Ukraine and Russia seems to be at the moments on both traditional and cyber war. We could call that hybrid warfare. We are at a cyber war. Countless examples exist of damage to infrastructure from hostile acts via computer attacks. Russia’s invasion of Ukraine has been a hybrid war from the start, a mix of conventional military strategy — traditional “boots on the ground” — and a slightly more unconventional, digital or cyberwar. On the morning of February 22, 2022, the world woke to the news that Russia had moved troops into two separatist regions of eastern Ukraine. Russia started to conduct attacks to Ukraine on February 24. Before physical attacks Russia did several cyber attacks towards IT systems in Ukraine.
Here are links to some material on the cyber side of this war:
How the Eastern Europe Conflict Has Polarized Cyberspace
https://blog.checkpoint.com/2022/02/27/how-the-eastern-europe-conflict-polarized-cyberspace/
The war between Russia and Ukraine is advancing. People everywhere are deciding who they will support. The same dynamic happens in the cyberspace. Hacktivists, cybercriminals, white hat researchers or even technology companies are picking a clear side, emboldened to act on behalf of their choices. Historically, Russia has had superiority over Ukraine in the cyberspace. And last week, Ukraine was attacked by destructive wiping malware. However, the situation is starting to change, as most of the non-nation cyber state actors are taking the side of Ukraine. To defend itself, the Ukrainian government has created an international IT army of hacktivists.
As war escalates in Europe, it’s ‘shields up’ for the cybersecurity industry
https://techcrunch.com/2022/03/02/as-war-escalates-in-europe-its-shields-up-for-the-cybersecurity-industry/
In unprecedented times, even government bureaucracy moves quickly. As a result of the heightened likelihood of cyberthreat from Russian malactor groups, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) — part of the Department of Homeland Security — issued an unprecedented warning recommending that “all organizations — regardless of size — adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.”
Digital technology and the war in Ukraine
https://blogs.microsoft.com/on-the-issues/2022/02/28/ukraine-russia-digital-war-cyberattacks/
All of us who work at Microsoft are following closely the tragic, unlawful and unjustified invasion of Ukraine. This has become both a kinetic and digital war, with horrifying images from across Ukraine as well as less visible cyberattacks on computer networks and internet-based disinformation campaigns. We are fielding a growing number of inquiries about these aspects and our work, and therefore we are putting in one place a short summary about them in this blog. This includes four areas: protecting Ukraine from cyberattacks; protection from state-sponsored disinformation campaigns; support for humanitarian assistance; and the protection of our employees.. Also:
https://threatpost.com/microsoft-ukraine-foxblade-trojan-hours-before-russian-invasion/178702/
Ukraine: Cyberwar creates chaos, ‘it won’t win the war’
https://www.dw.com/en/ukraine-cyberwar-creates-chaos-it-wont-win-the-war/a-60999197
There have been at least 150 cyberattacks in Ukraine since Russia’s invasion. Their effect is mainly psychological, and experts say they won’t decide the war.
Russia’s invasion of Ukraine has been a hybrid war from the start, a mix of conventional military strategy — traditional “boots on the ground” — and a slightly more unconventional, digital or cyberwar.
The global technology company Microsoft has said its Threat Intelligence Center (MSTIC) detected “destructive cyberattacks directed against Ukraine’s digital infrastructure” hours before the first launch of missiles or movement of tanks on February 24.
Those attacks, which Microsoft dubbed FoxBlade, included so-called wipers — malicious software or malware — that make their way inside computer networks and literally wipe the data from all connected devices.
Cybersecurity experts in Germany have said there have been over a hundred cyberattacks, in various forms, since then. But their effect has mainly been psychological.
Why Russia Hasn’t Launched Major Cyber Attacks Since the Invasion of Ukraine
https://time.com/6153902/russia-major-cyber-attacks-invasion-ukraine/
In the relatively short and rapidly evolving history of cyber conflict, perhaps nothing has been established with greater certainty and more widely accepted than the idea that Russia has significant cyber capabilities and isn’t afraid to use them—especially on Ukraine. In 2015, Russian government hackers breached the Ukrainian power grid, leading to widespread outages. In 2017, Russia deployed the notorious NotPetya malware via Ukrainian accounting software and the virus quickly spread across the globe costing businesses billions of dollars in damage and disruption.
As tensions escalated between Russia and Ukraine, many people were expecting the conflict to have significant cyber components.
But as the invasion continues with few signs of any sophisticated cyber conflict, it seems less and less likely that Russia has significant cyber capabilities in reserve, ready to deploy if needed. Instead, it begins to look like Russia’s much vaunted cyber capabilities have been neglected in recent years, in favor of developing less expensive, less effective cyber weapons that cause less widespread damage and are considerably easier to contain and defend against. For instance, many of the cyberattacks directed at Ukraine in the past month have been relatively basic distributed denial-of-service attacks.
Given Russia’s past willingness to deploy cyberattacks with far-reaching, devastating consequences, it would be a mistake to count out their cyber capabilities just because they have so far proven unimpressive. And it’s all but impossible to prove the absence of cyber weapons in a nation’s arsenal. But the longer the conflict goes on without any signs of sophisticated cyber sabotage, the more plausible it becomes that the once formidable Russian hackers are no longer playing a central role in the country’s military operations.
Crowd-sourced attacks present new risk of crisis escalation
https://blog.talosintelligence.com/2022/03/ukraine-update.html
An unpredictable and largely unknown set of actors present a threat to organizations, despite their sometimes unsophisticated techniques.
Customers who are typically focused on top-tier, state-sponsored attacks should remain aware of these highly motivated threat actors, as well. Misattribution of these actors carries the risk of nations escalating an already dangerous conflict in Ukraine. Based on data from our fellow researchers at Cisco Kenna, customers should be most concerned about threat actors exploiting several recently disclosed vulnerabilities, highlighting the importance of consistently updating software and related systems.
Russia, Ukraine and the Danger of a Global Cyberwar
https://www.securityweek.com/russia-ukraine-and-danger-global-cyberwar
On the morning of February 22, 2022, the world woke to the news that Russia had moved troops into two separatist regions of eastern Ukraine. At the time of writing, it is not yet a full invasion of Ukraine, but Russia did conduct attacks on February 24, hitting cities with airstrikes and artillery in what was called a “special military operation” by Russian President Vladamir Putin.
Russia has been waging its own cyberwar against Ukraine for many years.
Since the beginning of 2022, however, it seems that Russian cyber activity against Ukraine has increased. This includes evidence that wiper malware has again disrupted some Ukrainian government networks, and attacks from the FSB-linked Gamaredon have targeted around 5,000 entities, including critical infrastructure and government departments. So far, however, there has not been the same scale of disruption as occurred in 2015, 2016 and 2017.
The purpose of such cyber activity is to weaken critical infrastructure, damage government’s ability to respond to any aggression, and to demoralize the population.
The U.S. has been warning the rest of the world against a potential widening scope of Russian cyber activity, and that cyber defenses generally should be tightened.
“Part of the worry,” said Willett, “is that cyberattacks against Ukraine might bleed over, like NotPetya, to affect other countries and cause wider damage unintentionally. There is some concern that the Russians may intentionally do stuff more widely, but that would probably be in retaliation for something that the U.S. or NATO might do.
This raises the whole question of ‘attribution’. The received belief is it is impossible to do accurate cyber attribution. ““It would be a mistake for any one nation to think it could attack another without being known,” said Willett.That is absolutely wrong,” said Willett.
But accidents happen. The two iconic cyberweapons have been Stuxnet and NotPetya. It is assumed that the U.S. developed Stuxnet (although this has never been admitted). NotPetya has been confidently attributed to the Russian government. Both malwares escaped from their assumed targets into the wider world. This was probably accidental – but similar accidents could lead to wider implications during a period of global geopolitical tension.
On the morning of February 24, 2022, Russian troops invaded Ukraine. This was accompanied by a further increase in cyber activity.
Ukraine Digital Army Brews Cyberattacks, Intel and Infowar
https://www.securityweek.com/ukraine-digital-army-brews-cyberattacks-intel-and-infowar
Formed in a fury to counter Russia’s blitzkrieg attack, Ukraine’s hundreds-strong volunteer “hacker” corps is much more than a paramilitary cyberattack force in Europe’s first major war of the internet age. It is crucial to information combat and to crowdsourcing intelligence.
Inventions of the volunteer hackers range from software tools that let smartphone and computer owners anywhere participate in distributed denial-of-service attacks on official Russian websites to bots on the Telegram messaging platform that block disinformation, let people report Russian troop locations and offer instructions on assembling Molotov cocktails and basic first aid.
The movement is global, drawing on IT professionals in the Ukrainian diaspora whose handiwork includes web defacements with antiwar messaging and graphic images of death and destruction in the hopes of mobilizing Russians against the invasion.
The cyber volunteers’ effectiveness is difficult to gauge. Russian government websites have been repeatedly knocked offline, if briefly, by the DDoS attacks, but generally weather them with countermeasures.
It’s impossible to say how much of the disruption — including more damaging hacks — is caused by freelancers working independently of but in solidarity with Ukrainian hackers.
A tool called “Liberator” lets anyone in the world with a digital device become part of a DDoS attack network, or botnet. The tool’s programmers code in new targets as priorities change.
Ukraine Cyber Official: We Only Attack Military Targets
https://www.securityweek.com/ukraine-cyber-official-we-only-attack-military-targets
A top Ukrainian cybersecurity official said Friday a volunteer army of hundreds of hackers enlisted to fight Russia in cyberspace is attacking only what it deems military targets, prioritizing government services including the financial sector, Kremlin-controlled media and railways.
Victor Zhora, deputy chair of the state special communications service, also said that there had been about 10 hostile hijackings of local government websites in Ukraine to spread false text propaganda saying his government had capitulated. He said most of Ukraine’s telecommunications and internet were fully operational.
Zhora told reporters in a teleconference that presumed Russian hackers continued to try to spread destructive malware in targeted email attacks on Ukrainian officials and — in what he considers a new tactic — trying to infect the devices of individual citizens.
Army of Cyber Hackers Rise Up to Back Ukraine
https://www.securityweek.com/army-cyber-hackers-rise-back-ukraine
An army of volunteer hackers is rising up in cyberspace to defend Ukraine, though internet specialists are calling on geeks and other “hacktivists” to stay out of a potentially very dangerous computer war.
According to Livia Tibirna, an analyst at cyber security firm Sekoia, nearly 260,000 people have joined the “IT Army” of volunteer hackers, which was set up at the initiative of Ukraine’s digital minister Mykhailo Fedorov.
