www.is.fi/ulkomaat/art-2000009278596.html

    Valko-Venäjän johtaja Aljaksandr Lukashenka kertoi omalaatuisen ”vitsin” siitä, kuinka he Vladimir Putinin kanssa kilpailevat keskenään pahuudessa.

    Valko-Venäjän johtaja Aljaksandr Lukashenka yritti keventää tunnelmaa maanantain lehdistötilaisuudessa kertomalla sarkastiseksi tarkoitetun vitsin siitä, kuinka heillä on Vladimir Putinin kanssa keskinäinen pahuuskilpailu.

    Kumpikaan itsevaltaisista presidenteistä ei viitannut suoranaisesti Ukrainan sotaan lehdistötilaisuutensa aikana. Kun presidenteiltä kysyttiin maailman suhtautumisesta heihin, Lukashenka vastasi tavalla, joka tuo mieleen freudilaisen lipsahduksen tai vahingossa annetun tunnustuksen.

    – Me kaksi olemme hyökkääjäkumppaneita, kaikkein vaarallisimpia ja myrkyllisimpiä ihmisiä tällä planeetalla, Lukashenka aloitti.

    – Meillä on kiistaa vain yhdestä asiasta: kumpi on toista enemmän. Vladimir Vladimirovitsh sanoo, että se olen minä. Minä ryhdyin puolestaan jo miettimään, että se on hän. Mutta sitten päätettiin, että me olemme kumpikin, yhtä lailla, Lukashenka jatkoi.

    Freudilaisella lipsahduksella tarkoitetaan sitä, että ihminen tulee vahingossa sanoneeksi tai paljastaneeksi, mitä hän todella ajattelee ja tuntee.

    Lukashenkan tarkoituksena oli tietenkin viestittää aivan päinvastaista: että häntä ja Putinia mollataan lännessä aivan syyttä suotta ja he ovat todellisuudessa kaikkea muuta.

    Propagandan mestareille sattui kuitenkin virhe ainakin siinä mielessä, että jatkossa Lukashenkalta voidaan liittää erilaisiin videoklippeihin vain hänen ”vitsinsä” ensimmäinen lause. Eli toisin sanoen se kohta, jossa Lukashenka vaikuttaa kirkkain silmin tunnustavan kaiken sen pahuuden, mitä hänessä ja Putinissa on monien heidän uhreikseen joutuneiden ukrainalaisten, valkovenäläisten ja venäläisten mielestä.

    Lukashenkan mukaan Moskova ja Minsk tukevat toisiaan kyllä siinä, että ne vastustavat yhdessä epäystävällisten maiden pakotepolitiikkaa ja yrityksiä eristää Venäjää ja Valko-Venäjää

    Reply
  47. Tomi Engdahl says:

    Russian President Vladimir Putin said his country’s forces were facing challenging conditions in the four Ukrainian provinces they partially occupy. https://trib.al/n3e1OvE

    Reply
  48. Tomi Engdahl says:

    Ukraine’s Delta Military Intelligence Program Targeted by Hackers
    https://www.securityweek.com/ukraines-delta-military-intelligence-program-targeted-hackers

    Ukraine’s Computer Emergency Response Team (CERT-UA) revealed recently that users of the country’s Delta military intelligence program have been targeted with data-stealing malware.

    According to CERT-UA, the attackers have used hacked email accounts belonging to Ministry of Defense employees, as well as messaging applications, to send out messages informing recipients about the need to update certificates in the Delta system. The malicious messages carry documents containing links to archive files hosted on a fake Delta domain.

    These files are designed to deploy two pieces of malware onto compromised systems, including one named FateGrab, which harvests emails, databases, scripts and documents, and one called StealDeal, which collects internet browser and other data.

    Ukraine has attributed the attack to a group it tracks as UAC-0142, but has not shared any other information on who may be behind the attack.

    https://cert.gov.ua/article/3349703

    Reply
  49. Tomi Engdahl says:

    Russian hackers targeted petroleum refining company in NATO state https://therecord.media/russian-hackers-targeted-petroleum-refining-company-in-nato-state/
    A hacking group associated with Russia’s Federal Security Service
    (FSB) unsuccessfully attempted to compromise a large petroleum refining company within a NATO member state at the end of August, according to a new report. The advanced persistent threat group, known as Trident Ursa (also referred to as Gamaredon, Primitive Bear and
    Shuckworm) is “a specially created structural unit” of the FSB “whose tasks are intelligence and subversive activities against Ukraine in cyberspace, ” in the analysis of Ukraine’s Security Service. It primarily uses HTML and Word documents as spear phishing lures which, alongside its traditional efforts targeting Ukrainian entities with Ukrainian-language lures, are now also increasingly using English-language lures according to research published Tuesday by Palo Alto Networks’ Unit 42.

    Reply
  50. Tomi Engdahl says:

    Military operations software in Ukraine was breached by Russian hackers
    https://therecord.media/military-operations-software-in-ukraine-was-breached-by-russian-hackers/
    Hackers targeted software critical to Ukraine’s military efforts with information-stealing malware, Ukraine’s Computer Emergency Response Team (CERT-UA) reported last week. The attackers sent messages in mid-December from a hacked email address belonging to a Ukraine Ministry of Defense employee to users of the program, which is called Delta. CERT-UA publicized the breach a few days later, on December 18.
    Military commanders and soldiers have access to the platform, which is the “eyes” of the Ukrainian armed forces. It collects data on everything happening on the ground, in the sea, in the air, in space, and in cyberspace using drones, satellite images, electronic warfare systems, or surveillance cameras.

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*