Ukraine and Russia seems to be at the moments on both traditional and cyber war. We could call that hybrid warfare. We are at a cyber war. Countless examples exist of damage to infrastructure from hostile acts via computer attacks. Russia’s invasion of Ukraine has been a hybrid war from the start, a mix of conventional military strategy — traditional “boots on the ground” — and a slightly more unconventional, digital or cyberwar. On the morning of February 22, 2022, the world woke to the news that Russia had moved troops into two separatist regions of eastern Ukraine. Russia started to conduct attacks to Ukraine on February 24. Before physical attacks Russia did several cyber attacks towards IT systems in Ukraine.
Here are links to some material on the cyber side of this war:
How the Eastern Europe Conflict Has Polarized Cyberspace
https://blog.checkpoint.com/2022/02/27/how-the-eastern-europe-conflict-polarized-cyberspace/
The war between Russia and Ukraine is advancing. People everywhere are deciding who they will support. The same dynamic happens in the cyberspace. Hacktivists, cybercriminals, white hat researchers or even technology companies are picking a clear side, emboldened to act on behalf of their choices. Historically, Russia has had superiority over Ukraine in the cyberspace. And last week, Ukraine was attacked by destructive wiping malware. However, the situation is starting to change, as most of the non-nation cyber state actors are taking the side of Ukraine. To defend itself, the Ukrainian government has created an international IT army of hacktivists.
As war escalates in Europe, it’s ‘shields up’ for the cybersecurity industry
https://techcrunch.com/2022/03/02/as-war-escalates-in-europe-its-shields-up-for-the-cybersecurity-industry/
In unprecedented times, even government bureaucracy moves quickly. As a result of the heightened likelihood of cyberthreat from Russian malactor groups, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) — part of the Department of Homeland Security — issued an unprecedented warning recommending that “all organizations — regardless of size — adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.”
Digital technology and the war in Ukraine
https://blogs.microsoft.com/on-the-issues/2022/02/28/ukraine-russia-digital-war-cyberattacks/
All of us who work at Microsoft are following closely the tragic, unlawful and unjustified invasion of Ukraine. This has become both a kinetic and digital war, with horrifying images from across Ukraine as well as less visible cyberattacks on computer networks and internet-based disinformation campaigns. We are fielding a growing number of inquiries about these aspects and our work, and therefore we are putting in one place a short summary about them in this blog. This includes four areas: protecting Ukraine from cyberattacks; protection from state-sponsored disinformation campaigns; support for humanitarian assistance; and the protection of our employees.. Also:
https://threatpost.com/microsoft-ukraine-foxblade-trojan-hours-before-russian-invasion/178702/
Ukraine: Cyberwar creates chaos, ‘it won’t win the war’
https://www.dw.com/en/ukraine-cyberwar-creates-chaos-it-wont-win-the-war/a-60999197
There have been at least 150 cyberattacks in Ukraine since Russia’s invasion. Their effect is mainly psychological, and experts say they won’t decide the war.
Russia’s invasion of Ukraine has been a hybrid war from the start, a mix of conventional military strategy — traditional “boots on the ground” — and a slightly more unconventional, digital or cyberwar.
The global technology company Microsoft has said its Threat Intelligence Center (MSTIC) detected “destructive cyberattacks directed against Ukraine’s digital infrastructure” hours before the first launch of missiles or movement of tanks on February 24.
Those attacks, which Microsoft dubbed FoxBlade, included so-called wipers — malicious software or malware — that make their way inside computer networks and literally wipe the data from all connected devices.
Cybersecurity experts in Germany have said there have been over a hundred cyberattacks, in various forms, since then. But their effect has mainly been psychological.
Why Russia Hasn’t Launched Major Cyber Attacks Since the Invasion of Ukraine
https://time.com/6153902/russia-major-cyber-attacks-invasion-ukraine/
In the relatively short and rapidly evolving history of cyber conflict, perhaps nothing has been established with greater certainty and more widely accepted than the idea that Russia has significant cyber capabilities and isn’t afraid to use them—especially on Ukraine. In 2015, Russian government hackers breached the Ukrainian power grid, leading to widespread outages. In 2017, Russia deployed the notorious NotPetya malware via Ukrainian accounting software and the virus quickly spread across the globe costing businesses billions of dollars in damage and disruption.
As tensions escalated between Russia and Ukraine, many people were expecting the conflict to have significant cyber components.
But as the invasion continues with few signs of any sophisticated cyber conflict, it seems less and less likely that Russia has significant cyber capabilities in reserve, ready to deploy if needed. Instead, it begins to look like Russia’s much vaunted cyber capabilities have been neglected in recent years, in favor of developing less expensive, less effective cyber weapons that cause less widespread damage and are considerably easier to contain and defend against. For instance, many of the cyberattacks directed at Ukraine in the past month have been relatively basic distributed denial-of-service attacks.
Given Russia’s past willingness to deploy cyberattacks with far-reaching, devastating consequences, it would be a mistake to count out their cyber capabilities just because they have so far proven unimpressive. And it’s all but impossible to prove the absence of cyber weapons in a nation’s arsenal. But the longer the conflict goes on without any signs of sophisticated cyber sabotage, the more plausible it becomes that the once formidable Russian hackers are no longer playing a central role in the country’s military operations.
Crowd-sourced attacks present new risk of crisis escalation
https://blog.talosintelligence.com/2022/03/ukraine-update.html
An unpredictable and largely unknown set of actors present a threat to organizations, despite their sometimes unsophisticated techniques.
Customers who are typically focused on top-tier, state-sponsored attacks should remain aware of these highly motivated threat actors, as well. Misattribution of these actors carries the risk of nations escalating an already dangerous conflict in Ukraine. Based on data from our fellow researchers at Cisco Kenna, customers should be most concerned about threat actors exploiting several recently disclosed vulnerabilities, highlighting the importance of consistently updating software and related systems.
Russia, Ukraine and the Danger of a Global Cyberwar
https://www.securityweek.com/russia-ukraine-and-danger-global-cyberwar
On the morning of February 22, 2022, the world woke to the news that Russia had moved troops into two separatist regions of eastern Ukraine. At the time of writing, it is not yet a full invasion of Ukraine, but Russia did conduct attacks on February 24, hitting cities with airstrikes and artillery in what was called a “special military operation” by Russian President Vladamir Putin.
Russia has been waging its own cyberwar against Ukraine for many years.
Since the beginning of 2022, however, it seems that Russian cyber activity against Ukraine has increased. This includes evidence that wiper malware has again disrupted some Ukrainian government networks, and attacks from the FSB-linked Gamaredon have targeted around 5,000 entities, including critical infrastructure and government departments. So far, however, there has not been the same scale of disruption as occurred in 2015, 2016 and 2017.
The purpose of such cyber activity is to weaken critical infrastructure, damage government’s ability to respond to any aggression, and to demoralize the population.
The U.S. has been warning the rest of the world against a potential widening scope of Russian cyber activity, and that cyber defenses generally should be tightened.
“Part of the worry,” said Willett, “is that cyberattacks against Ukraine might bleed over, like NotPetya, to affect other countries and cause wider damage unintentionally. There is some concern that the Russians may intentionally do stuff more widely, but that would probably be in retaliation for something that the U.S. or NATO might do.
This raises the whole question of ‘attribution’. The received belief is it is impossible to do accurate cyber attribution. ““It would be a mistake for any one nation to think it could attack another without being known,” said Willett.That is absolutely wrong,” said Willett.
But accidents happen. The two iconic cyberweapons have been Stuxnet and NotPetya. It is assumed that the U.S. developed Stuxnet (although this has never been admitted). NotPetya has been confidently attributed to the Russian government. Both malwares escaped from their assumed targets into the wider world. This was probably accidental – but similar accidents could lead to wider implications during a period of global geopolitical tension.
On the morning of February 24, 2022, Russian troops invaded Ukraine. This was accompanied by a further increase in cyber activity.
Ukraine Digital Army Brews Cyberattacks, Intel and Infowar
https://www.securityweek.com/ukraine-digital-army-brews-cyberattacks-intel-and-infowar
Formed in a fury to counter Russia’s blitzkrieg attack, Ukraine’s hundreds-strong volunteer “hacker” corps is much more than a paramilitary cyberattack force in Europe’s first major war of the internet age. It is crucial to information combat and to crowdsourcing intelligence.
Inventions of the volunteer hackers range from software tools that let smartphone and computer owners anywhere participate in distributed denial-of-service attacks on official Russian websites to bots on the Telegram messaging platform that block disinformation, let people report Russian troop locations and offer instructions on assembling Molotov cocktails and basic first aid.
The movement is global, drawing on IT professionals in the Ukrainian diaspora whose handiwork includes web defacements with antiwar messaging and graphic images of death and destruction in the hopes of mobilizing Russians against the invasion.
The cyber volunteers’ effectiveness is difficult to gauge. Russian government websites have been repeatedly knocked offline, if briefly, by the DDoS attacks, but generally weather them with countermeasures.
It’s impossible to say how much of the disruption — including more damaging hacks — is caused by freelancers working independently of but in solidarity with Ukrainian hackers.
A tool called “Liberator” lets anyone in the world with a digital device become part of a DDoS attack network, or botnet. The tool’s programmers code in new targets as priorities change.
Ukraine Cyber Official: We Only Attack Military Targets
https://www.securityweek.com/ukraine-cyber-official-we-only-attack-military-targets
A top Ukrainian cybersecurity official said Friday a volunteer army of hundreds of hackers enlisted to fight Russia in cyberspace is attacking only what it deems military targets, prioritizing government services including the financial sector, Kremlin-controlled media and railways.
Victor Zhora, deputy chair of the state special communications service, also said that there had been about 10 hostile hijackings of local government websites in Ukraine to spread false text propaganda saying his government had capitulated. He said most of Ukraine’s telecommunications and internet were fully operational.
Zhora told reporters in a teleconference that presumed Russian hackers continued to try to spread destructive malware in targeted email attacks on Ukrainian officials and — in what he considers a new tactic — trying to infect the devices of individual citizens.