The group, which can be accessed via the encrypted messaging service Telegram, has a list of potential targets in Russia, companies and institutions, for the hackers to target.
It’s difficult to judge the effect the cyber-army is having.
Russia Releases List of IPs, Domains Attacking Its Infrastructure with DDoS Attacks
https://thehackernews.com/2022/03/russia-releases-list-of-ips-domains.html
Russia Blocks Access to Facebook Over War
https://www.securityweek.com/russia-blocks-access-facebook-over-war
Russia’s state communications watchdog has ordered to completely block access to Facebook in Russia amid the tensions over the war in Ukraine.
The agency, Roskomnadzor, said Friday it decided to cut access to Facebook over its alleged “discrimination” of the Russian media and state information resources. It said the restrictions introduced by Facebook owner Meta on the RT and other state-controlled media violate the Russian law.
Cyberattack Knocks Thousands Offline in Europe
https://www.securityweek.com/cyberattack-knocks-thousands-offline-europe
Thousands of internet users across Europe have been thrown offline after what sources said Friday was a likely cyberattack at the beginning of Russia’s offensive in Ukraine.
According to Orange, “nearly 9,000 subscribers” of a satellite internet service provided by its subsidiary Nordnet in France are without internet following a “cyber event” on February 24 at Viasat, a US satellite operator of which it is a client.
Eutelsat, the parent company of the bigblu satellite internet service, also confirmed to AFP on Friday that around one-third of bigblu’s 40,000 subscribers in Europe, in Germany, France, Hungary, Greece, Italy and Poland, were affected by the outage on Viasat.
In the US, Viasat said on Wednesday that a “cyber event” had caused a “partial network outage” for customers “in Ukraine and elsewhere” in Europe who rely on its KA-SAT satellite.
Viasat gave no further details, saying only that “police and state partners” had been notified and were “assisting” with investigations.
General Michel Friedling, head of France’s Space Command said there had been a cyberattack.
Cybercriminals Seek to Profit From Russia-Ukraine Conflict
https://www.securityweek.com/cybercriminals-seek-profit-russia-ukraine-conflict
Dark web threat actors are looking to take advantage of the tensions between Russia and Ukraine, offering network access and databases that could be relevant to those involved in the conflict, according to a new report from Accenture.
Since mid-January, cybercriminals have started to advertise compromised assets relevant to the Russia-Ukraine conflict, and they are expected to increase their offering of databases and network access, with potentially crippling effects for the targeted organizations.
Just over a month ago, soon after the destructive WhisperGate attacks on multiple government, IT, and non-profit organizations in Ukraine, threat actors started to advertise on the dark web access to both breached networks and databases that allegedly contained personally identifiable information (PII).
Amid Russian invasion, Ukraine granted formal role with NATO cyber hub https://therecord.media/amid-russian-invasion-ukraine-granted-formal-role-with-nato-cyber-hub/
Ukraine was granted the formal role of “contributing participant” to the hub, known as the Cooperative Cyber Defence Centre of Excellence (CCDCOE), by its 27-member steering committee, the organization announced. “Ukraine’s presence in the Centre will enhance the exchange of cyber expertise, between Ukraine and CCDCOE member nations, ” Col.
Jaak Tarien, the institution’s director, said in a statement.
This Ukrainian cyber firm is offering hackers bounties for taking down Russian sites https://therecord.media/this-ukrainian-cyber-firm-is-offering-hackers-bounties-for-taking-down-russian-sites/
In the days following Russia’s invasion of Ukraine, dozens of hacking groups have taken sides in the conflict, launching attacks on various organizations and government institutions. Cyber Unit Technologies, a Kyiv-based cybersecurity startup, has been particularly outspoken on Tuesday, the company started a campaign to reward hackers for taking down Russian websites and pledged an initial $100, 000 to the program.
High Above Ukraine, Satellites Get Embroiled in the War
https://www.wired.com/story/ukraine-russia-satellites/
While the Russian invasion rages on the ground, companies that operate data-collecting satellites find themselves in an awkward position.
Some researchers are worried that the reliance on satellite imagery has given too much power to the companies that control this technology. “There’s companies like Maxar and Planet that are privately owned and they have the final say on whether or not they want to share the information, ” says Anuradha Damale. The role of private companies in conflicts such as Ukraine means commercial satellites could become targets. In the days before Russia invaded, US space officials warned satellite companies that the conflict could extend into space.
CISA Releases Advisory on Destructive Malware Targeting Organizations in Ukraine https://www.cisa.gov/uscert/ncas/current-activity/2022/02/26/cisa-releases-advisory-destructive-malware-targeting-organizations
CISA and the Federal Bureau of Investigation have released an advisory on destructive malware targeting organizations in Ukraine. The advisory also provides recommendations and strategies to prepare for and respond to destructive malware. Additionally, CISA has created a new Shields Up Technical Guidance webpage that details other malicious cyber activity affecting Ukraine. The webpage includes technical resources from partners to assist organizations against these threats.
Alert: https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
US firms should be wary of destructive malware unleashed on Ukraine, FBI and CISA warn – CNNPolitics
https://www.cnn.com/2022/02/26/politics/ukraine-malware-warning-cybersecurity-fbi-cisa/index.html
EU Activates Cyber Rapid Response Team Amid Ukraine Crisis
https://www.bankinfosecurity.com/eu-activates-cyber-rapid-response-team-amid-ukraine-crisis-a-18584
Amid rapid escalation in the Russia-Ukraine conflict derived from historical grievances and qualms with Ukraine’s plan to join the military alliance NATO, the world’s network defenders remain on high alert. And on Tuesday, the European Union confirmed that it will activate its elite cybersecurity team to assist Ukrainians if Russian cyberattacks occur.
UK alludes to retaliatory cyber-attacks on Russia
https://therecord.media/uk-alludes-to-retaliatory-cyber-attacks-on-russia/
The UK government alluded yesterday that it might launch offensive cyber operations against Russia if the Kremlin attacks UK computer systems after an invasion of Ukraine.
Amazon: Charities, aid orgs in Ukraine attacked with malware
https://www.bleepingcomputer.com/news/security/amazon-charities-aid-orgs-in-ukraine-attacked-with-malware/
Charities and non-governmental organizations (NGOs) providing critical support in Ukraine are targeted in malware attacks aiming to disrupt their operations and relief efforts seeking to assist those affected by Russia’s war. Amazon has detected these attacks while working with the employees of NGOs, charities, and aid organizations, including UNICEF, UNHCR, World Food Program, Red Cross, Polska Akcja Humanitarna, and Save the Children.
Ransomware Used as Decoy in Destructive Cyberattacks on Ukraine
https://www.securityweek.com/ransomware-used-decoy-destructive-cyberattacks-ukraine
Destructive ‘HermeticWiper’ Malware Targets Computers in Ukraine
https://www.securityweek.com/destructive-hermeticwiper-malware-targets-computers-ukraine
Just as Russia was preparing to launch an invasion of Ukraine, Ukrainian government websites were disrupted by DDoS attacks and cybersecurity firms reported seeing what appeared to be a new piece of malware on hundreds of devices in the country.
The new malware, dubbed “HermeticWiper” by the cybersecurity community, is designed to erase infected Windows devices. The name references a digital certificate used to sign a malware sample — the certificate was issued to a Cyprus-based company called Hermetica Digital.
“At this time, we haven’t seen any legitimate files signed with this certificate. It’s possible that the attackers used a shell company or appropriated a defunct company to issue this digital certificate,” explained endpoint security firm SentinelOne, whose researchers have been analyzing the new malware.
The malware has also been analyzed by researchers at ESET and Symantec. Each of the companies has shared indicators of compromise (IoCs) associated with HermeticWiper.
ESET first spotted HermeticWiper on Wednesday afternoon (Ukraine time) and the company said hundreds of computers in Ukraine had been compromised.
HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine https://www.sentinelone.com/labs/hermetic-wiper-ukraine-under-attack/
On February 23rd, the threat intelligence community began observing a new wiper malware sample circulating in Ukrainian organizations. Our analysis shows a signed driver is being used to deploy a wiper that targets Windows devices, manipulating the MBR resulting in subsequent boot failure. This blog includes the technical details of the wiper, dubbed HermeticWiper, and includes IOCs to allow organizations to stay protected from this attack. This sample is actively being used against Ukrainian organizations, and this blog will be updated as more information becomes available. Also:
https://www.welivesecurity.com/2022/02/24/hermeticwiper-new-data-wiping-malware-hits-ukraine/
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ukraine-wiper-malware-russia
https://www.bleepingcomputer.com/news/security/new-data-wiping-malware-used-in-destructive-attacks-on-ukraine/
HermeticWiper: A detailed analysis of the destructive malware that targeted Ukraine https://blog.malwarebytes.com/threat-intelligence/2022/03/hermeticwiper-a-detailed-analysis-of-the-destructive-malware-that-targeted-ukraine/
The day before the invasion of Ukraine by Russian forces on February 24, a new data wiper was unleashed against a number of Ukrainian entities. This malware was given the name “HermeticWiper” based on a stolen digital certificate from a company called Hermetica Digital Ltd. This wiper is remarkable for its ability to bypass Windows security features and gain write access to many low-level data-structures on the disk. In addition, the attackers wanted to fragment files on disk and overwrite them to make recovery almost impossible.
In Ukraine, Online Gig Workers Keep Coding Through the War
https://www.wired.com/story/gig-work-in-ukraine/
Freelancers or gig workers who piece together work on online platforms are a hidden engine of the Ukrainian economyand the world’s. They work as software engineers, project managers, IT technicians, graphic designers, editors, and copywriters. And they work for everyone.
Invading Russian forces have plunged freelancers’ home offices into chaos and uncertainty. Vlad, a video editor in southern Ukraine, says he’s grown accustomed to the air alarm signal, and hiding until it has passed. Now there are battles 30 miles from his home. “But as long as there is water, electricity, and internet, I can work, ” he says.
“Because we all need to live for something, eat
Leaving Russia? Experts Say Wipe Your Phone Before You Go
https://www.forbes.com/sites/thomasbrewster/2022/03/04/russians-escaping-putins-repression-urged-to-wipe-their-phones/
Russians fleeing President Vladimir Putin’s regime as it cracks down on anti-war sentimentand rumors of martial law grow louderare being advised to wipe their phones, especially of any traces of support for Ukraine. If they don’t, experts say they may face detention. They’re starting by deleting messages on Signal, Telegram or any app that promises security. For those leaving the country, they’re deleting the apps themselves, and urging others to do the same. Russian media has first-hand accounts of lengthy interrogations at the border, along with phone and laptop searches, though Forbes could not corroborate those claims.
