Ukraine and Russia seems to be at the moments on both traditional and cyber war. We could call that hybrid warfare. We are at a cyber war. Countless examples exist of damage to infrastructure from hostile acts via computer attacks. Russia’s invasion of Ukraine has been a hybrid war from the start, a mix of conventional military strategy — traditional “boots on the ground” — and a slightly more unconventional, digital or cyberwar. On the morning of February 22, 2022, the world woke to the news that Russia had moved troops into two separatist regions of eastern Ukraine. Russia started to conduct attacks to Ukraine on February 24. Before physical attacks Russia did several cyber attacks towards IT systems in Ukraine.
Here are links to some material on the cyber side of this war:
How the Eastern Europe Conflict Has Polarized Cyberspace
https://blog.checkpoint.com/2022/02/27/how-the-eastern-europe-conflict-polarized-cyberspace/
The war between Russia and Ukraine is advancing. People everywhere are deciding who they will support. The same dynamic happens in the cyberspace. Hacktivists, cybercriminals, white hat researchers or even technology companies are picking a clear side, emboldened to act on behalf of their choices. Historically, Russia has had superiority over Ukraine in the cyberspace. And last week, Ukraine was attacked by destructive wiping malware. However, the situation is starting to change, as most of the non-nation cyber state actors are taking the side of Ukraine. To defend itself, the Ukrainian government has created an international IT army of hacktivists.
As war escalates in Europe, it’s ‘shields up’ for the cybersecurity industry
https://techcrunch.com/2022/03/02/as-war-escalates-in-europe-its-shields-up-for-the-cybersecurity-industry/
In unprecedented times, even government bureaucracy moves quickly. As a result of the heightened likelihood of cyberthreat from Russian malactor groups, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) — part of the Department of Homeland Security — issued an unprecedented warning recommending that “all organizations — regardless of size — adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.”
Digital technology and the war in Ukraine
https://blogs.microsoft.com/on-the-issues/2022/02/28/ukraine-russia-digital-war-cyberattacks/
All of us who work at Microsoft are following closely the tragic, unlawful and unjustified invasion of Ukraine. This has become both a kinetic and digital war, with horrifying images from across Ukraine as well as less visible cyberattacks on computer networks and internet-based disinformation campaigns. We are fielding a growing number of inquiries about these aspects and our work, and therefore we are putting in one place a short summary about them in this blog. This includes four areas: protecting Ukraine from cyberattacks; protection from state-sponsored disinformation campaigns; support for humanitarian assistance; and the protection of our employees.. Also:
https://threatpost.com/microsoft-ukraine-foxblade-trojan-hours-before-russian-invasion/178702/
Ukraine: Cyberwar creates chaos, ‘it won’t win the war’
https://www.dw.com/en/ukraine-cyberwar-creates-chaos-it-wont-win-the-war/a-60999197
There have been at least 150 cyberattacks in Ukraine since Russia’s invasion. Their effect is mainly psychological, and experts say they won’t decide the war.
Russia’s invasion of Ukraine has been a hybrid war from the start, a mix of conventional military strategy — traditional “boots on the ground” — and a slightly more unconventional, digital or cyberwar.
The global technology company Microsoft has said its Threat Intelligence Center (MSTIC) detected “destructive cyberattacks directed against Ukraine’s digital infrastructure” hours before the first launch of missiles or movement of tanks on February 24.
Those attacks, which Microsoft dubbed FoxBlade, included so-called wipers — malicious software or malware — that make their way inside computer networks and literally wipe the data from all connected devices.
Cybersecurity experts in Germany have said there have been over a hundred cyberattacks, in various forms, since then. But their effect has mainly been psychological.
Why Russia Hasn’t Launched Major Cyber Attacks Since the Invasion of Ukraine
https://time.com/6153902/russia-major-cyber-attacks-invasion-ukraine/
In the relatively short and rapidly evolving history of cyber conflict, perhaps nothing has been established with greater certainty and more widely accepted than the idea that Russia has significant cyber capabilities and isn’t afraid to use them—especially on Ukraine. In 2015, Russian government hackers breached the Ukrainian power grid, leading to widespread outages. In 2017, Russia deployed the notorious NotPetya malware via Ukrainian accounting software and the virus quickly spread across the globe costing businesses billions of dollars in damage and disruption.
As tensions escalated between Russia and Ukraine, many people were expecting the conflict to have significant cyber components.
But as the invasion continues with few signs of any sophisticated cyber conflict, it seems less and less likely that Russia has significant cyber capabilities in reserve, ready to deploy if needed. Instead, it begins to look like Russia’s much vaunted cyber capabilities have been neglected in recent years, in favor of developing less expensive, less effective cyber weapons that cause less widespread damage and are considerably easier to contain and defend against. For instance, many of the cyberattacks directed at Ukraine in the past month have been relatively basic distributed denial-of-service attacks.