Army of Cyber Hackers Rise Up to Back Ukraine
https://www.securityweek.com/army-cyber-hackers-rise-back-ukraine
An army of volunteer hackers is rising up in cyberspace to defend Ukraine, though internet specialists are calling on geeks and other “hacktivists” to stay out of a potentially very dangerous computer war.
According to Livia Tibirna, an analyst at cyber security firm Sekoia, nearly 260,000 people have joined the “IT Army” of volunteer hackers, which was set up at the initiative of Ukraine’s digital minister Mykhailo Fedorov.
The group, which can be accessed via the encrypted messaging service Telegram, has a list of potential targets in Russia, companies and institutions, for the hackers to target.
It’s difficult to judge the effect the cyber-army is having.
Russia Releases List of IPs, Domains Attacking Its Infrastructure with DDoS Attacks
https://thehackernews.com/2022/03/russia-releases-list-of-ips-domains.html
Russia Blocks Access to Facebook Over War
https://www.securityweek.com/russia-blocks-access-facebook-over-war
Russia’s state communications watchdog has ordered to completely block access to Facebook in Russia amid the tensions over the war in Ukraine.
The agency, Roskomnadzor, said Friday it decided to cut access to Facebook over its alleged “discrimination” of the Russian media and state information resources. It said the restrictions introduced by Facebook owner Meta on the RT and other state-controlled media violate the Russian law.
Cyberattack Knocks Thousands Offline in Europe
https://www.securityweek.com/cyberattack-knocks-thousands-offline-europe
Thousands of internet users across Europe have been thrown offline after what sources said Friday was a likely cyberattack at the beginning of Russia’s offensive in Ukraine.
According to Orange, “nearly 9,000 subscribers” of a satellite internet service provided by its subsidiary Nordnet in France are without internet following a “cyber event” on February 24 at Viasat, a US satellite operator of which it is a client.
Eutelsat, the parent company of the bigblu satellite internet service, also confirmed to AFP on Friday that around one-third of bigblu’s 40,000 subscribers in Europe, in Germany, France, Hungary, Greece, Italy and Poland, were affected by the outage on Viasat.
In the US, Viasat said on Wednesday that a “cyber event” had caused a “partial network outage” for customers “in Ukraine and elsewhere” in Europe who rely on its KA-SAT satellite.
Viasat gave no further details, saying only that “police and state partners” had been notified and were “assisting” with investigations.
General Michel Friedling, head of France’s Space Command said there had been a cyberattack.
Cybercriminals Seek to Profit From Russia-Ukraine Conflict
https://www.securityweek.com/cybercriminals-seek-profit-russia-ukraine-conflict
Dark web threat actors are looking to take advantage of the tensions between Russia and Ukraine, offering network access and databases that could be relevant to those involved in the conflict, according to a new report from Accenture.
Since mid-January, cybercriminals have started to advertise compromised assets relevant to the Russia-Ukraine conflict, and they are expected to increase their offering of databases and network access, with potentially crippling effects for the targeted organizations.
Just over a month ago, soon after the destructive WhisperGate attacks on multiple government, IT, and non-profit organizations in Ukraine, threat actors started to advertise on the dark web access to both breached networks and databases that allegedly contained personally identifiable information (PII).
Amid Russian invasion, Ukraine granted formal role with NATO cyber hub https://therecord.media/amid-russian-invasion-ukraine-granted-formal-role-with-nato-cyber-hub/
Ukraine was granted the formal role of “contributing participant” to the hub, known as the Cooperative Cyber Defence Centre of Excellence (CCDCOE), by its 27-member steering committee, the organization announced. “Ukraine’s presence in the Centre will enhance the exchange of cyber expertise, between Ukraine and CCDCOE member nations, ” Col.
Jaak Tarien, the institution’s director, said in a statement.
This Ukrainian cyber firm is offering hackers bounties for taking down Russian sites https://therecord.media/this-ukrainian-cyber-firm-is-offering-hackers-bounties-for-taking-down-russian-sites/
In the days following Russia’s invasion of Ukraine, dozens of hacking groups have taken sides in the conflict, launching attacks on various organizations and government institutions. Cyber Unit Technologies, a Kyiv-based cybersecurity startup, has been particularly outspoken on Tuesday, the company started a campaign to reward hackers for taking down Russian websites and pledged an initial $100, 000 to the program.
High Above Ukraine, Satellites Get Embroiled in the War
https://www.wired.com/story/ukraine-russia-satellites/
While the Russian invasion rages on the ground, companies that operate data-collecting satellites find themselves in an awkward position.
Some researchers are worried that the reliance on satellite imagery has given too much power to the companies that control this technology. “There’s companies like Maxar and Planet that are privately owned and they have the final say on whether or not they want to share the information, ” says Anuradha Damale. The role of private companies in conflicts such as Ukraine means commercial satellites could become targets. In the days before Russia invaded, US space officials warned satellite companies that the conflict could extend into space.
CISA Releases Advisory on Destructive Malware Targeting Organizations in Ukraine https://www.cisa.gov/uscert/ncas/current-activity/2022/02/26/cisa-releases-advisory-destructive-malware-targeting-organizations
CISA and the Federal Bureau of Investigation have released an advisory on destructive malware targeting organizations in Ukraine. The advisory also provides recommendations and strategies to prepare for and respond to destructive malware. Additionally, CISA has created a new Shields Up Technical Guidance webpage that details other malicious cyber activity affecting Ukraine. The webpage includes technical resources from partners to assist organizations against these threats.
Alert: https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
US firms should be wary of destructive malware unleashed on Ukraine, FBI and CISA warn – CNNPolitics
https://www.cnn.com/2022/02/26/politics/ukraine-malware-warning-cybersecurity-fbi-cisa/index.html
EU Activates Cyber Rapid Response Team Amid Ukraine Crisis
https://www.bankinfosecurity.com/eu-activates-cyber-rapid-response-team-amid-ukraine-crisis-a-18584
Amid rapid escalation in the Russia-Ukraine conflict derived from historical grievances and qualms with Ukraine’s plan to join the military alliance NATO, the world’s network defenders remain on high alert. And on Tuesday, the European Union confirmed that it will activate its elite cybersecurity team to assist Ukrainians if Russian cyberattacks occur.
UK alludes to retaliatory cyber-attacks on Russia
https://therecord.media/uk-alludes-to-retaliatory-cyber-attacks-on-russia/
The UK government alluded yesterday that it might launch offensive cyber operations against Russia if the Kremlin attacks UK computer systems after an invasion of Ukraine.
Amazon: Charities, aid orgs in Ukraine attacked with malware
https://www.bleepingcomputer.com/news/security/amazon-charities-aid-orgs-in-ukraine-attacked-with-malware/
Charities and non-governmental organizations (NGOs) providing critical support in Ukraine are targeted in malware attacks aiming to disrupt their operations and relief efforts seeking to assist those affected by Russia’s war. Amazon has detected these attacks while working with the employees of NGOs, charities, and aid organizations, including UNICEF, UNHCR, World Food Program, Red Cross, Polska Akcja Humanitarna, and Save the Children.
Ransomware Used as Decoy in Destructive Cyberattacks on Ukraine
https://www.securityweek.com/ransomware-used-decoy-destructive-cyberattacks-ukraine
Destructive ‘HermeticWiper’ Malware Targets Computers in Ukraine
https://www.securityweek.com/destructive-hermeticwiper-malware-targets-computers-ukraine
Just as Russia was preparing to launch an invasion of Ukraine, Ukrainian government websites were disrupted by DDoS attacks and cybersecurity firms reported seeing what appeared to be a new piece of malware on hundreds of devices in the country.
The new malware, dubbed “HermeticWiper” by the cybersecurity community, is designed to erase infected Windows devices. The name references a digital certificate used to sign a malware sample — the certificate was issued to a Cyprus-based company called Hermetica Digital.
“At this time, we haven’t seen any legitimate files signed with this certificate. It’s possible that the attackers used a shell company or appropriated a defunct company to issue this digital certificate,” explained endpoint security firm SentinelOne, whose researchers have been analyzing the new malware.
The malware has also been analyzed by researchers at ESET and Symantec. Each of the companies has shared indicators of compromise (IoCs) associated with HermeticWiper.
ESET first spotted HermeticWiper on Wednesday afternoon (Ukraine time) and the company said hundreds of computers in Ukraine had been compromised.
HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine https://www.sentinelone.com/labs/hermetic-wiper-ukraine-under-attack/
On February 23rd, the threat intelligence community began observing a new wiper malware sample circulating in Ukrainian organizations. Our analysis shows a signed driver is being used to deploy a wiper that targets Windows devices, manipulating the MBR resulting in subsequent boot failure. This blog includes the technical details of the wiper, dubbed HermeticWiper, and includes IOCs to allow organizations to stay protected from this attack. This sample is actively being used against Ukrainian organizations, and this blog will be updated as more information becomes available. Also:
https://www.welivesecurity.com/2022/02/24/hermeticwiper-new-data-wiping-malware-hits-ukraine/
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ukraine-wiper-malware-russia
https://www.bleepingcomputer.com/news/security/new-data-wiping-malware-used-in-destructive-attacks-on-ukraine/
HermeticWiper: A detailed analysis of the destructive malware that targeted Ukraine https://blog.malwarebytes.com/threat-intelligence/2022/03/hermeticwiper-a-detailed-analysis-of-the-destructive-malware-that-targeted-ukraine/
The day before the invasion of Ukraine by Russian forces on February 24, a new data wiper was unleashed against a number of Ukrainian entities. This malware was given the name “HermeticWiper” based on a stolen digital certificate from a company called Hermetica Digital Ltd. This wiper is remarkable for its ability to bypass Windows security features and gain write access to many low-level data-structures on the disk. In addition, the attackers wanted to fragment files on disk and overwrite them to make recovery almost impossible.