Why ICANN Won’t Revoke Russian Internet Domains
The organization says cutting the country off would have “devastating” effects on the global internet system.
https://www.wired.com/story/why-icann-wont-revoke-russian-internet-domains/#intcid=_wired-bottom-recirc_8e802014-a05f-48c5-89e8-9dad931361ad_text2vec1-reranked-by-vidi
Ukraine on Monday asked ICANN to revoke Russian top-level domains such as .ru, .рф, and .su; to “contribute to the revoking for SSL certificates” of those domains; and to shut down DNS root servers in Russia. Fedorov argued that the requested “measures will help users seek for reliable information in alternative domain zones, preventing propaganda and disinformation.”
Ukraine’s request to cut Russia off from core parts of the internet has been rejected by the nonprofit group that oversees the Internet’s Domain Name System (DNS). CEO Göran Marby of the Internet Corporation for Assigned Names and Numbers (ICANN) said the group must “maintain neutrality and act in support of the global internet.”
“Our mission does not extend to taking punitive actions, issuing sanctions, or restricting access against segments of the internet—regardless of the provocations,” Marby wrote in his response to Ukraine Vice Prime Minister Mykhailo Fedorov.
https://www.icann.org/en/system/files/correspondence/marby-to-fedorov-02mar22-en.pdf
TikTok Was Designed for War
As Russia’s invasion of Ukraine plays out online, the platform’s design and algorithm prove ideal for the messiness of war—but a nightmare for the truth.
https://www.wired.com/story/ukraine-russia-war-tiktok/#intcid=_wired-bottom-recirc_8e802014-a05f-48c5-89e8-9dad931361ad_text2vec1-reranked-by-vidi
2,078 Comments
Tomi Engdahl says:
4 Most Common Cyberattack Patterns from 2022
https://securityintelligence.com/articles/most-common-cyberattack-patterns-2022/
As 2022 comes to an end, cybersecurity teams globally are taking the opportunity to reflect on the past 12 months and draw whatever conclusions and insights they can about the threat landscape. It has been a challenging year for security teams. A major conflict in Europe, a persistently remote workforce and a series of large-scale cyberattacks have all but guaranteed that 2022 was far from uneventful. In this article, we’ll round up some of the most common cyberattack patterns we saw in 2022, what they meant for organizations (and society in general) and present some concrete strategies to deal with these threats in the future.
Tomi Engdahl says:
Bloomberg:
Ukrainian Vice PM Mykhailo Fedorov says 10K+ more Starlink terminals will arrive in the coming months and “as of now all financial issues have been resolved”
Ukraine to Get Thousands More Starlink Antennas, Minister Says
https://www.bloomberg.com/news/articles/2022-12-20/ukraine-to-get-thousands-more-starlink-antennas-minister-says
Influx comes as Russia strikes threaten to cut off internet
Nation preparing aid stations to help people survive outages
Tomi Engdahl says:
Pakotteet alkavat purra: Venäjän verkot rampautuvat – ”Emme toimita Venäjälle mitään” https://www.is.fi/digitoday/art-2000009282705.html
Nokian ja Ericssonin lähtö Venäjältä näkyy ennen pitkää tavallisten venäläisten elämässä.
VENÄJÄN mobiiliverkot ovat vaarassa rampautua suomalaisen Nokian ja ruotsalaisen Ericssonin jättäessä maan vuoden lopussa. Verkkolaitevalmistajien lähtemisen vaikutusten uskotaan toteutuvan pitkällä aikavälillä ja vaikeuttavan tavallisten venäläisten elämää.
Viiden Reutersin haastatteleman televiestintäalan johtajan mukaan rapautuminen näkyy hidastuvina tiedonsiirtonopeuksina, katkeilevina ja yhdistymättä jäävinä puheluina sekä käyttökatkoina.
Venäläiset teleoperaattorit eivät pysty jatkossa pysty päivittämään ohjelmistojaan ja varaosien saaminen on hankalaa.
Noin 50 prosenttia Venäjän mobiiliverkkojen tukiasemista on Nokian tai Ericssonin valmistamia.
Tomi Engdahl says:
Poikkeuksellinen yhteislausunto: Kokoomuksen ja Sdp:n nuoret haluavat kieltää suositun venäläispalvelun https://www.is.fi/digitoday/tietoturva/art-2000009279349.html
TÄNÄÄN julkaistussa poikkeuksellisessa yhteislausunnossa Kokoomusnuoret ja Demarinuoret vaativat venäläistaustaisen Yango-taksipalvelun kieltämistä Suomessa. Syy on käyttäjien tietoja paljon keräävä puhelinsovellus, jonka tietojen uskotaan päätyvän Venäjän tiedustelupalvelulle. Lisäksi palvelun käyttäminen tukee rahallisesti Venäjää ja sen hybridisodankäyntiä.
Tomi Engdahl says:
Pääkirjoitus: Putin sinetöi Venäjän mustan tulevaisuuden – koko yhteiskunta valjastetaan sotaan ja armeija saa ”kaiken, mitä se pyytää” https://www.is.fi/paakirjoitus/art-2000009283237.html
Venäjän armeija sai keskiviikkona käytännössä täysin avoimen piikin presidentti Vladimir Putinilta ja puolustusministeri Sergei Shoigulta. He lupasivat asevoimille paitsi rajattomat rahavarat – niin myös Venäjän tulevat nuoret miessukupolvet.
Tomi Engdahl says:
Russian APT Gamaredon Changes Tactics in Attacks Targeting Ukraine
https://www.securityweek.com/russian-apt-gamaredon-changes-tactics-attacks-targeting-ukraine
Russia-linked Gamaredon, a hacking group known for providing services to other advanced persistent threat (APT) actors, is one of the most intrusive, continuously active APTs targeting Ukraine, Palo Alto Networks’ Unit 42 warns.
Also known as Armageddon, Primitive Bear, Shuckworm, and Trident Ursa, Gamaredon has been active since at least 2013, mainly focused on targets in Ukraine. The APT relies on phishing emails for malware distribution and provides access to compromised networks and intelligence to other threat actors.
Over the past ten months, Gamaredon was seen targeting a large petroleum refining company, as well as changing its tactics, techniques, and procedures (TTPs) multiple times.
Traditionally, the hacking group was seen using phishing lures in the Ukrainian language, but it also employed English language lures in some cases, likely to boost network access and intelligence collection against both Ukraine and NATO members, Unit 42 notes.
At the end of August, the threat actor unsuccessfully attempted to compromise “a large petroleum refining company within a NATO member nation” using English language lures.
Tomi Engdahl says:
Pekka Toveri: Venäjällä kyky jatkaa sotaa vuosia – vaarallinen skenaario näyttää todennäköiseltä
https://www.is.fi/ulkomaat/art-2000009282222.html
Venäjä pitää kahlita, jotta siitä ei muodostu jatkuvaa sodan uhkaa Euroopalle, kenraalimajuri evp. Pekka Toveri vaatii.
Ukraina tarvitsee nyt kipeästi nykyaikaista ja länsimaista kalustoa sekä ilmavoimien että maavoimien käyttöön. Sillä olisi suuri merkitys sodan kulkuun, arvioi Puolustusvoimien entinen tiedustelupäällikkö, kenraalimajuri evp Pekka Toveri ISTV:n Ukraina-studiossa.
– En voi mitenkään ymmärtää, miksi Yhdysvallat ja Eurooppa laittavat rajoitteita Ukrainalle annettavaan aseapuun. Venäjä rikkoo kaikkia sodan kansainvälisiä sopimuksia ja oikeussääntöjä, harrastaa siviiliväestön tuhoamista ja tappamista vapaasti.
– Sitten ei anneta puolustajalle mahdollisuutta kiistää Venäjältä siviiliväestön ja siviili-infrastruktuurin tuhoamista, Toveri hämmästelee.
Venäjä sen sijaan pystyy valmistamaan lisää ohjuksia komponenttien puutteesta huolimatta, koska pakotteet vuotavat. Bulvaanien avulla se on saanut länsimaista teknologiaa aseteollisuuden käyttöön koko kahdeksan vuotta kestäneen sodan ajan.
ISTV:n studiovieraana ollut Toveri ihmettelee Saksan kantaa, ettei Ukrainalle voida antaa taistelupanssarivaunuja, koska ne ovat hyökkäyksellisiä aseita.
– Venäjä on hyökännyt ja vallannut isoja alueita Ukrainasta. Niitä ei saada takaisin neuvottelemalla. Lapsenkin pitäisi se ymmärtää, miksei sitten liittokanslerin. Ainoa keino ottaa alueet haltuun on niin, että Ukraina hyökkää ja ottaa alueet takaisin haltuunsa, Toveri huomauttaa.
Tomi Engdahl says:
Pääkirjoitus: Putin sinetöi Venäjän mustan tulevaisuuden – koko yhteiskunta valjastetaan sotaan ja armeija saa ”kaiken, mitä se pyytää”
https://www.is.fi/paakirjoitus/art-2000009283237.html
Venäjän armeija sai keskiviikkona käytännössä täysin avoimen piikin presidentti Vladimir Putinilta ja puolustusministeri Sergei Shoigulta. He lupasivat asevoimille paitsi rajattomat rahavarat – niin myös Venäjän tulevat nuoret miessukupolvet.
Presidentti Vladimir Putin piti keskiviikkona Venäjän puolustusministeriön edustajien edessä julkisen puheen, jota Kreml mainosti jo etukäteen tärkeäksi ja kattavaksi.
Puhe oli ehkä sitäkin, mutta se oli myös poikkeuksellisen mustanpuhuva.
Moni venäläinen tunsi varmasti kylmiä väreitä selkäpiissään tajutessaan, että Putin käytännössä valjasti koko yhteiskunnan – sen nykyiset rahavarat ja sen tulevat nuoret sukupolvet – palvelemaan yksinomaan sotaa ja armeijaa.
Putinin rinnalla esiintyi puolustusministeri Sergei Shoigu, joka kertoi muun muassa Venäjän suunnittelemista vastatoimista Suomen ja Ruotsin Nato-jäsenyydelle.
Konkreettisesti vastatoimissa on kyse muun muassa siitä, että Venäjä perustaa uudet Leningradin ja Moskovan sotilaspiirit. Karjalaan aiotaan puolestaan perustaa uusi armeijakunta.
Lavalla nähtiin myös Venäjän ydinaseista päättävän kolmikon kolmas jäsen, asevoimien komentaja Valeri Gerasimov.