In Ukraine, Online Gig Workers Keep Coding Through the War
https://www.wired.com/story/gig-work-in-ukraine/
Freelancers or gig workers who piece together work on online platforms are a hidden engine of the Ukrainian economyand the world’s. They work as software engineers, project managers, IT technicians, graphic designers, editors, and copywriters. And they work for everyone.
Invading Russian forces have plunged freelancers’ home offices into chaos and uncertainty. Vlad, a video editor in southern Ukraine, says he’s grown accustomed to the air alarm signal, and hiding until it has passed. Now there are battles 30 miles from his home. “But as long as there is water, electricity, and internet, I can work, ” he says.
“Because we all need to live for something, eat
Leaving Russia? Experts Say Wipe Your Phone Before You Go
https://www.forbes.com/sites/thomasbrewster/2022/03/04/russians-escaping-putins-repression-urged-to-wipe-their-phones/
Russians fleeing President Vladimir Putin’s regime as it cracks down on anti-war sentimentand rumors of martial law grow louderare being advised to wipe their phones, especially of any traces of support for Ukraine. If they don’t, experts say they may face detention. They’re starting by deleting messages on Signal, Telegram or any app that promises security. For those leaving the country, they’re deleting the apps themselves, and urging others to do the same. Russian media has first-hand accounts of lengthy interrogations at the border, along with phone and laptop searches, though Forbes could not corroborate those claims.
Why ICANN Won’t Revoke Russian Internet Domains
The organization says cutting the country off would have “devastating” effects on the global internet system.
https://www.wired.com/story/why-icann-wont-revoke-russian-internet-domains/#intcid=_wired-bottom-recirc_8e802014-a05f-48c5-89e8-9dad931361ad_text2vec1-reranked-by-vidi
Ukraine on Monday asked ICANN to revoke Russian top-level domains such as .ru, .рф, and .su; to “contribute to the revoking for SSL certificates” of those domains; and to shut down DNS root servers in Russia. Fedorov argued that the requested “measures will help users seek for reliable information in alternative domain zones, preventing propaganda and disinformation.”
Ukraine’s request to cut Russia off from core parts of the internet has been rejected by the nonprofit group that oversees the Internet’s Domain Name System (DNS). CEO Göran Marby of the Internet Corporation for Assigned Names and Numbers (ICANN) said the group must “maintain neutrality and act in support of the global internet.”
“Our mission does not extend to taking punitive actions, issuing sanctions, or restricting access against segments of the internet—regardless of the provocations,” Marby wrote in his response to Ukraine Vice Prime Minister Mykhailo Fedorov.
https://www.icann.org/en/system/files/correspondence/marby-to-fedorov-02mar22-en.pdf
TikTok Was Designed for War
As Russia’s invasion of Ukraine plays out online, the platform’s design and algorithm prove ideal for the messiness of war—but a nightmare for the truth.
https://www.wired.com/story/ukraine-russia-war-tiktok/#intcid=_wired-bottom-recirc_8e802014-a05f-48c5-89e8-9dad931361ad_text2vec1-reranked-by-vidi
2,078 Comments
Tomi Engdahl says:
Hackers use new SwiftSlicer wiper to destroy Windows domains https://www.bleepingcomputer.com/news/security/hackers-use-new-swiftslicer-wiper-to-destroy-windows-domains/
Security researchers have identified a new data-wiping malware they named SwiftSlicer that aims to overwrite crucial files used by the Windows operating system. The new malware was discovered in a recent cyberattack against a target in Ukraine and has been attributed to Sandworm, a hacking group working for Russias General Staff Main Intelligence Directorate (GRU) as part of the Main Center for Special Technologies (GTsST) military unit 74455. While details are scant regarding SwiftSlicer at the moment, security researchers at cybersecurity company ESET say that they found the destructive malware deployed during a cyberattack in Ukraine
Tomi Engdahl says:
A Blog with NoName – Further Insight into the Hacktivist Operation Targeting NATO and Affiliated Nations https://www.team-cymru.com/post/a-blog-with-noname
NoName057(16) attacks have targeted government / military departments in Ukraine and NATO countries, as well as organizations from core sectors such as finance, freight, and media. Recent reporting (Avast,
SentinelLabs) has revealed that NoName057(16) relies upon a volunteer system (rather than a botnet of infected hosts), in which the volunteers are rewarded financially for contributing attack infrastructure. This system is managed via two Telegram channels
(@noname05716 and @nn05716chat)
Tomi Engdahl says:
Putinin entinen puheenkirjoittaja: Sotilasvallankaappaus mahdollinen Venäjällä
https://www.is.fi/ulkomaat/art-2000009284246.html
Sotilasvallankaappaus alkaa olla mahdollinen Venäjällä, arvioi Vladimir Putinin entinen puheenkirjoittaja Abbas Galljamov CNN:lle.
Tomi Engdahl says:
Pro-Russian DDoS attacks raise alarm in Denmark, U.S.
https://therecord.media/ddos-denmark-us-russia-killnet/
Distributed denial-of-service (DDoS) attacks by pro-Russian hacking groups are causing alarm in the U.S. and Denmark after several incidents affected websites of hospitals and government offices in both countries. On Tuesday, Denmark announced that it was raising its cyber risk alert level after weeks of attacks on banks and the countrys defense ministry
Tomi Engdahl says:
New data wipers deployed against Ukraine https://www.malwarebytes.com/blog/threat-intelligence/2023/01/new-data-wipers-deployed-by-sandworm-group-against-ukraine
As war in Ukraine rages, new destructive malware continues to be discovered. In a recent tweet, the Ukrainian Computer Emergency Response Team (CERT-UA) named five wipers used against Ukrinform, Ukraines national news agency. It suspects a link to
Tomi Engdahl says:
New DDoS-as-a-Service platform used in recent attacks on hospitals https://www.bleepingcomputer.com/news/security/new-ddos-as-a-service-platform-used-in-recent-attacks-on-hospitals/
A new DDoS-as-a-Service (DDoSaaS) platform named ‘Passion’ was seen used in recent attacks by pro-Russian hacktivists against medical institutions in the United States and Europe. A DDoS (distributed denial of service) attack is when threat actors send many requests and garbage traffic to a target server to overwhelm the server and cause it to stop responding to legitimate requests. DDoSaaS platforms rent their available firepower to those looking to launch disruptive attacks on their targets, absolving them from the need to build their own large botnets or coordinate volunteer action
Tomi Engdahl says:
Dutch, European Hospitals ‘Hit by Pro-Russian Hackers’
https://www.securityweek.com/dutch-european-hospitals-hit-by-pro-russian-hackers/
Dutch cyber authorities said several hospital websites in the Netherlands and Europe were likely targeted by a pro-Kremlin hacking group because of their countries’ support for Ukraine.
Tomi Engdahl says:
Venäjän iskut saivat Tanskan ja Yhdysvallat nostamaan kybervalmiustasoaan myös suomalaisia kohteita nimetty
https://www.tivi.fi/uutiset/tv/c062e3b8-b20a-4655-9ae3-340717d681c6
Venäläisten hyökkääjien palvelunestohyökkäykset ovat kiinnittäneet huomiota Tanskassa ja Yhdysvalloissa. Iskuja on kohdistettu molemmissa maissa esimerkiksi sairaaloiden ja valtion virastojen sivustoihin, kertoo The Record. Hakkereiden Nato-maihin kohdistamat iskut saivat Tanskan nostamaan kyberriskivalmiustasoaan, maan kyberturvallisuuskeskus kertoi Twitterissä tiistaina. Myös suomalaisia sairaaloita on otettu venäläisen hakkeriryhmän tähtäimeen.
Viikonloppuna 28.29. tammikuuta Husin verkkosivuilla oli toimimattomuutta ja häiriöitä palvelunestohyökkäyksen vuoksi.
Tomi Engdahl says:
New Nevada Ransomware targets Windows and VMware ESXi systems https://www.bleepingcomputer.com/news/security/new-nevada-ransomware-targets-windows-and-vmware-esxi-systems/
A relatively new ransomware operation known as Nevada seems to grow its capabilities quickly as security researchers noticed improved functionality for the locker targeting Windows and VMware ESXi systems. Nevada ransomware started to be promoted on the RAMP darknet forums on December 10, 2022, inviting Russian and Chinese-speaking cybercriminals to join it for an 85% cut from paid ransoms. Nevada ransomware features a Rust-based locker, real-time negotiation chat portal, separate domains in the Tor network for affiliates and victims.
Tomi Engdahl says:
New Russian-Backed Gamaredon’s Spyware Variants Targeting Ukrainian Authorities https://thehackernews.com/2023/02/new-russian-backed-gamaredons-spyware.html
The State Cyber Protection Centre (SCPC) of Ukraine has called out the Russian state-sponsored threat actor known as Gamaredon for its targeted cyber attacks on public authorities and critical information infrastructure in the country. The advanced persistent threat, also known as Actinium, Armageddon, Iron Tilden, Primitive Bear, Shuckworm, Trident Ursa, and UAC-0010, has a track record of striking Ukrainian entities dating as far back as 2013.
Tomi Engdahl says:
Global markets impacted by ransomware attack on financial software company https://therecord.media/global-markets-impacted-by-ransomware-attack-on-financial-software-company/
A ransomware attack on Dublin-based software company ION Group has impacted the trading of financial derivatives on international markets. The ransomware attack was caused by the prolific Russia-based LockBit gang, according to ION correspondence cited by Bloomberg. The incident is contained to a specific environment, all the affected servers are disconnected, and remediation of services is ongoing.
Further updates will be posted when available, IONs statement said.
The attack is impacting the trading and clearing of exchange traded derivatives by ION customers across global markets, according to the Futures Industry Association (FIA).
Tomi Engdahl says:
“Putinin kokkia” syytetään hyökkäyssodan aloittamisesta Ukrainassa – IL seuraa sotaa
https://www.iltalehti.fi/ulkomaat/a/9435695b-e455-4c18-8a2d-68e6e241c31f
CIA:n johtaja sanoo, että seuraavat kuusi kuukautta ovat “ehdottoman kriittisiä” Ukrainan sodan lopputuloksen kannalta.
Ukraina nosti rikossyytteet Wagner-johtaja Prigožinia vastaan
Ukrainan syyttäjävirasto on nostanut syytteen “Putinin kokkina” tunnettuun Wagner-johtaja Jevgeni Prigožinia vastaan. Aiheesta uutisoi The Guardian -lehti.
Syytteen mukaan Jevgeni Prigožinin on ollut yksi merkittävä henkilö Ukrainaan tehtyjen iskujen kanssa.
Prigožinia syytetään Ukrainan alueellisen koskemattomuuden ja loukkaamattomuuden loukkaamisesta sekä hyökkäyssodsan käynnistämisestä Ukrainaa vastaan.
Ukinform-sivustolla julkaistun selvityksen mukaan Wagner-joukot toimivat myös Venäjän lakien ulkopuolella, sillä jouokot ovat rekrytoineet jäseniä avoimesti vankiloissa.
Russia-Ukraine war live: Ukraine presses criminal charges against Wagner group founder Yevgeny Prigozhin
https://www.theguardian.com/world/live/2023/feb/03/russia-ukraine-war-live-zelenskiy-pushes-for-10th-sanctions-package-from-eu-leaders-meeting-in-kyiv
Tomi Engdahl says:
https://www.ukrinform.net/rubric-crime/3664583-ukraine-presses-charges-against-wagner-boss-prigozhin.html
Tomi Engdahl says:
Venäjä peittelee kyberkykyään: tietää olevansa arvioinnin kohteena Ukrainassa https://www.tivi.fi/uutiset/tv/40908b59-002a-4e35-b9ba-dea86c5a8e4b
Venäjä ei ole toistaiseksi käyttänyt täyttä verkkohyökkäysten ja elektronisen sodankäynnin voimaansa Ukrainassa, sanoo väitöskirjatutkija ja tietoturva-ammattilainen Kimberly Lukin.
Tomi Engdahl says:
Here’s a list of proxy IPs to help block KillNet’s DDoS bots https://www.theregister.com/2023/02/06/killnet_proxy_ip_list/
A free tool aims is helping organizations defend against KillNet distributed-denial-of-service (DDoS) bots and comes as the US government issued a warning that the Russian cybercrime gang is stepping up its network flooding attacks against hospitals and health clinics. At current count, the KillNet open proxy IP blocklist lists tens of thousands of proxy IP addresses used by the Russian hacktivists in their network-traffic flooding events.
SecurityScorecard’s threat researchers developed the list following their ongoing investigation into Killnet and other network-spamming miscreants. Lista:
https://github.com/securityscorecard/SSC-Threat-Intel-IoCs/blob/master/KillNet-DDoS-Blocklist/proxylist.txt
Tomi Engdahl says:
Remcos software deployed in spying attempt on Ukraines government, CERT says https://therecord.media/remcos-spyware-ukraine-government-agencies-uac0050/
In a recent phishing campaign against Ukrainian government agencies, hackers attempted to install Remcos surveillance software on victims computers, according to a recent alert. Remcos is a legitimate remote management software for Windows systems developed by the German firm Breaking Security. However, it is sometimes used by hackers to gain remote access and complete control over victims computers.
Tomi Engdahl says:
Venäjän Šoigu varoitti länttä sodan laajentumisesta – Asiantuntijalta suora näkemys syystä
https://www.iltalehti.fi/ulkomaat/a/bbe92c52-c9f8-41c9-8fe3-bca0beee4c9f
Mahdollisen kolmannen maailmansodan osalta tutkija mainitsee kriteerinä useamman toimijan suoran osallisuuden sotatoimiin.
YK:n pääsihteerin ja Venäjän puolustusministerin lausunnoissa nousi tällä viikolla esiin pelko ”laajemman sodan” mahdollisuudesta ja ”ennalta-arvaamattomasta” eskalaation vaarasta.
Ulkopoliittisen instituutin tutkija arvioi lausuntoja Iltalehdelle.
Sodan aikana mahdollinen kolmas maailmansota on noussut tasaisin väliajoin otsikoihin. Tutkijan mukaan kyse on hyvin tulkinnanvaraisesta asiasta.
Ulkopoliittisen instituutin vanhempi tutkija Jussi Lassila arvioi Iltalehdelle, että molemmissa lausunnoissa viitataan ensisijaisesti sotaan Ukrainassa, mutta Guterresin kohdalla lausunto ulottuu tätä laajemmalle.
– Ukrainan sodan lisäksi Guterres varmasti viittaa vallitsevaan lännen ja Venäjän yhteenottoon ja voimapolitiikan paluuseen. Lisäksi pinnan alla on tietysti kysymyksiä Kiinan aikomuksista Taiwanin suhteen ja yleisesti kiristyvä suurvaltapeli.
Lassila tulkitsee Guterresin lausunnollaan myös peräänkuuluttavan eri toimijoiden vastuuta, ja erityisesti Venäjän vastuuta sen käydessä aggressiivista sotaa. Šoigun kohdalla tutkija uskoo kyseessä olevan jo tutuksi tullut eskalaatiouhan käyttäminen Venäjän poliittisten tavoitteiden ajamisessa.
– Viime aikoina Venäjän suunnalta tämänkaltaisia lausuntoja on kuultu yllättävänkin vähän. Sitä kuitenkin hiertää lännen lisääntyvä aseapu,
Luodaan pelkoa
Venäjän puolustusministerin lausunto on tarkoituksellisesti mahdollisimman epämääräinen, eli jätetään ikään kuin avoimia kysymyksiä ilmaan.
– Sillä tavoin luodaan pelkoa. Ei haluta olla liian konkreettisia, koska sillähän tulisi paljastaneeksi korttinsa.
Lassilan mukaan merkittävin kauhukuva on se, että Venäjä olisi valmis iskemään lännen asekuljetuksia vastaan siten, että iskut kohdistuisivat Naton jäsenmaan valtionalueelle. Tämän skenaarion todennäköisyyttä hän pitää kuitenkin edelleen matalana.
– Sanoisin eskalaatiopelon olleen vuosi sitten paljon suurempi kuin mitä se nyt on.
Venäjälle lännen valmius ja halukkuus auttaa Ukrainaa nykyisessä laajuudessa on ollut yllätys. Lännessäkin on aiemmin pelätty vielä nykyistä huomattavasti enemmän ”arvaamattomia” seurauksia.
– Venäjä oli aivan keskeisesti laskenut sen pelon varaan, ja siinäkin se joutui huomaamaan olleensa väärässä.
Kolmas maailmansota?
Sodan aikana mahdollinen kolmas maailmansota on noussut tasaisin väliajoin otsikoihin. Ukrainan presidentti Volodymyr Zelenskyi piti jo maaliskuussa 2022 mahdollisena, että kolmas maailmansota on alkanut.
Tutkijan mukaan kyse on hyvin tulkinnanvaraisesta asiasta. Hän toteaa siinä mentävän jo debattiin toisen maailmansodan käsitteen määrittelystä. Mahdollisen kolmannen maailmansodan osalta hän mainitsee kriteerinä useamman toimijan suoran osallisuuden sotatoimiin.
– Eli muodostuu ikään kuin koalitioiden välinen ja monikeskinen sota, jossa kaikenlaiset rauhaa ylläpitävät instituutiot romahtavat ja sota nähdään parhaana ratkaisuna. Jos olisi nähty, että esimerkiksi Kiina nykyistä selkeämmin liittoutuu Venäjän kanssa ja lähtee voimapolitiikan tielle, niin silloin oltaisiin lähellä sellaista tilannetta.
assila ei kuitenkaan näe, että tällaisesta kehityksestä olisi viitteitä, vaikka hän toteaakin nyt käynnissä olevan sodan aikana maailman menneen huonompaan suuntaan.
– Meillä ei ole Euroopassa nyt muodostunut toisen maailmansodan kaltaista tilannetta, jossa kaksi täysin epädemokraattista ja totalitaristista valtiota alkaisi harjoittaa voimapolitiikkaa jättäen muut valtiot puristuksiinsa.
Eskalaation riski ei nyt kuultujen lausuntojen perusteella ole siis tutkijan mielestä kasvanut, mutta käynnissä olevasta sodasta Ukrainassa hän puhuu suurimpana sotana sitten toisen maailmansodan. Pidemmällä tähtäimellä hän arvioi sen johtavan lopulta siihen, että Venäjä hiipuu ja kuihtuu.
– Näen tämän olevan merkittävässä määrin Venäjän imperiumin pitkäkestoiseen hajoamiseen liittyvä loppunäytös.
Tomi Engdahl says:
https://www.verkkouutiset.fi/a/viron-tiedustelun-johtaja-varoittaa-katastrofista/#f105d9e9
Tomi Engdahl says:
Russian hackers using new Graphiron information stealer in Ukraine https://www.bleepingcomputer.com/news/security/russian-hackers-using-new-graphiron-information-stealer-in-ukraine/
The Russian hacking group known as ‘Nodaria’ (UAC-0056) is using a new information-stealing malware called ‘Graphiron’ to steal data from Ukrainian organizations. The Go-based malware can harvest a wide range of information, including account credentials, system, and app data.
The malware will also capture screenshots and exfiltrate files from compromised machines.
Tomi Engdahl says:
CISA says Killnet DDoS attacks on U.S. hospitals had little effect https://therecord.media/ddos-hospitals-cisa-killnet-limited-effects/
The Cybersecurity and Infrastructure Security Agency said it helped dozens of hospitals respond to a series of distributed denial-of-service (DDoS) incidents last week that were launched by a pro-Kremlin hacking group. A spokesperson for CISA told The Record that several of the incidents temporarily reduced the availability of the hospitals public-facing websites, but there were no reports of unauthorized access to hospital networks, disruption to health care delivery or impacts on patient safety. The hacking group, Killnet, has spent months launching DDoS attacks on governments across Europe and companies in the U.S. The gang targeted U.S. airlines in October and last week set its sights on U.S. hospitals.