Gerasimov pystytteli koko julkisen osuuden ajan hiljaa. Hänen kivikasvoistaan ei voinut päätellä, oliko hiljaisuus hänen itsensä valitsemaa – vai oliko kyseessä jonkinlainen putinilainen koirakoulu hänelle rangaistukseksi tähän mennessä varsin surkeasti edenneestä Ukrainan ”erikoisoperaatiosta”.
Tilaisuus oli tarkkaan käsikirjoitettu näytelmä, jonka aikana Putin ja Shoigu keskittyivät lähinnä kehumaan asevoimien ”ammattimaista” suoriutumista Ukrainassa.
nyt Putin ja Shoigu halusivat esitellä keksimänsä keinot siihen, kuinka Venäjä selviytyy voittajaksi Ukrainassa. Tätä päämäärää varten Putin lupasi asevoimille käytännössä rajoittamattomat rahavarat.
– Meillä ei ole minkäänlaisia rajoitteita rahoituksessa. Maa ja hallitus antavat kaiken, mitä armeija pyytää. Kaiken, Putin julisti.
Venäjän asevoimissa jo aiemmin rehottanut korruptio taannee sen, että armeija osaa jatkossa todellakin pyytää. Se puolestaan tietää huonoa koko muulle yhteiskunnalle: koulutukselle, tieteelle, kulttuurille, sairaanhoidolle ja sosiaalitoimelle.
Rahojen lisäksi Putin aikoo uhrata yhä suuremman osan Venäjän nuorista sotaisten päämääriensä saavuttamiseksi. Asevoimien miesvahvuutta kasvatetaan 1,5 miljoonaan, kun vielä ennen Ukrainan sotaa vahvuus oli noin miljoona.
Kutsuntaikä nostetaan 18 vuodesta 21 vuoteen, mutta asevelvollisuusikä jatkuu nykyisestä 27 vuodesta 30-vuotiaaksi asti. Toisin sanoen: monet 27–30-vuotiaat venäläismiehet miettinevät jo nyt paniikissa, milloin heitä tullaan hakemaan.
Kreml on tähän mennessä vannonut, että kokemattomia varusmiehiä ei lähetetä Ukrainaan. Tähänkin voi tulla pian muutos.
Tomi Engdahl says:
Hitsausharjoitus yliopistolla lähti hyvällä tavalla lapasesta ‒ Ukrainaan tekeillä jo yli sata kamiinaa
https://www.maaseuduntulevaisuus.fi/uutiset/96c98f11-8fc4-4057-976e-792a90217cec
LUT-yliopiston hyväntekeväisyyshankkeeseen lähti hetkessä mukaan yli 30 metallialan yritystä. Ohjeet kamiinan valmistukseen ovat vapaasti ladattavissa.
Tomi Engdahl says:
GPS-häirintä räjähti Norjassa Suomen rajalla: Matkustajakoneet raportoivat 27 häiriötä kuukaudessa
KASPERI SUMMANEN
JULKAISTU 22.12.2022 | 16:50
PÄIVITETTY 22.12.2022 | 19:40
VENÄJÄN HYÖKKÄYS
Tilanteen kuvataan pahentuneen valtavasti.
https://www.verkkouutiset.fi/a/gps-hairinta-rajahti-norjassa-suomen-rajalla-matkustajakoneet-raportoivat-27-hairiota-kuukaudessa/#f105d9e9
Pohjois-Norjassa Suomen ja Venäjän rajalla sijaitsevalla Finnmarkin alueella on havaittu poikkeuksellisen paljon häiriöitä GPS-satelliittipaikannuk
Tomi Engdahl says:
Putin päästi suustaan sanan “sota” – pietarilaispoliitikko pyysi syyttäjiä käynnistämään tutkinnan
Pietarilainen paikallispoliitikko Nikita Juferev on pyytänyt syyttäjiä käynnistämään tutkinnan presidentti Vladimir Putinista tämän käytettyä sanaa “sota” Ukrainan sodasta puhuessaan. Juferev syyttää Putinia siitä, että tämä on rikkonut itse säätämäänsä lakia.
Tähän saakka Venäjän hallinto on kutsunut Ukrainan sotaa “erikoissotilasoperaatioksi”. Maaliskuussa Putin allekirjoitti lakeja, joiden myötä “sota”-sanan mainitseminen Ukrainan sodasta puhuttaessa saattaa johtaa suuriin sakkorangaistuksiin tai vankeustuomioon. Monen kohdalla näin on myös käynyt.
Torstaina Putin kuitenkin yllätti päästämällä suustaan sanan “sota”.
- Päämäärämme ei ole pitää sotilaallista konfliktia käynnissä, vaan päin vastoin, lopettaa tämä sota, Putin sanoi.
Juferev kertoi Reutersille tietävänsä, että hänen pyyntönsä ei johda mihinkään. Hän sanoi tehneensä paljastaakseen järjestelmän “valheellisuuden”.
- Minulle on tärkeää tehdä tämä kiinnittääkseni huomiota Putinin esittämien ja allekirjoittamien lakien ristiriitaisuuteen sekä epäoikeudenmukaisuuteen. Lakien, joita hän ei itse noudata, Juferev sanoi.
Putin lipsautti Venäjällä vaietun sanan – pietarilaispoliitikko pyysi syyttäjiä käynnistämään tutkinnan presidentistä https://www.is.fi/ulkomaat/art-2000009284246.html
Tomi Engdahl says:
Matt Burgess / Wired:
2022 saw the re-emergence of hacktivism on a large scale, with some new tactics and approaches blurring the lines between hacktivism and state-sponsored attacks — Throughout 2022, geopolitics has given rise to a new wave of politically motivated attacks with an undercurrent of state-sponsored meddling.
Hacktivism Is Back and Messier Than Ever
https://www.wired.com/story/hacktivism-russia-ukraine-ddos/
Throughout 2022, geopolitics has given rise to a new wave of politically motivated attacks with an undercurrent of state-sponsored meddling.
DURING ITS BRUTAL war in Ukraine, Russian troops have burnt cities to the ground, raped and tortured civilians, and committed scores of potential war crimes. On November 23, lawmakers across Europe overwhelmingly labeled Russia a “state sponsor” of terrorism and called for ties with the country to be reduced further. The response to the declaration was instant. The European Parliament’s website was knocked offline by a DDoS attack.
Following years of sporadic hacktivist activity, 2022 has seen the re-emergence of hacktivism on a large scale. Russia’s full-scale invasion of Ukraine spawned scores of hacktivist groups on both sides of the conflict, while in Iran and Israel, so-called hacktivist groups are launching increasingly destructive attacks. This new wave of hacktivism, which varies between groups and countries, comes with new tactics and approaches and, increasingly, is blurring lines between hacktivism and government-sponsored attacks.
“I’m not going to say that hacktivism was dying, but it was definitely withering for some time,”
Russia’s invasion of Ukraine in February prompted a surge in hacktivism activity. Legacy hacktivist collective Anonymous was revitalized, but new groups were also formed. Ukraine’s unprecedented IT Army, a volunteer group of hackers from around the world, has continuously launched DDoS attacks against Russian targets that are outlined in its Telegram group. In June, a speech by Vladimir Putin was delayed after a cyberattack. Other hacktivist-linked groups have run huge hack-and-leak operations against Russian entities, resulting in hundreds of gigabytes of data from Russia being published online.
On the other side of the conflict, there are four main pro-Russian hacktivist groups, says Sergey Shykevich, threat intelligence group manager at security firm Check Point. These are: Killnet, NoName 057, From Russia With Love, and XakNet. Killnet is probably the most active of these groups, Shykevich says. “Since April, they have targeted around 650 targets—only about 5 percent of them were Ukraine.” Its targets, like the European Parliament, have largely been countries that oppose Russia. The group, which mostly uses DDoS attacks, is proactive on Telegram, media friendly, and appeals to Russian speakers.
DDoS attacks still have an outsize place within modern hacktivism. An FBI notification, issued in early November, says those behind DDoS attacks have “minimal operational impact” on their victims. “Hacktivists often select targets perceived to have a greater perceived impact rather than an actual disruption of operations,” the FBI said. In other words: The bark is often worse than the bite.
Erica Lonergan, a research scholar at the Saltzman Institute of War and Peace Studies at Columbia University, says the impact of DDoS attacks is often overstated. Media reports can overemphasize the impact of DDoS, making it sound more severe than it is. “There’s this gap between the hyperbole of the language that’s used to talk about the types of attacks that these groups like Killnet are engaged in, and then the reality of their impact,” Lonergan says.
But it isn’t all DDoS. In South America, the Guacamaya hacktivist group claims to have hacked mining companies and leaked their internal emails. The politically motivated Belarusian Cyber Partisans, which formed in 2020 following Alexander Lukashenko’s election, has innovated as it disrupts Russian and Belarusian efforts linked to the war. The highly organized group became the first to use ransomware for purely political objectives. It has also claimed to have taken data from Russian government organizations and mapped the data of government officials who have backed Lukashenko’s regime.
Guerrero-Saade says the Cyber Partisans are part of a new style of hacktivists that use targeted sabotage and disruption.
Working out who is behind a cyberattack of any kind is always complex and difficult for organizations to do—attackers often try to disguise their activity or hide it from view. However, there is evidence some hacktivists are linked to individual countries. Researchers suspect Predatory Sparrow is linked to a government, for instance. Meanwhile, security firm Mandiant believes that the pro-Russian groups XakNet, Infoccentr, and Cyber Army of Russia all coordinate their operations with Russia’s GRU military hackers. The Cyber Army of Russia launched DDoS attacks against US organizations around the November midterm elections, with XakNet and KillNet also trying to influence the elections, Mandiant claims.
“They can be used in witting and unwitting ways by governments for political purposes,” Lonergan says. “Killnet for example, on the Russian side, has been pretty explicit in its Telegram channels of disavowing direct links with Moscow. But at the same time, they follow the implicit rules of the road of Russian cyber proxy groups.” Russian cybercrime groups rarely attack Russian targets, and the Kremlin has largely turned a blind eye to them.
The result is that while hacktivist groups are becoming more sophisticated and testing new tools, there’s increasing uncertainty about their origins. “There will be more hacktivism groups that will be more affiliated with governments,” Shykevich says. “Generally, this year the lines between what is governmental attack, hacktivism, and cybercrime have completely blurred.”
Tomi Engdahl says:
Poland warns of pro-Kremlin cyberattacks aimed at destabilization https://therecord.media/poland-warns-of-pro-kremlin-cyberattacks-aimed-at-destabilization/
Poland warns of pro-Kremlin cyberattacks aimed at destabilization Polands security agency said on Friday that the country has been a constant target of pro-Russian hackers since the start of the war between Russia and Ukraine. The cyberattacks on Polands government services, private companies, media organizations and ordinary citizens have intensified over the past year, it said. The countrys strategic, energy, and military enterprises are particularly at risk, it added.
Tomi Engdahl says:
Venäjä syytti Makijivkan iskusta sotilaidensa luvatonta kännyköiden käyttöä https://www.is.fi/ulkomaat/art-2000009306228.html
Ukraina iski venäläissotilaiden tilapäiseen majapaikkaan uudenvuodenyönä.
VENÄJÄ sanoo sotilaidensa matkapuhelinten käytön johtaneen iskuun Makijivkan kaupunkiin Donetskiin. Ukraina iski venäläissotilaiden tilapäiseen majapaikkaan uudenvuodenyönä.
Venäjän puolustusministeriön julkaisemassa videolausunnossa sanotaan, että tapahtunutta tutkii komissio. Lausunnon mukaan jo nyt on selvää, että suurin syy iskuun oli joukkojen sääntöjenvastainen matkapuhelinten käyttö vihollisen aseiden ulottuvissa.
Tomi Engdahl says:
Russian Turla Cyberspies Leveraged Other Hackers’ USB-Delivered Malware
https://www.securityweek.com/russian-turla-cyberspies-leveraged-other-hackers-usb-delivered-malware
In a recent attack against a Ukrainian organization, Russian state-sponsored threat actor Turla leveraged legacy Andromeda malware likely deployed by other hackers via an infected USB drive, Mandiant reports.
Active since at least 2006 and linked to the Russian government, the cyberespionage group is also tracked as Snake, Venomous Bear, Krypton, and Waterbug, and has been historically associated with the use of the ComRAT malware.
Also known as Wauchos or Gamarue, Andromeda has been active since at least September 2011, ensnaring infected machines into a botnet that was disrupted in December 2017. The widely used threat was mainly leveraged for credential theft and malware delivery.
While analyzing a Turla-suspected operation tracked as UNC4210, Mandiant discovered that at least three expired Andromeda command and control (C&C) domains have been reregistered and used for victim profiling.
The attack was conducted in September 2022, but the victim Ukrainian organization was infected with a legacy Andromeda sample in December 2021 via an infected USB drive. A malicious LNK file on the drive was used for malware execution.
Tomi Engdahl says:
Aggi Cantrill / Bloomberg:
Russia’s invasion of Ukraine boosted European investments in dual-use tech like autonomous drones, rockets for satellites, and more
War in Europe Draws Investors to Drone, Battlefield AI Makers
https://www.bloomberg.com/news/articles/2023-01-06/war-in-europe-draws-investors-for-drone-battlefield-ai-makers
Venture capital investment in defense hit a record last year
Ukraine invasion has spurred investment on the continent
European tech companies that work with the defense industry, long an investment taboo for many venture capital firms, are drawing record amounts of funding in the wake of Russia’s invasion of Ukraine.
Tomi Engdahl says:
Pro-Ukraine hackers leak Russian data in hopes someone will make sense of it https://therecord.media/pro-ukraine-hackers-leak-russian-data-in-hopes-someone-will-make-sense-of-it/
For Ukrainian hackers, the value and practicality of leaked data are not necessarily the most important thing they leak data to anger the Kremlin, draw attention to their activities, attract new members and distract their adversaries from more disruptive operations. Hackers usually leave it up to journalists and intelligence agencies to decide what to do with troves of leaked documents. “Successful hacking and exfiltration is often the easy part, said [Gavin] Wilde. Making sense of mountains of unstructured data is an entirely different ballgame these collectives seem content to simply pass that burden onto anyone else.
Tomi Engdahl says:
Ukraine: Russian Cyber-Attacks Should Be Considered War Crimes https://www.infosecurity-magazine.com/news/ukraine-russia-cyber-war-crimes/
In an interview with Politico, Victor Zhora, chief digital transformation officer at the State Service of Special Communication and Information Protection (SSSCIP) of Ukraine, said that government officials are gathering evidence of cyber-attacks conducted alongside kinetic strikes to support potential prosecutions at the International Criminal Court (ICC) in The Hague
Tomi Engdahl says:
Irans support of Russia draws attention of pro-Ukraine hackers https://therecord.media/irans-support-of-russia-draws-attention-of-pro-ukraine-hackers/
In response, pro-Ukraine hacktivists claimed to launch distributed denial-of-service attacks on several Iranian websites, including the website of Irans supreme leader Ali Khamenei, and the National Iranian Oil Company (NIOC)
Tomi Engdahl says:
Tutkija väittää: Suomessa on merkkejä sotapsykoosista – näin siihen on hänen mukaansa päädytty
https://www.is.fi/kotimaa/art-2000009317873.html
Oulun yliopiston dosentti, sotahistorian tutkija Jussi Jalonen sanoo, että puhe venäläissotilaiden epäinhimillistämisestä on oire sodasta käydyn yhteiskunnallisen keskustelun rappeutumisesta.
Tomi Engdahl says:
Life during wartime: Ukraine has to be ready for new more powerful and complex cyberattacks https://therecord.media/life-during-wartime-ukraine-has-to-be-ready-for-new-more-powerful-and-complex-cyberattacks/
Despite their apparent lack of impact, the attempted cyberattacks have continued. Viktor Zhora, the head of the State Service for Special Communications and Information Protection (SSSCIP), told The Record that the countrys Computer Emergency Response Team had, as of December 13, processed 84 incidents related to the energy sector since the full-scale invasion began. CERT-UA does not deal with all the threats faced by the companies in the power sector, Zhora explained. It considers only the most critical ones that have to be brought to the teams attention by the operators of the critical information infrastructure facilities. The number of critical incidents has not previously been reported
Tomi Engdahl says:
Danish Banks Are Targets of Pro-Russian DDoS Hacking Group
https://www.bankinfosecurity.com/danish-banks-targets-pro-russian-ddos-hacking-group-a-20902
Apparent targets included some of the largest financial institutions, including Jyske Bank and Sydbank. Arbejdernes Landsbank said its online banking system was affected. NoName057(16) on its Telegram channel claimed attacks on Sydbank, Sparekassen Sjælland-Fyn, Bankinvest, Jyskebank. Reuters reported hackers also hit Bankdata, a private company that provides financial technology. The hackers also targeted Denmark’s National Bank, which regained its access after the attack took its website down for a brief period, Reuters reported.
Also
https://www.reuters.com/technology/denmarks-central-bank-website-hit-by-cyberattack-2023-01-10/
Tomi Engdahl says:
Volkswagen on pysäyttänyt Venäjällä olevat järjestelmänsä – korjaamot kaaoksessa https://www.is.fi/autot/art-2000009323331.html
Tomi Engdahl says:
Pro-Russian Group DDoS-ing Governments, Critical Infrastructure in Ukraine, NATO Countries
https://www.securityweek.com/pro-russian-group-ddos-ing-governments-critical-infrastructure-ukraine-nato-countries
A Pro-Russian cybercrime group named NoName057(16) is actively launching distributed denial-of-service (DDoS) attacks against organizations in Ukraine and NATO countries.
Also known as NoName05716, 05716nnm or Nnm05716, the threat actor has been supporting Russia’s invasion of Ukraine since March 2022, launching disruptive attacks against government and critical infrastructure organizations.
To date, the group has launched DDoS attacks against government, military, telecommunications, and transportation organizations, as well as media agencies, suppliers, and financial institutions in Ukraine, Czech Republic, Denmark, Estonia, Lithuania, Norway, and Poland.
According to cybersecurity firm SentinelOne, the group focused on Ukrainian news websites at first, but later shifted attention to NATO-associated targets, aiming to silence what it deems to be anti-Russian.
Tomi Engdahl says:
Vihollisen demonisointi voi johtaa raakuuksiin – Ruanda ja Irak tarjoavat esimerkkejä
https://www.hs.fi/ulkomaat/art-2000009317001.html
Ukrainalla on monia syitä vihata venäläisiä, mutta ihmisyyttä ei tarvitse riisua edes viholliselta, kirjoittaa HS:n ulkomaantoimittaja Pekka Mykkänen
Tomi Engdahl says:
Liettuan ja Latvian välisessä kaasuputkessa räjähti – syytä selvitetään https://www.is.fi/ulkomaat/art-2000009326656.html
Tomi Engdahl says:
GitHub Disables Pages of Pro-Russia DDoS Group NoName057(16) https://www.hackread.com/github-disables-pages-ddos-noname05716/
NoName057(16) is a pro-Russia hacktivist collective known for targeting several businesses and organizations in European countries, including Poland and Lithuania. The group had its accounts disabled by GitHub for attempting to launch DDoS attacks against the Czech presidential election candidates websites last week
Tomi Engdahl says:
Hackers use fear of mobilization to target Russians with phishing attacks https://therecord.media/hackers-use-fear-of-mobilization-to-target-russians-with-phishing-attacks/
Hackers took advantage of Russian concerns about mobilization to steal credentials through malicious links, according to new research. In a phishing campaign described by the Russian cybersecurity channel In2security on the messaging app Telegram and confirmed by researchers from antivirus provider Kaspersky Lab, attackers used a phishing website and Telegram bot to collect personal data from Russian users
Tomi Engdahl says:
Hacker group discloses ability to encrypt an RTU device using ransomware, industry reacts – Industrial Cyber
https://industrialcyber.co/industrial-cyber-attacks/hacker-group-discloses-ability-to-encrypt-an-rtu-device-using-ransomware-industry-reacts/
A hacker group has claimed that it has conducted a ‘first-ever’ ransomware attack against an RTU (remote terminal unit), a small device typically deployed across industrial control system (ICS) environments. The Anonymous group affiliate said that it executed GhostSec ransomware during its favorite operation ‘#OpRussia,’ and explained it ‘as only they can in support of #Ukraine.’
In its Twitter message, Anonymous Operations wrote that “Everybody knows that GhostSec has been ‘raising the bar’ since we started attacking ICS, now its time to push the hacking history even further beyond! It’s time to write our name in a new hacking game, it’s to start a new race. Everyone has obviously heard about a ransomware that attacked a Windows desktop, some server, some IoT, but we would like to announce the first RTU attacked!”
The group added that “YES! We just encrypted the first RTU in history! A small device designed only for an ICS environment! We knew, you knew, that the time sooner or later would come. Well, it has come!”
Anonymous further added that “the age of ransomware coded to attack ICS devices just became a thing, and we were the first like previously hacking the Russian trains directly! This ransomware was not intended to be very complex (it doesn’t mean that we cant code complex malware) since we just wanna encrypt and show it to the world.”