Tomi Engdahl says:
NYT: Venäjä tienasi viime vuonna öljyllä enemmän kuin ennen pakotteita
klo 12:47: Länsimaiden asettamista pakotteista huolimatta Venäjä tienasi vuonna 2022 edellisvuotta enemmän öljyn ja maakaasun myynnillä, kertoo yhdysvaltalaislehti The New York Times.
Lehden mukaan Venäjä lisäsi viime vuonna öljyntuotantoaan kahdella prosentilla, ja sen öljyn viennistä saamat tuotot kasvoivat 20 prosentilla. Maakaasukaupan tuotot kasvoivat peräti 80 prosenttia.
The New York Timesin mukaan Venäjä sai öljykaupasta vuonna 2022 arviolta 202 miljardia euroa ja kaasukaupasta noin 128 miljardia euroa.
Tuottoihin vaikuttivat öljyn ja kaasun hintojen voimakas nousi sen jälkeen, kun Venäjä hyökkäsi Ukrainaan. Tämän lisäksi öljyn kysyntä lisääntyi, kun koronapandemian vaikutukset hälvenivät.
https://www.iltalehti.fi/ulkomaat/a/9435695b-e455-4c18-8a2d-68e6e241c31f
https://www.nytimes.com/2023/02/07/business/russia-oil-embargo.html?smtyp=cur&smid=tw-nytimesbusiness
Tomi Engdahl says:
Graphiron: New Russian Information Stealing Malware Deployed Against Ukraine https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/nodaria-ukraine-infostealer
Russia-linked Nodaria group has deployed a new threat designed to steal a wide range of information from infected computers. The Nodaria espionage group (aka UAC-0056) is using a new piece of information stealing malware against targets in Ukraine. The malware
(Infostealer.Graphiron) is written in Go and is designed to harvest a wide range of information from the infected computer, including system information, credentials, screenshots, and files. The earliest evidence of Graphiron dates from October 2022. It continued to be used until at least mid-January 2023 and it is reasonable to assume that it remains part of the Nodaria toolkit.
Tomi Engdahl says:
Russia conducting ‘hybrid war’ in Moldova with protests and cyber
attacks: Prime Minister
https://www.euronews.com/my-europe/2023/02/07/russia-conducting-hybrid-war-in-moldova-with-protests-and-cyber-attacks-prime-minister
Russia is trying to destabilise Moldova by sponsoring protests and conducting cyber attacks, the country’s prime minister told Euronews on Tuesday. “We are seeing elements of hybrid war. We are seeing, for example, pro-Russian forces trying to destabilise the country politically through paid protests which quickly subsided when the oligarchs that fled Moldova were put on the sanctions lists and their money flows were restricted,” Natalia Gavrilia said. “We are seeing cyber attacks. We’ve had the biggest cyber attacks in 2022 in the history of our country, and we are seeing bomb threats.
Tomi Engdahl says:
Hackers used fake websites to target state agencies in Ukraine and Poland https://therecord.media/hackers-used-fake-websites-to-target-state-agencies-in-ukraine-and-poland/
Hackers attempted last week to infect Ukrainian government computer systems with malware hosted on fake websites impersonating legitimate state services. Ukraines computer emergency response team, CERT-UA, attributed the attack to a group called WinterVivern. The group has been active since at least June and includes Russian-speaking members.
In addition to its Ukrainian targets, it has also targeted government agencies in Poland, according to a report released Wednesday.
Tomi Engdahl says:
Cybercrime Gang Uses Screenlogger to Identify High-Value Targets in US, Germany
https://www.securityweek.com/cybercrime-gang-uses-screenlogger-to-identify-high-value-targets-in-us-germany/
Russia-linked financially motivated threat actor TA866 targeting companies with custom malware, including a screenlogger, a bot, and an information stealer
Tomi Engdahl says:
Karu yllätys suurhyökkäyksen alla: Starlinkin toimintaa Ukrainassa rajoitetaan – Venäjä käynyt asiasta sitkeää kamppailua kansainvälisissä toimielimissä https://www.is.fi/digitoday/art-2000009384299.html
SpaceX vetoaa toiminnassaan siihen, että Ukraina käyttää verkkoyhteyksiä sotilaallisesti. Sitä Ukraina on kuitenkin tehnyt jo lähes vuoden ajan.
SATELLIITTIPOHJAISTEN Starlink-satelliittiyhteyksien takana oleva Elon Muskin SpaceX-yhtiö on alkanut rajoittaa nettiyhteyksien käyttöä Ukrainassa, kertoo BBC. Syynä on se, että Ukraina käyttää yhteyksiä sodankäyntiin, kuten dronejen hallintaan ja tykistötulen ohjaamiseen.
SpaceX:n mukaan yhteydet on tarkoitettu humanitääriseen käyttöön sotilaskäytön sijaan. Yhtiö sanoi ”alkaneensa rajoittaa Ukrainan armeijan mahdollisuutta käyttää Starlinkiä hyökkäystoiminnassa”.
SpaceX:n toimitusjohtaja Gwynne Shotwell perusteli BBC:n mukaan tällä viikolla yhtiön päätöstä estää dronejen hallinta Starlinkillä sillä, että sotilaskäyttö rikkoo Starlinkin käyttöehtoja. Sen sijaan ukrainalaiset sotilaat voivat käyttää sitä jatkossakin ei-sotilaallisena viestintävälineenä. Hän ei täsmentänyt, miten yhtiö rajoittaa Starlinkin käyttöä.
Tomi Engdahl says:
Ukraine war: Elon Musk’s SpaceX firm bars Kyiv from using Starlink tech for drone control
https://www.bbc.com/news/world-europe-64579267
Tomi Engdahl says:
USA varoittaa kansalaisiaan: Poistukaa välittömästi Venäjältä – IL seuraa sotaa
Iltalehti seuraa Ukrainan sotaa hetki hetkeltä.
https://www.iltalehti.fi/ulkomaat/a/9435695b-e455-4c18-8a2d-68e6e241c31f
Iso-Britannian puolustusministeriön tiedusteluraportin mukaan Venäjä on viimeisen kahden viikon aikana kärsinyt suurimpia miestappioita sitten aloittamansa hyökkäyssodan ensimmäisen viikon.
Ukrainan ilmavoimat on lauantaina väittänyt pudottaneensa 20 iranilaisvalmisteista Shaded-136-lennokkia perjantain aikana.
Zelenskyi erotti Ukrainan kansalliskaartin apulaiskomentajan.
Tomi Engdahl says:
Venäjän kylmäävä suunnitelma Moldovassa vahvistettiin: aseena kyberiskujen aalto ja pommiuhkia
https://www.tivi.fi/uutiset/tv/a7a12e05-7eb9-4a92-8ea9-99e06ec262d7
Maan tiedustelupalvelu vahvistaa Ukrainan presidentti Zelenskyin lausunnon, jonka mukaan Venäjä on suunnitellut Moldovan demokratian kukistamista.
Russia conducting ‘hybrid war’ in Moldova with protests and cyber attacks: Prime Minister
https://www.euronews.com/my-europe/2023/02/07/russia-conducting-hybrid-war-in-moldova-with-protests-and-cyber-attacks-prime-minister
Tomi Engdahl says:
The Lessons From Cyberwar, Cyber-in-War and Ukraine
https://www.securityweek.com/the-lessons-from-cyberwar-cyber-in-war-and-ukraine/
The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question the nature of modern warfare and the role of cyber in its operation.
The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question the nature of modern warfare and the role of cyber in its operation. Here we will look at the use of cyber in the years leading to the kinetic war, and the use of cyber technology on the modern kinetic battlefield.
We need to understand the meaning of cyber and the meaning of war, to question whether the two concepts can be separated, and to ask ourselves if we are ever not at war.
‘Cyber’ derives from ‘cybernetics’, a word coined by US mathematician Norbert Wiener in 1948, taken from the Greek ‘kybernetes’. Ultimately, it involves the concepts of guiding by control. For Wiener it is the study of communication and control.
By the 1990s, with the combination of the internet (communication) and computers (control), the single word cyber began to denote the non-physical digital world, and became a prefix for compound words in the digital space — such as cybersecurity, or more directly here, cyberwar.
If we break down the word cyberwar, we have three components: computers + communications + war. In cybersecurity terms, cyberwar refers to the use of computers and communications from one party to attack the computers and communications of another party — most commonly aimed at degrading the adversary’s critical infrastructure. It is a term used as something distinct from kinetic warfare, but is nevertheless most usually associated with attacks by nation states.
As we progress, we will see it is difficult to understand what is and what is not cyberwar. In this article we will describe all criminal cyber activity as ‘cyberattack’, and for reasons that will hopefully become clear, we will describe all nation state cyber activity as ‘cyberwar’.
If we look more specifically at the word ‘war’, we have the concept of one party attempting to exert power over another party. Kinetic activity – that is, the force of arms on the battlefield – is just one phase in the operation of a war. Economics is more usually successful. For example, the old Soviet Union was not dismantled by NATO force of arms, but more by global economics. The rise of Putin’s Russia is predicated on improved Russian economics based on its newfound oil and gas wealth. Sanctions are an economic weapon of war, aimed at reversing this.
Today, it is believed that future strength will be based on an economy itself based on technology – having the most powerful quantum computers and the most efficient artificial intelligence, for example. Much of cyberwar is aimed at achieving this, largely through the theft of IP, espionage against military capabilities and plans, and critical infrastructure surveillance that seeks weaknesses that could be exploited.
History tells us that the winner in any war is the side possessing the better technology.
Technological superiority is what ultimately wins wars.
Linked to technology is information warfare. Understanding the enemy’s technology and knowing its strengths and weaknesses and how and where it is likely to be used is essential. So too is planting false information about one’s own technology, and false information about where, when, and how it will be used.
Psychological warfare is also an important part of war. It includes and extends propaganda. “Cyber-driven propaganda typically falls within two categories,” comments Samuel Kinch, director of technical account management at Tanium. “The first is the ability to influence open-source or publicly available media, and secondly, military specific environments. In open-source or publicly available media, misinformation creates chaos in what is and isn’t true.” Psychological warfare is the active application of propaganda.
This attempts to destroy the morale of both the enemy’s military forces and the enemy’s underlying civilian population. Since both parties will be engaged in this, psychological warfare also requires boosting one’s own military and civilian morale in the face of enemy attacks against it. Once again, we come back to cybernetics, but here more specifically control over communication.
The reason for this short discourse is to demonstrate a simple but often unseen reality: cyberwar, economic war, psychological war, information war and kinetic war are all inextricably linked, each continuously jockeying for that advantage that can win wars. Kinetic activity is just one aspect of war
The long game in warfare
There is a tendency for people to consider events in isolation. This is almost always wrong. Let us assume for the sake of argument that Putin’s overriding objective has always been to return Russia to his perceived glory days of the Soviet Union.
Ukraine becomes pivotal in this. If it joins NATO, Russia becomes hemmed in by its ‘enemy’ – so control over Ukraine is seen by Russia as almost existential. Putin effectively began the Ukraine war in 2014 with the kinetic annexation of Crimea. He seemed to stop there (apart from continuous political activity in Eastern Ukraine).
However, 2014 coincided with and was immediately followed by increasing mis- and malinformation cyber and political campaign aimed at the US and European populace in both in and around the US 2016 elections and the UK Brexit vote (psychological/information warfare).
Russia’s misinformation political meddling was designed to weaken the will and resolve of both the western populations, and the western political leaders. The calculation was that by the time of the 2022 invasion, the West (that is, NATO) would not have the will to object. Had Putin been completely successful in promoting an ‘America First’ doctrine, Europe would have been left entirely defenseless against the economic (oil and gas) and military power of Russia. As it is, the EU is weakened by the UK’s exit, and riven internally by far-right parties that have been promoted in one way or another by Moscow.
Viewed in this light, digital cyberwarfare should not be thought of as something separate from kinetic warfare – it is primarily a jockeying for position prior to and readying for kinetic war – and all nations are forced to take part. Psychological warfare was a precursor to the Russian invasion of Ukraine in 2022 – an invasion that hasn’t immediately gone to plan because of Trump’s failure to win a second term as president. His America First approach – which would inevitably have weakened if not destroyed NATO – was replaced by Biden’s globalism and a strong and united NATO.
The war in Ukraine
The first thing to stress is that we may believe we know what is currently going on in Ukraine, but we do not. This is because of the psychological and information elements of warfare – both of which are based on cyber technologies.
Consider the claims of Russian war crimes. War crimes happen in war.
However, if NATO’s peoples believe that Russia is heinous, NATO’s resolve can be strengthened – it may be true, but is hyped as part of psychological/information warfare.
But you can go too far. On January 9, 2023, Politico reported, “Victor Zhora, chief digital transformation officer at the State Service of Special Communication and Information Protection (SSSCIP) of Ukraine, said Russia has launched cyberattacks in coordination with kinetic military attacks as part of its invasion of Ukraine, arguing the digital warfare is part of what Kyiv considers war crimes committed against its citizens.”
Lukasz Olejnik, a visiting fellow at the Geneva Academy of International Humanitarian Law and Human Rights, responded, “It would be difficult to prove. The bar is high. Perhaps when part of a wider event. But cyberattacks on their own? Maybe not. Sorry for being the devil’s advocate here.”
As a result, we are left with the clear impression that Ukraine is pushing the idea of Russian war crimes as hard as possible. The same goes for reports on Putin’s illness. He probably is ill, but his demise may not be as close as we in the west are led to believe or hope.
This battle for the hearts and minds of the people is waged by both sides. Ukraine reported a strike against Russian barracks in Makiyivka, claiming 400 fatalities. Russia admitted 89 deaths, and blamed its own soldiers for using mobile phones that allowed Ukraine to pinpoint the target – something that may or may not be wholly or partly true.
Russia retaliated by claiming a strike against Ukrainian barracks at Kramatorsk, claiming more than 600 Ukrainian military deaths. Ukraine replied that Russia missed the target, and no soldiers were killed. The precise accuracy of claims and denials cannot be determined in a time of war – but they are certainly part of the psychological war.
There is little doubt – certainly since the introduction of HIMARS (high mobility artillery rocket system) that Ukraine has had an edge over Russian technology. The value of the HIMARS system is its mobility (making it easier to relocate and hide); the speed of delivery (2.5 times the speed of sound, making it almost impossible to detect and destroy in flight); and the precision of its strike (using GPS coordinates for pinpoint accuracy).
Noticeably, neither Russia nor NATO countries have (at the time of writing) employed their most technologically advanced weapons in Ukraine. There could be many reasons – but one could simply be a preference to avoid escalation of the war beyond Ukraine’s borders. Both sides appear to be relaxing this stance
What this tells us, however, is that the Ukraine war can only give an indication of what might happen in any future all-out war between major parties. This is a constrained war – its expansion is incremental. Any future all-out war will be less constrained.
Another example is in the use of satellites for communications. Simultaneous with the February 2022 invasion, Russia delivered a cyberwar attack against Viasat to reduce Ukrainian military communications. It also took down the major Ukrainian ISP, Triolan. This could be expected – classic nation state cyberattacks to support a kinetic attack.
Elon Musk stepped in and offered Ukraine the use of the Starlink satellite communications system. Russia does not seem to have made any serious attempts to eliminate Starlink – and again this is probably down to a reluctance to escalate the war. But in an all-out war, satellites would soon be physically eliminated. “In a battlefield in the future, those satellites are going to get knocked out of the sky real quick,” comments Helder Figueira, founder at Incrypteon. “Starlink will not survive. There are capabilities now in terms of the deployment of micro nuclear or electromagnetic pulse (EMP) weapons.”
While Starlink is invaluable in providing the internet and war news to the Ukrainian people, it is unlikely to be used for military communication – if only because Starlink communications can be intercepted by Russia.
Troops on the ground use various radio frequencies, from a control as close to the enemy as possible. These too can be intercepted – but the message is encrypted (not with commercial encryption, which is not viewed as trustworthy) to delay understanding; while the proximity allows a strike before the enemy can respond.
“Modern combat involves a lot of communications, with radios in most installations, many individual combatants, and aboard each vehicle,” says Mike Parkin, senior technical engineer at Vulcan Cyber. “The communications are encrypted if they’re doing it right, but each one is a source that can be located and targeted. With individual combatants carrying normal cell phones into the field, it’s easy to identify and track them as long as they are operating in ‘the other side’s’ cellular network space – which is exactly what we’re seeing in the Ukraine conflict.”
There have also been suggestions that Ukraine is using a more ‘advanced’ form of target discovery.
“Those using our platforms in the defense and intelligence context, for reconnaissance, targeting, and other purposes, require the best weapons that we can build,”
Andy Patel, researcher at WithSecure, points to the State of AI Report published in October 2022. According to this report, he said, “Current efforts to infuse defensive products with AI technologies appear to concentrate on using AI for UAV control, anti-drone systems, and for surveillance and reconnaissance purposes.” But he also notes the report’s description of Ukraine’s own GIS Arta software.
This, says the report, is a homegrown application developed prior to Russia’s invasion based on lessons learned from the conflict in the Donbas. It’s a guidance command and control system for drone, artillery, or mortar strikes. The app ingests various forms of intelligence (from drones, GPS, forward observers etcetera) and converts it into dispatch requests for reconnaissance and artillery.
One anomaly in the use of cyber in Ukraine is the apparent lack of success from Russian cyberattacks. “While cyber-kinetic attacks may take many different forms (DDoS, misinformation campaigns, infiltrating adversaries’ networks, etcetera),” says Srinivas Mukkamala, CPO at Ivanti, “the goal of these attacks is to assist in creating real-world damage and to disrupt communication and intelligence. After all, the true advantage stays with the side that can communicate with their troops and leaders.”
Russia’s cyberattacks against Ukraine since the start of the current fighting have failed to prevent Ukrainian communication. This is not to suggest they don’t occur – but it is noticeable that Russia is using kinetic weaponry rather than cyberattacks against Ukraine’s utilities. Unsurprisingly, we are not being told why – although the visible damage caused by Russian rockets and drones is part of the psychological war against the Ukrainian civilian population.
We have a similar lack of information about Ukrainian cyberattacks against Russia. Our knowledge is mostly limited to the claims of civilian sympathizers – which is notoriously overhyped and self-aggrandizing.
Summary
War is a horrible thing, but humanity has been waging war with itself since Cain and Abel. It is not likely to stop – there will be more wars to come. The arrival of computers has changed and will continue to dramatically change the operation of war. Artificial Intelligence and robotics will become more important — killing at a distance rather than close and personal is the evolution. And all of this is based on an increase and improvement in cyber technologies.
Tomi Engdahl says:
Huippuasiantuntija listaa kolme syytä: Tämän takia Venäjän hyökkäyssota Ukrainassa on epäonnistunut
Venäjä-asiantuntijan mukaan sotilasoperaatiota toteuttamaan lähteneiden joukkojen ei ollut tarkoitus kestää yli kahden viikon mittaisia taisteluoperaatioita.
https://www.iltalehti.fi/ulkomaat/a/63f708dc-e929-45fd-8496-a40404bbd914
Tomi Engdahl says:
Suursijoittaja George Soros: Ukrainan keväinen vastahyökkäys saattaisi sinetöidä Venäjän ”kohtalon”
https://www.is.fi/ulkomaat/art-2000009399088.html
Soros näkee, että Venäjän tappio Ukrainassa olisi erityisen paha paikka Kiinan presidentti Xi Jinpingille. Suursijoittajan suurin huoli ei kuitenkaan koskenut sotia.
Amerikkalainen suursijoittaja George Soros arvioi, että Ukrainan voitto sodassa johtaisi Venäjän ”imperiumin hajoamiseen”. Soroksen mukaan tämä olisi suuri harppaus parempaan suuntaan Euroopassa ja muualla maailmassa, kun suurvalta ei uhkaisi niiden turvallisuutta.