Analyzing the hacker group’s claim, researchers from industrial cybersecurity company Claroty’s research arm Team82 wrote in a Thursday blog post that GhostSec has claimed on a public Telegram group that it has been able to encrypt an industrial RTU router that features SCADA (supervisory control and data acquisition) capabilities including support for industrial serial interfaces RS-232 and RS-485 and MODBUS protocol variations.
The TELEOFIS RTU968 V2 is a new 3G router that supports wired and wireless connections of commercial and industrial facilities to the Internet.
Team82 revealed that the group claimed on Telegram that the compromised device is from Belarus, and also did not demand a ransom, instead leaving behind a lengthy message that includes the note: ‘There is no notification letter. There is no payment.’
“From public internet scans we discovered that there are 194 internet-exposed devices in Russia, Kazakhstan, Belarus, and 117 of them have the SSH service enabled,” according to the researchers. “We were curious to know what was the initial attack vector so we downloaded the firmware and conducted research on it (.tar → .UBI root filesystem, Linux kernel).”
Additionally, “we discovered that the device runs over a 32-bit ARM architecture with an ARM926EJ-S processor which is part of ARM9 family of general-purpose microprocessors. It runs the OpenWrt 21.02.2 operating system, which is a Linux distribution with BusyBox.”
Claroty researchers wrote that hacktivist groups, though largely politically motivated, have demonstrated the ability to be disruptive to businesses and operations in certain situations. “GhostSec’s latest alleged activity is another indication that these groups have an interest in seeking out ICS devices that—if attacked—can impact productivity and safety within industrial automation settings,” they added.
Ron Fabela, CTO at another industrial cybersecurity vendor SynSaber, wrote in a separate blog post that given that these devices are running generic Linux kernels that happen to be providing connectivity to serial devices (which, of course, could be industrial), “there’s nothing in the evidence supplied by GhostSec that industrial was specifically attacked or that this attack represents a new paradigm shift in industrial hacking.”
“Whether technically true or not, groups like GhostSec, the Cl0p gang, and others continue to research and discover OT attacks and ICS hacks,” Fabela wrote in his Wednesday post. “The paradigm shift isn’t that someone can attack a Linux/OpenWRT device. Rather, it’s the pivot by threat groups on how to take traditional enterprise attacks and apply them to industrial environments. It was also trivial to find these exact devices online via tools like shodan[dot]io,” he added.
This example by GhostSec shows new threat groups’ lack of understanding about ICS, Fabela said. “It also gives the community a glimpse at the group’s intent, something exceedingly difficult to measure otherwise. After looking at the evidence presented, it may be easy to dismiss the bold claims by GhostSec.”
He further highlighted that the fact remains that ICS will be targeted, and threat actors see the value in attacking (or claiming to attack) ICS.
“Scenarios outlined by GhostSec and Red Balloon will likely remain an area for proof of concepts and flashy presentations at hacker cons,” according to Slowik. “Yet should such embedded device ransomware emerge in industrial environments (especially critical infrastructure networks), we should immediately question the nature and origin of such activity, as the economics and optics of such an event will favor a state-directed entity being responsible as opposed to more traditional criminal monetization,” he added.
In October, another industrial cybersecurity company OTORIO disclosed that the GhostSec hacktivist group has continued to demonstrate its ICS hacking skills and has now turned its support to the recent waves of Hijab protests in Iran.
“The group has published several images as evidence of successfully ‘hacked’ systems. These show the use of SCADA modules of the Metasploit framework and a MOXA E2214 controller admin web portal following a successful login,” David Krivobokov, OTORIO’s Research Team leader, revealed at the time. “While it is not clear how critical the ‘breached’ systems are, this demonstrates again the ease and potential impact of attacks on ICS systems that have insufficient security controls in place.”
Earlier this week, Red Balloon researchers detected the presence of multiple architectural vulnerabilities prevalent in the Siemens SIMATIC and SIPLUS S7-1500 series PLC (Programmable Logic Controller) that could allow attackers to bypass all protected boot features, resulting in persistent arbitrary modification of operating code and data. Affecting around 120 Siemens products and solutions, the S7-1500 is a high-performance controller that is considered to possess comprehensive security protections amongst Siemens PLC products.
Cybersecurity Experts Cast Doubt on Hackers’ ICS Ransomware Claims
https://www.securityweek.com/cybersecurity-experts-cast-doubt-hackers-ics-ransomware-claims
A hacktivist group has made bold claims regarding an attack on an industrial control system (ICS) device, but industry professionals have questioned their claims.
The hacktivist group known as GhostSec, whose recent operations have focused on ‘punishing’ Russia for its invasion of Ukraine, claims to have conducted the first ever ransomware attack against a remote terminal unit (RTU), a type of ICS device used for communications between field devices and supervisory control and data acquisition (SCADA) systems.
“We just encrypted the first RTU in history! A small device designed only for an ICS environment,” the hackers said. “The age of ransomware coded to attack ICS devices just became a thing, and we were the first.”
The group said the hacked device is located in Belarus, one of Russia’s biggest allies. While the attack was described as ransomware because files on the device were encrypted, there wasn’t an actual ransom demand.
Several experts, including ones from ICS security companies, analyzed the hacktivists’ claims based on the screenshots they made available. The screenshots show that the attackers managed to encrypt some of the files hosted on the device, just like in a ransomware attack
The first aspect that most experts pointed out is that the targeted device is the Teleofis RTU968, a product described by the Russia-based vendor as a 3G router designed for connecting industrial and commercial facilities to the internet. While the device is labeled as an RTU and can technically be used as an RTU due to the fact that it supports industrial interfaces, it’s not specifically designed for this purpose.
In addition, unlike RTUs made by major vendors such as Siemens, which run operating systems that are custom-built for industrial applications, the Teleofis device runs OpenWrt, a widely used Linux operating system designed for embedded devices.
Ransomware that can encrypt files on a Linux device is not new and there is no indication that encrypting files on the Teleofis device is more difficult. In addition, hacking these types of communication gateways that provide remote connectivity to serial devices is also not new, pointed out industrial cybersecurity firm SynSaber.
“Given that these devices are running generic Linux kernels that happen to be providing connectivity to serial devices (which, of course, could be industrial), there’s nothing in the evidence supplied by GhostSec that industrial was specifically attacked or that this attack represents a new paradigm shift in industrial hacking,” explained Ron Fabela, the CTO of SynSaber.
https://twitter.com/AnonOpsSE/status/1613104709832671233
#Anonymous affiliate #GhostSec conducts the first ever #Ransomware attack against an RTU – remote terminal unit used in ICS environments during their favorite operation #OpRussia. They explain it as only they can in support of #Ukraine
#russiaisaterrorisstate #UkraineRussiaWar
GhostSec Makes Big Claims on “RTU” ICS Hack
https://synsaber.com/ghostsec-claim-rtu-ics-hack/
“Everyone has obviously heard about a ransomware that attacked a Windows desktop, some server, some IoT, but we would like to announce the first RTU attacked!”
“YES! We just encrypted the first RTU in history!”
(For more on GhostSec, check out https://en.wikipedia.org/wiki/Ghost_Security)
Let’s break down the evidence provided along with the claim, some basic OSINT (open source intelligence) gathering, and insights as to whether this claim is all it’s cracked up to be.
The Spectre of Big Claims Online
No doubt, industrial control systems are under attack. We hear it in the form of government advisories and see numerous presentations by experts on the subject. Nevertheless, we as a community cannot take every claim at face value.
Here we have an opportunity to dig into the evidence provided directly from the source: claims and screenshots directly from the attacker.
A series of screenshots and statements are still available on the GhostSec Telegram channel.
You can see them for yourself at https://t.me/GhostSecc/410
Claim 1: GhostSec “raises the bar” by being the first to encrypt data on an RTU
Claim 2: The age of ransomware coded to attack ICS devices “just became a thing”
Attached to the message were two screenshots of a command line interface. That’s where things get interesting.
Let’s delve into what victimology insights can be gained about the attack.
First, let’s start with what an RTU is in the industry, and the specifics around the RTU shown in the screenshots. For background details on what an RTU really is, please see this post from RealPars: https://realpars.com/rtu/
A few important data points:
Banner notes the vendor of the device as TELEOFIS
Build notes for RTU968V2 v.2.6.95
OpenWrt Chaos Calmer is interesting
Most industrial RTUs do not run Linux, but real-time operating systems custom-built for industrial control
So what is a TELEOFIS RTU986V2? I’m glad you asked.
Here is the specific product information for the target device:
https://teleofis.ru/production/3g-4g-routeri/3g-router-teleofis-rtu968-v2/
this is a 3G router that has the capability to connect to serial devices, and supports network functions such as firewall/OpenVPN, and other functions.
Phantom Menace
While the claim is technically correct in that TELEOFIS (the device vendor) labels this device as an RTU, digging deeper into the product lines, these are communications gateways and routers that can be applied to any environment, including industrial control.
Given that these devices are running generic Linux kernels that happen to be providing connectivity to serial devices (which, of course, could be industrial), there’s nothing in the evidence supplied by GhostSec that industrial was specifically attacked or that this attack represents a new paradigm shift in industrial hacking.
Skepticism and Research: Investigate Claims of an ICS Hack
Whether technically true or not, groups like GhostSec, the Cl0p gang, and others continue to research and discover OT attacks and ICS hacks (see my breakdown of the ICS hack claim regarding South Staffs Water at https://synsaber.com/south-staffs-water-hack-part-1/).
The paradigm shift isn’t that someone can attack a Linux/OpenWRT device. Rather, it’s the pivot by threat groups on how to take traditional enterprise attacks and apply them to industrial environments. It was also trivial to find these exact devices online via tools like shodan.io.
Tomi Engdahl says:
Venäjä aikoo vahvistaa asevoimiaan Suomen rajalla – Karjalaan uusi armeijakunta
Puolustusministeri Šoigu ilmoitti aikeista osana asevoimien uudistuspakettia.
https://www.iltalehti.fi/ulkomaat/a/2f3b6d72-0203-4c15-85cc-99dd3aea0c60
Venäjä aikoo uudistaa asevoimiaan merkittävällä tavalla vuosina 2023–2026, maan puolustusministeriö ilmoittaa. Muutostarpeen arvioidaan johtuvan Ukrainan sodassa kärsityistä takaiskuista.
Puolustusministeriön mukaan “suuret muutokset” tarkoittavat hallinnollisten reformien lisäksi myös merivoimien, ilma- ja avaruusvoimien sekä strategisten ohjusjoukkojen vahvistamista.
– Ainoastaan vahvistamalla asevoimien rakenteiden tärkeimpiä osia on mahdollista varmistaa valtion sotilaallinen turvallisuus, puolustusministeri Sergei Šoigu toteaa uutistoimisto Reutersin mukaan.