Hän jakoi näkemyksensä torstaina Münchenin turvallisuuskonferenssissa Saksassa.
– Entisen neuvostoimperiumin maat tuskin malttavat odottaa venäläisten häviötä Ukrainassa, koska ne haluavat vahvistaa omaa itsenäisyyttään. Ukrainan voitto johtaisi Venäjän imperiumin hajoamiseen. Näin se ei enää uhkaisi Eurooppaa ja muuta maailmaa. Se olisi suuri harppaus parempaan suuntaan, hän lausui.
Tomi Engdahl says:
ISW: Venäjä moukaroi Ukrainan infrastruktuuria nyt uudella taktiikalla
IS seuraa tässä artikkelissa tilannetta Ukrainan sodassa.
https://www.is.fi/ulkomaat/art-2000009284246.html
Venäjä teki Ukrainan infrastruktuuriin kohdistuneita ohjusiskuja jälleen torstaina, kertoo ajatushautomo ISW (Institute for the Study of War). Ukrainan yleisesikunnan ilmoituksen mukaan Venäjän joukot ampuivat torstaina Ukrainaan 32 ilma- ja meriohjusta. Kahdeksan niistä oli Kalibr-risteilyohjuksia, 12 Kh-risteilyohjuksia, 12 Kh-22 -risteilyohjusta ja kaksi Kh-59 -risteilyohjusta. Venäläiset ampuivat ohjuksia Tu 95 -pommikoneista Kaspianmeren yltä, Mustanmeren laivaston fregatista, Tu-22M3 -kaukopommikoneista Kurskin alueelta ja Su-35-hävittäjistä Melitopolin yltä.
Tomi Engdahl says:
How Ukraine War Has Shaped US Planning for a China Conflict
https://www.securityweek.com/how-ukraine-war-has-shaped-us-planning-for-a-china-conflict/
A look at some of the lessons from the Ukraine war and how they could apply to a Taiwan conflict.
As the war rages on in Ukraine, the United States is doing more than supporting an ally. It’s learning lessons — with an eye toward a possible future clash with China.
No one knows what the next U.S. major military conflict will be or whether the U.S. will send troops — as it did in Afghanistan and Iraq — or provide vast amounts of aid and expertise, as it has done with Ukraine.
But China remains America’s biggest concern. U.S. military officials say Beijing wants to be ready to invade the self-governing island of Taiwan by 2027, and the U.S. is the island democracy’s chief ally and supplier of defense weapons.
While there are key differences in geography and in the U.S. commitment to come to Taiwan’s defense, “there are clear parallels between the Russian invasion of Ukraine and a possible Chinese attack on Taiwan,” a Center for Strategic and International Studies report found last month.
Be Ready for Cyberwar
While the satellites and their transmissions must be protected, the ground stations to process and disseminate information are also vulnerable. As Russia invaded, a software attack against Ukraine’s Viasat satellite communications network disabled tens of thousand of modems. While Viasat has not said who was to blame, Ukraine blamed Russian hackers.
China would likely use cyberwarfare to prevent Taiwan from sending out similar messages showing that it was effectively resisting any assault, Brands said.
That issue has the attention of the U.S. Space Force.
“If we’re not thinking about cyber protection of our ground networks,” the networks will be left vulnerable, and the satellites won’t be able to distribute their information, said the chief of space operations, Gen. Chance Saltzman.
Cyberwarfare
The Lessons From Cyberwar, Cyber-in-War and Ukraine
https://www.securityweek.com/the-lessons-from-cyberwar-cyber-in-war-and-ukraine/
The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question the nature of modern warfare and the role of cyber in its operation.
Tomi Engdahl says:
Asevoimat on Ukrainassa ”sokea ja kuuro” – brittiasiantuntijalta täyslaidallinen Venäjän satelliittitiedustelun tasosta https://www.is.fi/ulkomaat/art-2000009401136.html
Tomi Engdahl says:
Scott Chipolina / Financial Times:
Elliptic: pro-Ukraine causes received $200M+ in crypto donations in the last year, with $80M+ sent directly to Ukraine’s government; Russian entities got ~$5M
The two sides of crypto in Ukraine war
Plus updates on all the big names, including Binance and FTX
https://www.ft.com/content/a3b59f3b-d0b3-4047-af71-c8ef61aa8d58
Hello and welcome to the latest edition of the FT’s Cryptofinance newsletter. One year on from Russia’s invasion of Ukraine, we’re looking at the role crypto has played in the conflict
Crypto’s impact on geopolitical issues does not often make for uplifting reading. The US, for example, fears digital assets can offer actors under sanctions a fresh means of skirting the financial system.
But the war in Ukraine has showed that the use of crypto in international affairs is far more nuanced and complicated. Blockchain data analytics company Elliptic shared data with the FT showing private crypto fundraising for pro-Ukrainian causes has outpaced Russian equivalents by a rate of 44 to one in the last year.
In total, more than $200mn worth of crypto has made its way to what have been described as pro-Ukraine causes. Over $80mn worth of these funds was sent directly to the Ukrainian government.
Just weeks after the invasion, a Ukrainian politician said crypto had helped supply its armed forces with supplies including bulletproof vests, helmets and walkie talkies. Other funds turned to humanitarian causes, and even journalism and intelligence efforts.
Not only do these funds eclipse the less than $5mn sent to pro-Russian entities, it represents at least one-fifth of overall non-state-mandated aid to Ukraine, marking the first time in history crypto has played a significant role in a major conflict.
“Ukraine bet big on crypto by offering donation addresses literally hours after the invasion, and it did pay off,” said an Elliptic analyst who spoke to me on the condition of anonymity. “Twenty per cent of grassroots funds coming from crypto is no small feat,” they added.
Tomi Engdahl says:
CyberScoop:
A year after Russia’s invasion, a look at the unprecedented cyberdefense effort by Ukraine and its allies against Russian wiper malware and other attacks
A year after Russia’s invasion, the scope of cyberwar in Ukraine comes into focus
https://cyberscoop.com/ukraine-russia-cyberwar-anniversary/
The Ukraine war has inspired a defensive cyber effort that government officials and technology executives describe as unprecedented.
Twenty-four hours before the Russian invasion of Ukraine on Feb. 24, 2022, a group of cybersecurity researchers from the firm SentinelLabs sat together on the floor of a Miami hotel where they had gathered for a company meeting. With laptops open, they poured over a new malware sample — one that offered a preview, as it turned out, of a Russian cyber offensive to come.
SentinelLabs has built a reputation as leading analysts of Russian cyber operations. So when researchers at ESET, a Slovakian cybersecurity company with extensive experience in Ukraine, discovered Russian malware that had been compiled on Dec. 28, 2021, the SentinelLabs team was compelled to stop everything and dig in. The fact that ESET found evidence that the malware dated to late December suggested Russian hackers had been preparing the attack for months.
Dubbed “HermeticWiper,” the malware was part of a flurry of digital attacks launched by Russian-aligned hackers in the weeks leading up to the invasion. Sitting in the Miami hotel and fueled by huge quantities of Chinese take-out to push out a report on the wiper, SentinelOne’s researchers were seeing the early signs of the digital conflict to come. “It felt like — in a stupid, nerdy way — we were on the frontlines, seeing this happen on the cyber side,” said Tom Hegel, a senior threat researcher at the company.
A year after Russia’s invasion, it is possible to begin accounting for the role digital weapons have played in the conflict. Sophisticated Russian cyberattacks — such as those targeting the electricity grid — have either failed to materialize, been thwarted or gone unobserved. Cyberwarfare in Ukraine has instead been marked by widespread deployment of wipers — designed to delete and destroy data — and extensive information operations.
Amid the destruction visited on Ukraine, cyberweapons have been one tool among many to wreak havoc, and in destroying Ukrainian targets, Russian forces typically opted for more traditional weapons, like bombs and missiles. “We shouldn’t underestimate the importance of the cyber component and threats that come from Russia, but, in general, they choose to use more disruptive weapons, while keeping the cyber operations for psyops or cyber espionage,” said Victor Zhora, the deputy head of Ukraine’s State Service of Special Communications and Information Protection.
At the same time, the war has inspired a defensive effort that government officials and technology executives describe as unprecedented — challenging the adage in cybersecurity that if you give a well-resourced attacker enough time, they will pretty much always succeed. The relative success of the defensive effort in Ukraine is beginning to change the calculation about what a robust cyberdefense might look like going forward.
“For all the defeatism about cyberdefense over the years in the West this really shows you what a sustained period of preparatory planning and mobilization of capabilities in an emergency can actually achieve,”
The defensive cyber strategy in Ukraine has been an international effort, bringing together some of the biggest technology companies in the world such as Google and Microsoft, western allies such as the U.S. and Britain and social media giants such as Meta who have worked together against Russia’s digital aggression.
Tom Burt, Microsoft’s corporate vice president for customer security and trust, told CyberScoop that the war in Ukraine is “the first large scale hybrid conflict that the world has seen” where there’s “been a significant component” of cyber and digital tools. That has him worried: “What we’ve seen in warfare over centuries is that when a new category of weapon is deployed, in conflict, what we tend to see is the evolution of that form of weaponry and its use again and again, in more destructive and more impactful ways in future conflicts.”
Modern warfare as info ops and wipers
In the run-up to the invasion, Ukrainian computer systems came under a sustained barrage. For the most part, these attacks were fairly inconsequential, distributed denial of service attacks that knocked banking services and some government websites offline, for example. Others were potentially more destructive, such as a wiper disguised as ransomware that was discovered in January on Ukrainian government systems.
When Russian troops crossed into Ukraine’s borders on Feb. 24 and launched an ill-fated operation to decapitate the Ukrainian government and seize control of the country in a lightning operation, Russia appeared to step up its operations in cyberspace, striking the satellite internet provider Viasat, an attack that may have degraded Ukrainian communications in the early hours of the invasion.
Russian attacks during this early period ran the gamut from information operations to destructive attacks. In what may have been a bid to degrade the Ukrainian government’s capacity to orchestrate its response to the invasion, Russian actors targeted Ukrainian government systems with wiper malware. In March, a crude deepfake appeared online showing Ukrainian President Volodymyr Zelensky ordering his country’s troops to surrender — an incident that was accompanied by additional wiper attacks and a breach of a Ukrainian media organization where the attackers posted a fake story that Ukrainian troops would soon lay down their arms.
The malware used in these attacks could have been more aggressive, reflecting what may have been an effort to limit the scope to Ukrainian targets in ways Russian hackers had not during peacetime, said Adam Flatley, the vice president for intelligence at cybersecurity firm Redacted and a former director of operations at the National Security Agency. “If you look at all of the cyber attacks that happened in Ukraine, even Viasat, and all the other ones, they were very, very targeted,” Flatley said. “They were very focused.”
After a decade of digital attacks on Ukrainian infrastructure that have seen Russian hackers knock out portions of the Ukrainian power grid at least twice, there was an expectation ahead of the war that Russia’s invasion of Ukraine would be accompanied by a cyber shock-and-awe campaign. When these attacks did not materialize, it spawned debate over Russia’s supposedly missing cyber-arsenal and why it hadn’t been deployed in Ukraine.
That debate obscured how Russia’s digital resources were actually deployed — in the form of wipers and information operations, primarily. Over the course of 2022, Google alone disrupted 1,950 instances of Russian information operations on its platforms — operations that ranged from hacktivist activity, DDoS attacks and hack-and-leak actions. And over the course of the war, cybersecurity researchers have observed roughly a dozen or more distinct wipers, some posing as ransomware, deployed against Ukrainian targets. Google saw more destructive malware attacks in Ukraine during the first four months of 2022 than in the previous eight years combined, and phishing attacks against targets in Ukraine and NATO sharply increased.
“There’s a lot of people thinking and theorizing about what cyberattacks look like in a time of war,” said Shane Huntley, senior director of Google’s Threat Analysis Group. Russia’s Ukraine invasion is the best example to date of how a major cyber power uses digital tools in a kinetic war. “There will be lessons that we should learn here for future conflicts that can really shape the debate.”
Tomi Engdahl says:
Vuoto Kremlistä: Venäjä valmistelee kuuden Euroopan valtion liittämistä itseensä
Kremlistä vuodettu asiakirja paljastaa Venäjän suunnitelmat vasallivaltio Valko-Venäjän varalle. Suunnitelmissa kerrotaan askel askeleelta, kuinka maa liitetään Venäjään ja valkovenäläinen identiteetti tuhotaan vuoteen 2030 mennessä.
https://www.iltalehti.fi/ulkomaat/a/40a8b14c-f4cc-4b6f-b5b2-a52df6b1bf5f
Suunnitelmat muistuttavat venäläistämistoimia, joita Venäjä on pyrkinyt tekemään myös Ukrainassa.
Kremlin suunnitelmaa tukee se, että Valko-Venäjän johtajasta, Aljaksandr Lukašenkasta, on tullut vuoden 2020 vaalien jälkeen entistä riippuvaisempi Putinista. Vaalivilppi ja diktaattorin jatkokausi aiheuttivat laajoja mielenilmauksia, joiden tukahduttamiseen johtaja sai tukea Kremlistä. Mitä heikompi diktaattori on, sitä riippuvaisempi hän on itänaapuristaan.
Hyökkäyssota voi myös lisätä intoa liittää naapurivaltio federaatioon, sillä Valko-Venäjän liittäminen voitaisiin esitellä voittona, jota Kreml voisi korostaa, mikäli sota Ukrainassa menee täysin penkin alle. Liitoksen myötä voitaisiin näyttää kansalaisille, kuinka liittolaiset pitävät yhtä Nato-rintamaa vastaan.
Mediatietojen mukaan vastaavia suunnitelmia on tarkoitus laatia myös Ukrainan ja Moldovan varalle sekä yllättävästi Baltian Nato-maille, eli Virolle, Latvialle ja Liettualle.
Tomi Engdahl says:
Salaperäinen venäläinen sotilassatelliitti Kosmos 2499 on tuhoutunut kiertoradalla
Kosmos 2499 laukaistiin kiertoradalle kahdeksan vuotta sitten, jolloin sen salailu ruokki spekulaatiota.
https://www.iltalehti.fi/ulkomaat/a/c58dbf22-cd85-4df0-b1fc-dad7007c5756
Salaperäinen venäläinen sotilassatelliitti Kosmos 2499 on hajonnut Maan kiertoradalla.
Yhdysvaltain avaruusvoimien yksikkö vahvisti Twitterissä, että satelliitti tuhoutui 4. tammikuuta ainakin 85 seurattavaan osaan. Tviitissä ei spekuloitu tuhoutumisen syitä.
Tomi Engdahl says:
‘Russian hacktivists’ claim responsibility for DDoSing German airport websites https://www.theregister.com/2023/02/17/german_airport_websites_ddos/
In other words, script kiddies up to shenanigans again A series of distributed denial-of-service (DDoS) attacks shut down seven German airports’ websites on Thursday, a day after a major IT glitch at Lufthansa grounded flights
Tomi Engdahl says:
Twitter Limits SMS-Based 2-Factor Authentication to Blue Subscribers Only https://thehackernews.com/2023/02/twitter-limits-sms-based-2-factor.html
Twitter has announced that it’s limiting the use of SMS-based two-factor authentication (2FA) to its Blue subscribers. “While historically a popular form of 2FA, unfortunately we have seen phone-number based 2FA be used and abused by bad actors,” the company said
Tomi Engdahl says:
Fog of War – How the Ukraine Conflict Transformed the Cyber Threat Landscape https://services.google.com/fh/files/blogs/google_fog_of_war_research_report.pdf
“One year ago, Russia invaded Ukraine. Importantly, this marks the first time that cyber operations have played such a prominent role in a world conflict.” Mandiantin/Googlen julkaisu kyberuhkien merkityksestä ja historiallisesta sekä tulevasta kehityksestä. IS:n yhteenveto raportista:
https://www.is.fi/digitoday/tietoturva/art-2000009400273.html
Tomi Engdahl says:
https://therecord.media/dutch-intelligence-russia-cyberattacks-many-not-yet-public-knowledge/
Many of Russias cyber operations against Ukraine and NATO members during the past year have not yet become public knowledge, according to a joint report published this week by two Dutch intelligence services.. Although dozens of private sector reports have detailed Russian ops during the war in Ukraine, experts have questioned whether the cybersecurity industry has visibility into the full extent of that activity.. The joint report from the Dutch General Intelligence and Security Service (AIVD), alongside its Military Intelligence and Security Service (MIVD), cites two reasons why “many of these attempts have not yet become public knowledge.”
Tomi Engdahl says:
Russia blames hackers as commercial radio stations broadcast fake air strike warnings https://therecord.media/russia-radio-hackers-fake-air-raid-missile-strike-warnings/
Commercial radio stations across Russia on Wednesday morning broadcast warnings about air raids and missile strikes. The Ministry of Emergency Situations said the broadcasts were the “result of a hacker attack.”
Tomi Engdahl says:
Dutch intelligence: Many cyberattacks by Russia are not yet public knowledge https://therecord.media/dutch-intelligence-russia-cyberattacks-many-not-yet-public-knowledge/
Many of Russia’s cyber operations against Ukraine and NATO members during the past year have not yet become public knowledge, according to a joint report published this week by two Dutch intelligence services.
Tomi Engdahl says:
Ukraine invasion blew up Russian cybercrime alliances https://www.theregister.com/2023/02/24/russian_cybercrime_economy/
As the illegal invasion hits the one-year mark, new research suggests the conflict also disrupted Russia and the former Soviet Union’s criminal ecosystem, which has “far-reaching consequences affecting nearly every aspect of cybercrime,” according to Alexander Leslie, associate threat intelligence analyst for Recorded Future’s Insikt Group
Tomi Engdahl says:
A Year of Conflict: Cybersecurity Industry Assesses Impact of Russia-Ukraine War
https://www.securityweek.com/one-year-of-russia-ukraine-war-cybersecurity-industry-sums-up-impact/
On the first anniversary of Russia’s invasion of Ukraine, cybersecurity companies summarize the cyber operations they have seen and their impact.
Tomi Engdahl says:
Cyberwarfare
US Sanctions Several Entities Aiding Russia’s Cyber Operations
https://www.securityweek.com/us-sanctions-several-entities-aiding-russias-cyber-operations/
US Department of Treasury has announced a fresh set of sanctions against entities helping Russia in the war against Ukraine.
Tomi Engdahl says:
Reuters: Pietarin lentokenttä ja ilmatila suljettu https://www.is.fi/ulkomaat/art-2000009422457.html
Vahvistamattomien tietojen mukaan syyksi epäillään tunnistamatonta esinettä Pietarin ilmatilassa.
Uutistoimisto Reutersin mukaan Pietarin Pulkovon lentokentälle matkalla olleet Venäjän sisäiset lennot on käännytetty takaisin ja kenttä on suljettu. Myös ilmatila on suljettu seuraaviksi tunneiksi.
Verkkosivusto Bazan mukaan syynä olisi tunnistamaton kohde Pietarin ilmatilassa, ja venäläishävittäjät olisi lähetetty tutkimaan asiaa.
Myös jotkin muut venäläissivustot ovat raportoineet tunnistamattomasta ”lennokista”, joka olisi aiheuttanut varotoimet.
Virallista vahvistusta tiedolle ei ole.
Tomi Engdahl says:
Cyberwarfare
‘Hackers’ Behind Air Raid Alerts Across Russia: Official
https://www.securityweek.com/hackers-behind-air-raid-alerts-across-russia-official/
Russian authorities said that several television and radio stations that have recently broadcast air raid alerts had been breached by hackers.
“As a result of hacking of servers of radio stations and TV channels, in some regions of the country, information about the announcement of an air raid alert was broadcast,” Russia’s emergencies ministry said in a statement.