Venäjän puolustusministeriö kertoi jo joulukuussa aikeistaan kasvattaa maan asevoimien kokoa 1,5 miljoonaan sotilaaseen. Presidentti Vladimir Putin on nyt antanut tälle aikaa kolme vuotta. Nykyisellään Venäjän asevoimissa palvelee noin 1,15 miljoonaa sotilasta.
Venäjän valtionmedian mukaan ilmoitetuilla muutoksilla pyritään vahvistamaan varsinkin Venäjän Suomen vastaista rajaa. Asiasta uutisoi ukrainalainen Ukrainska Pravda -lehti. Venäjän on jo aiemmin kerrottu joutuneen siirtämään joukkoja Ukrainaan myös Suomen rajan läheisiltä alueiltaan.
Šoigun mukaan Venäjä aikoo perustaa kaksi kokonaan uutta sotilaspiiriä Moskovan ja Leningradin alueille lähellä Suomen rajaa. Karjalaan perustetaan puolestaan uusi armeijakunta, joka kykenee itsenäisiin sotatoimiin.
Tomi Engdahl says:
William Mauldin / Wall Street Journal:
Russian attacks on Ukraine’s electrical grid are straining its mobile network, leading to a global hunt for equipment like batteries to keep the system online
Russian Strikes Sap Ukraine Mobile Network of Vital Power
Telecom operators and internet providers scour suppliers for better batteries, generators
https://www.wsj.com/articles/russian-strikes-sap-ukraine-mobile-network-of-vital-power-11673747621?mod=djemalertNEWS
Russia’s attacks on Ukraine’s electrical grid are straining the war-torn country’s mobile-telephone network, leading to a global hunt for batteries and other equipment critical for keeping the communications system working.
Ukraine’s power outages aren’t just putting out the lights. The electricity shortages also affect water supplies, heating systems, manufacturing and the cellular-telephone and internet network, a vital communications link in a nation where fixed-line telephones are uncommon.
Consumers can charge their cellphones at cafes or gas stations with generators, but the phones have to communicate with base stations whose antennas and switching equipment need large amounts of power. With rolling blackouts now a regular feature of life in Ukraine, the internet providers are relying on batteries to keep the network going.
The stakes are high, since Ukrainian officials are using positive news of the war, speeches by President Volodymyr Zelensky and videos distributed by cellphone to maintain popular support for fighting Russia. First responders and evacuees rely on the mobile network, and a long-term loss of communications in major cities would compound the existing problems of electrical, heating and water outages, the companies say.
Labor shortages have exacerbated the mobile-network issues as many Ukrainians have been displaced by the war or gone to the front to fight.
But the biggest problem is power equipment. “We are not asking for money, we are asking for batteries,” said Yuriy Zadoya, manager of the division responsible for technology at Lifecell, part of Turkcell Iletisim Hizmetleri AS . “No one has a stock of batteries.”
Lifecell, the country’s third-biggest provider, needs roughly 250 generators and 36,000 lithium-ion batteries, a spokeswoman says.
Ukraine’s mobile network wasn’t built for wartime, and most base stations have a type of lead-acid battery known as absorbent-glass mat, or AGM. These batteries can only power a station for a couple of hours and take a long time to fully charge when the power comes back on.
Mobile operators are seeking lithium-ion backup systems, since they last longer during an outage than the lead-acid-based batteries and can be recharged quicker. Yet, mobile executives say certain base stations—which include the antennas, switching equipment and power source—need generators to keep the power going.
The U.S. Agency for International Development in November supplied 50 diesel generators to a Ukraine telecommunications and internet association to help keep cellular and fiber-optic services online, a spokeswoman for the agency said.
U.S. diplomats are on a global hunt for supplies of high-voltage transformers and other equipment to rebuild the Ukrainian grid, which would help power supplies to the telecommunications industry, as well as chemicals and metallurgy, said Geoffrey Pyatt, the assistant U.S. secretary of state for energy, after a recent tour of the country.
Meanwhile, Kyivstar, Lifecell and the other big Ukrainian operator—Neqsol Holding’s Vodafone Ukraine—approached manufacturers to get more backup batteries to replace their lead-acid batteries but were told the units would take three or four months to produce
Kyivstar has received and installed 8,000 new batteries for its system, and Vodafone Ukraine has installed 5,000, according to executives from the two companies.
The new batteries aren’t a panacea since they only provide up to half a dozen hours of power for the station, less than the length of many power outages.
Now an average of 25% of base stations across the country are down at any given time as a result of rolling power outages, Mr. Prybytko said. During the worst of the Russian strikes on the power system to date in late November, 59% of base stations weren’t functioning.
“It was unexpected for us because the attack was so massive and had a big impact on the energy system,”
Officials focused on the telecom sector are working with energy officials to change the rules giving power-access priority to select strategic sectors such as hospitals and emergency services. Mobile operators want the mobile network to receive priority access to get more hours of power each day, Mr. Prybytko said.
All three mobile operators now allow roaming in each other’s networks at no extra charge, a move that increases the likelihood that a customer can connect with a competitor’s network if the tower nearest him or her is down.
The firms are also working to restore Ukrainian mobile service in areas previously occupied by Russia
In Russian-occupied areas of Ukraine, mobile equipment was typically destroyed, with the Russian side working to set up its own network. “Some base stations were robbed—they simply took the equipment,” Mr. Zadoya, of Lifecell, said. “Quite a few were destroyed totally.”
In areas where the network has been damaged during the war, military officers and authorities sometimes have access to satellite communications, including Starlink internet service, provided by Elon Musk’s SpaceX.
Tomi Engdahl says:
LÄNNELLÄ on Ukrainassa sotaa käyvää Venäjää vastaan pakotekortti, joka on toistaiseksi kääntämättä. Ylen kuva- ja videoartikkelin mukaan länsimaisten älypuhelinten toiminnan estäminen olisi teknisesti mahdollista.
Yle: Venäjää vastaan on olemassa vahva pakote, jota ei ole vielä käytetty https://www.is.fi/digitoday/art-2000009334279.html
Tomi Engdahl says:
https://yle.fi/a/74-20012865
Tomi Engdahl says:
Russia’s 48-core CPU is now ready for production.
Russian 48-Core Baikal-S CPU Powers First Storage Device
By Anton Shilov published 2 days ago
Based on a sample version of the Baikal-S processor
https://www.tomshardware.com/news/48-core-baikal-for-storage?utm_campaign=socialflow&utm_medium=social&utm_content=tomsguide&utm_source=facebook.com
A Curious Motherboard
Eliptech, a company that used to be a part of Sber, one of Russia’s largest state-controlled bank and cloud service providers, has developed a motherboard based on the BE-S1000 server-grade system-on-chip featuring 48 Arm Cortex-A75 cores at 2.50 GHz at 120W. The SoC has six 72-bit memory interfaces supporting up to 768 GB of DDR4-3200 ECC memory in total (i.e., 128GB per channel), five PCIe 4.0 x16 (4×4) interfaces, one USB 2.0 controller, two 1GbE interfaces, and various general purpose I/O. While on paper this thing may look good, it will hardly ever enter our list of best CPUs for workstations.
Given the rather rich input / output capabilities of the Baikal BE-S1000 SoC, Eliptech’s ET113-MB motherboard can support a rather vast set of storage devices. We are talking about two PCIe 4.0 x4 SSDs as well as multiple SATA hard drives or solid-state drives. The motherboard has four U.2 connectors, so there are some limitations to is expansion capabilities.
How?
Which brings us back to the fact that this could be the only motherboard featuring the Baikal BE-S1000 processor. This SoC was supposed to be made by TSMC on its 16FFC fabrication technology. Yet, due to sanctions against Russia for its invasion in Ukraine, this CPU will never be shipped to Baikal Electronics. Russia’s own semiconductor production capabilities are limited to thick process technologies.
Given the fact that almost no chip can be shipped to Russia from Taiwan, a question that now arises is “How a16FFC-based Baikal BE-S1000 chip was obtained?” This question will perhaps remain unanswered.
Russia’s inability to supply proprietary hardware for its military tasks is well offset by its large-scale process to procure chips, as reported by Reuters back in December. The huge operation included Hong Kong and Turkey and what was discovered by the highly respected news agency is a tip of an iceberg to put it mildly.
Why?
Despite all sanctions, Russia is a huge nation (with 140+ million inhabitants) and a big economy that can pour in vast amounts of money in pretty much everything. It can barely fund an Nvidia H100-kind of chip, but for things like the BE-S1000, it has deep pockets. This is when new government-funded companies emerge.
Tomi Engdahl says:
It looks like HDDs are going the way of the dodo.
HDD Shipments Almost Halved in 2022
By Mark Tyson published 2 days ago
Quarterly and yearly shipment figures for Seagate, Toshiba and WDC are a sea of red.
https://www.tomshardware.com/news/hdd-shipments-almost-halved-in-2022?utm_content=tomsguide&utm_campaign=socialflow&utm_medium=social&utm_source=facebook.com
Tomi Engdahl says:
Tällaisia ovat Venäjän myyrät Euroopassa – tutkija tunnistaa kolme ryhmää https://www.is.fi/ulkomaat/art-2000009310471.html
Tomi Engdahl says:
Ukraine links data-wiping attack on news agency to Russian hackers https://www.bleepingcomputer.com/news/security/ukraine-links-data-wiping-attack-on-news-agency-to-russian-hackers/
“According to preliminary data, provided by CERT-UA specialists, the attack have caused certain destructive effects on the agency’s information infrastructure, but the threat has been swiftly localized nonetheless,” the State Service of Special Communications and Information Protection (SSSCIP) of Ukraine said. CERT-UA says the cyberattack was likely carried out by the Sandworm group based on the threat actors’ tactics, which was previously linked to the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). The attackers launched the CaddyWiper malware on the news agency’s systems using a Windows group policy (GPO), showing that they had breached the target’s network beforehand. Still, they failed to impact the news agency’s operations.
Tomi Engdahl says:
Ukraine says Russia is coordinating missile strikes, cyberattacks and information operations https://therecord.media/ukraine-says-russia-is-coordinating-missile-strikes-cyberattacks-and-information-operations/
Researchers associated with the Ukrainian government on Tuesday confirmed that Russia has coordinated kinetic strikes and cyberattacks to inflict damage on government offices, public service organizations, media companies and communication centers. In a study titled Comprehensive Analysis of Russian Warfare Dimensions, researchers from Ukraines Economic Security Council and the independent communication agency Truman said Russia coordinated these activities with psychological operations – also known as PSYOPs – to confuse its targets
Tomi Engdahl says:
Gamaredon (Ab)uses Telegram to Target Ukrainian Organizations https://blogs.blackberry.com/en/2023/01/gamaredon-abuses-telegram-to-target-ukrainian-organizations
The Gamaredon Group has been actively targeting the Ukrainian government lately, relying on the infrastructure of the popular messaging service Telegram to bypass traditional network traffic detection techniques without raising obvious flags. Back in November 2022, BlackBerry uncovered a new Gamaredon campaign that relied on a multi-stage Telegram scheme to first profile potential victims, and then deliver the final payload along with the malicious command-and-control (C2). This report provides information about the recent network infrastructure from Crimea that the Gamaredon Group uses, as well as analysis of each step before the victims receive the final payload.
Tomi Engdahl says:
Ukraine signs agreement to join NATO cyber defense center https://therecord.media/ukraine-signs-agreement-to-join-nato-cyber-defense-center/
Ukraine has taken another step to deepen its cooperation with NATO in the cybersecurity field as its war with Russia both kinetic and digital approaches the one-year mark. On Thursday, Ukraine signed an agreement to join the Estonia-based NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE). Before it is official, all of CCDCOEs members will have to sign this agreement. Both sides stand to benefit from this partnership. Ukraine will get access to NATOs cutting-edge technology and research, while CCDCOE members will learn more from Ukraine about how to defend against cyberattacks during wartime.
Tomi Engdahl says:
”Tilanne muistuttaa Neuvostoliiton viimeisiä vuosia” – Ksenia Kotšenko, 21, kertoo, mikä muuttui Moskovassa
https://yle.fi/a/74-20013950
Sotiminen Ukrainassa muutti arkea Moskovassa. Moskovalainen toimittaja kertoo elämästä kotikaupungissaan.
Ksenia Kotšenko, 21, työskentelee taloustoimittajana venäläisessä RBK-julkaisussa. Julkaisu kuuluu RBC-konserniin, jonka pääomistaja on Grigori Berezkin.
EU käyttää Berezkinistä nimitystä ”Putinin kätyri”. Lehti kirjoittaa sodasta niin kutsuttuna Venäjän erikoisoperaationa.
Kotšenkon mukaan moni tuttu tuote hävisi kaupoista sen jälkeen, kun ”erikoisoperaatio” alkoi.
Mistä ihmiset ovat Moskovassa huolissaan eniten?
Suurin huolenaihe on Ukrainan tilanne. Moskovalaiset pelkäävät sen laajenevan globaaliksi konfliktiksi. Myös talouden pakotteet huolettavat, koska ne vaikuttavat jokapäiväiseen kulutukseen, palkkatasoon ja elämänlaatuun.
Jaatko saman huolen?
Olen turhautunut siitä, että Venäjä on menettänyt paljon talouden näkökulmasta erityisoperaation alkamisen jälkeen. Tilanne, johon maa on itsensä vetänyt, on epäoikeudenmukainen. Olen todella huolissani eettisestä puolesta, koska tilanteessa on paljon perusteettomia uhreja. Esimerkiksi nyt on nähty uutisia mahdollisesta uudesta liikekannallepanosta, joka olisi ongelma kaikille. Puhutaan siitä, miten se vaikuttaisi politiikkaan ja talouteen. Jos tilanne menee vaikeammaksi, ottaako hallinto tiukemman otteen myös taloudesta?
Mitä mahdollisesta uudesta liikekannallepanosta puhutaan?
Kreml kieltää uuden liikekannallepanon, mutta useat oppositiossa olevat puhuvat, että se on mahdollista.
Kuinka kauan Venäjällä on varaa tähän tilanteeseen?
En ole makroekonomisti, mutta käsittääkseni on vaikea rahoittaa näin laajamittaisia toimia. Venäjä ei saa lainaa, ja rahat on otettava budjettisäästöillä. Tämä ei voi jatkua pitkään. Todennäköisin syy ”erityisoperaation” päättämiselle voisi olla se, ettei sitä pystytä rahoittamaan. En usko, että nykytilanne voi jatkua vuosikymmeniä. On epätodennäköistä, että tilanne pitkittyy. Toivon todella, että neuvottelut alkaisivat.
Onko jotain mitä vielä haluaisit sanoa?
Sanoisin vielä sen, että journalismi Venäjällä on muutoksen tilassa. Valitettavasti nykyään voi saada pitkiä tuomiota siitä, että kirjoittaa jutun, joka rikkoo sääntöjä. Juttujen taso on laskenut, kun toimittajia on lähtenyt alalta ja ulkomaille. Nykyään on todella vähän reportaaseja paikan päältä tai vielä vähemmän politiikan asialistoista, ymmärrettävästä syystä. Talousjournalismi, jossa työskentelen, on säästynyt rajoituksilta ja ulkomaiselta agenttilailta aika lailla.
Tomi Engdahl says:
Martti J. Kari puhuu suunsa puhtaaksi Saksan saamattomuudesta ja vertaa Putinia Hitleriin: ”Äärimmäisen häpeällistä, emme voi tietää kuka on seuraava” https://www.is.fi/kotimaa/art-2000009344417.html
Tomi Engdahl says:
Source code for all major services of Yandex been leaked:
Search Engine and Indexing Bot
Maps – Like Google Maps and Street View
Alice – AI assistant like Siri / Alexa
Taxi – Uber-like taxi service
Direct – Ads service like Google Ads / Adwords
Mail – Mail service like GMail
Disk – File storage service like Google drive
Market – Marketplace like Amazon
Travel – Like a Booking.com plus Airplane, Train and Bus tickets
Yandex360 – Like Google Workspaces for services on your own domain
Cloud – Probably not all infrastructure code was leaked.
Pay – Payment processing like Stripe, but with limited set of features
Metrika – Like Google Analytics
https://gist.github.com/ArseniyShestakov/53a80e3214601aa20d1075872a1ea989
Tomi Engdahl says:
Cyberwarfare
Cyberattacks Target Websites of German Airports, Admin
https://www.securityweek.com/cyberattacks-target-websites-of-german-airports-admin/
Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet
The websites of German airports, public administration bodies and financial sector organizations have been hit by cyberattacks instigated by a Russian “hacker group”, authorities said Thursday.
The Federal Cyber Security Authority (BSI) had “knowledge of DDoS attacks against targets in Germany”, a spokesman told AFP.
A distributed denial-of-service (DDoS) attack is designed to overwhelm the target with a flood of internet traffic, preventing the system from functioning normally.
The attacks were aimed “in particular at the websites of airports”, as well as some “targets in the financial sector” and “the websites of federal and state administrations”, the spokesman said.
The attack had been “announced by the Russian hacker group Killnet”, the
BSI spokesman said.
The group’s call to arms was in response to Chancellor Olaf Scholz’s announcement Wednesday that Germany would send Leopard 2 tanks to Ukraine to help repel the Russian invasion, according to financial daily Handelsblatt.
Tomi Engdahl says:
Don’t be fooled: Germany’s U-turn on sending tanks to Ukraine is a reluctant one
https://www.theguardian.com/commentisfree/2023/jan/26/germany-u-turn-tanks-ukraine-reluctant-olaf-scholz?CMP=share_btn_fb
The invasion of Ukraine has shaken Germany out of its decades-long commitment to pacifism
Tomi Engdahl says:
ESET: Sandworm could be behind new file-deleting malware targeting Ukraine https://therecord.media/sandworm-swiftslicer-malware-ukraine-russia-eset/
The notorious state-backed Russian hacking group known as Sandworm may be behind new malware targeting Ukraine, according to research published Friday by cybersecurity company ESET. Malware called SwiftSlicer hit one organization in Ukraine before it was discovered by the Slovakia-based firm this week. SwiftSlicer malware “is relatively simple but effective,” according to Boutin. Once executed, it deletes backup copies of computer files, overwrites files located on specific drives and then reboots the computer
Tomi Engdahl says:
#GermanyRIP. Kremlin-loyal hacktivists wage DDoSes to retaliate for tank aid https://arstechnica.com/information-technology/2023/01/germanyrip-kremlin-loyal-hacktivists-wage-ddoses-to-retaliate-for-tank-aid/
Threat actors loyal to the Kremlin have stepped up attacks in support of its invasion of Ukraine, with denial-of-service attacks hitting German banks and other organizations and the unleashing of a new destructive data wiper on Ukraine. Germany’s BSI agency, which monitors cybersecurity in that country, said the attacks caused small outages but ultimately did little damage
Tomi Engdahl says:
HUSin verkkosivut eivät aukea teknisen ongelman vuoksi taustalla saattavat olla venäläishakkerit
https://yle.fi/a/74-20015216
Helsingin ja Uudenmaan sairaanhoitopiirin verkkosivuilla (siirryt toiseen palveluun) on ollut lauantaina teknisiä ongelmia. Sivut eivät aukea, ja latautuvassa näkymässä kerrotaan katkon syyn olevan selvityksessä. Teknisten ongelmien taustalla saattavat olla venäläishakkerit. Venäläinen hakkeriryhmä KillMilk on tänään julkaissut Telegram-kanavallaan listan terveydenhuollon laitoksista, joihin uusi palvelunestohyökkäys kohdistuu, ja Ilmoittanut sen alkamisesta. HUS ei osaa arvioida häiriötilanteen kestoa
Tomi Engdahl says:
British Cyber Agency Warns of Russian and Iranian Hackers Targeting Key Industries https://thehackernews.com/2023/01/british-cyber-agency-warns-of-russian.html
The U.K. National Cyber Security Centre (NCSC) on Thursday warned of spear-phishing attacks mounted by Russian and Iranian state-sponsored actors for information-gathering operations. “The attacks are not aimed at the general public but targets in specified sectors, including academia, defense, government organizations, NGOs, think tanks, as well as politicians, journalists and activists,” the NCSC said. The agency attributed the intrusions to SEABORGIUM (aka Callisto, COLDRIVER, and TA446) and APT42 (aka ITG18, TA453, and Yellow Garuda). The similarities in the modus operandi aside, there is no evidence the two groups are collaborating with each other
Tomi Engdahl says:
Latvia confirms phishing attack on Ministry of Defense, linking it to Russian hacking group https://therecord.media/latvia-confirms-phishing-attack-on-ministry-of-defense-linking-it-to-russian-hacking-group/
The Russian cyber-espionage group known as Gamaredon may have been behind a phishing attack on Latvias Ministry of Defense last week, the ministry told The Record on Friday. Hackers sent malicious emails to several employees of the ministry, pretending to be Ukrainian government officials. The attempted cyberattack was unsuccessful, the ministry added