Given Russia’s past willingness to deploy cyberattacks with far-reaching, devastating consequences, it would be a mistake to count out their cyber capabilities just because they have so far proven unimpressive. And it’s all but impossible to prove the absence of cyber weapons in a nation’s arsenal. But the longer the conflict goes on without any signs of sophisticated cyber sabotage, the more plausible it becomes that the once formidable Russian hackers are no longer playing a central role in the country’s military operations.
Crowd-sourced attacks present new risk of crisis escalation
https://blog.talosintelligence.com/2022/03/ukraine-update.html
An unpredictable and largely unknown set of actors present a threat to organizations, despite their sometimes unsophisticated techniques.
Customers who are typically focused on top-tier, state-sponsored attacks should remain aware of these highly motivated threat actors, as well. Misattribution of these actors carries the risk of nations escalating an already dangerous conflict in Ukraine. Based on data from our fellow researchers at Cisco Kenna, customers should be most concerned about threat actors exploiting several recently disclosed vulnerabilities, highlighting the importance of consistently updating software and related systems.
Russia, Ukraine and the Danger of a Global Cyberwar
https://www.securityweek.com/russia-ukraine-and-danger-global-cyberwar
On the morning of February 22, 2022, the world woke to the news that Russia had moved troops into two separatist regions of eastern Ukraine. At the time of writing, it is not yet a full invasion of Ukraine, but Russia did conduct attacks on February 24, hitting cities with airstrikes and artillery in what was called a “special military operation” by Russian President Vladamir Putin.
Russia has been waging its own cyberwar against Ukraine for many years.
Since the beginning of 2022, however, it seems that Russian cyber activity against Ukraine has increased. This includes evidence that wiper malware has again disrupted some Ukrainian government networks, and attacks from the FSB-linked Gamaredon have targeted around 5,000 entities, including critical infrastructure and government departments. So far, however, there has not been the same scale of disruption as occurred in 2015, 2016 and 2017.
The purpose of such cyber activity is to weaken critical infrastructure, damage government’s ability to respond to any aggression, and to demoralize the population.
The U.S. has been warning the rest of the world against a potential widening scope of Russian cyber activity, and that cyber defenses generally should be tightened.
“Part of the worry,” said Willett, “is that cyberattacks against Ukraine might bleed over, like NotPetya, to affect other countries and cause wider damage unintentionally. There is some concern that the Russians may intentionally do stuff more widely, but that would probably be in retaliation for something that the U.S. or NATO might do.
This raises the whole question of ‘attribution’. The received belief is it is impossible to do accurate cyber attribution. ““It would be a mistake for any one nation to think it could attack another without being known,” said Willett.That is absolutely wrong,” said Willett.
But accidents happen. The two iconic cyberweapons have been Stuxnet and NotPetya. It is assumed that the U.S. developed Stuxnet (although this has never been admitted). NotPetya has been confidently attributed to the Russian government. Both malwares escaped from their assumed targets into the wider world. This was probably accidental – but similar accidents could lead to wider implications during a period of global geopolitical tension.
On the morning of February 24, 2022, Russian troops invaded Ukraine. This was accompanied by a further increase in cyber activity.
Ukraine Digital Army Brews Cyberattacks, Intel and Infowar
https://www.securityweek.com/ukraine-digital-army-brews-cyberattacks-intel-and-infowar
Formed in a fury to counter Russia’s blitzkrieg attack, Ukraine’s hundreds-strong volunteer “hacker” corps is much more than a paramilitary cyberattack force in Europe’s first major war of the internet age. It is crucial to information combat and to crowdsourcing intelligence.
Inventions of the volunteer hackers range from software tools that let smartphone and computer owners anywhere participate in distributed denial-of-service attacks on official Russian websites to bots on the Telegram messaging platform that block disinformation, let people report Russian troop locations and offer instructions on assembling Molotov cocktails and basic first aid.
The movement is global, drawing on IT professionals in the Ukrainian diaspora whose handiwork includes web defacements with antiwar messaging and graphic images of death and destruction in the hopes of mobilizing Russians against the invasion.
The cyber volunteers’ effectiveness is difficult to gauge. Russian government websites have been repeatedly knocked offline, if briefly, by the DDoS attacks, but generally weather them with countermeasures.
It’s impossible to say how much of the disruption — including more damaging hacks — is caused by freelancers working independently of but in solidarity with Ukrainian hackers.
A tool called “Liberator” lets anyone in the world with a digital device become part of a DDoS attack network, or botnet. The tool’s programmers code in new targets as priorities change.
Ukraine Cyber Official: We Only Attack Military Targets
https://www.securityweek.com/ukraine-cyber-official-we-only-attack-military-targets
A top Ukrainian cybersecurity official said Friday a volunteer army of hundreds of hackers enlisted to fight Russia in cyberspace is attacking only what it deems military targets, prioritizing government services including the financial sector, Kremlin-controlled media and railways.
Victor Zhora, deputy chair of the state special communications service, also said that there had been about 10 hostile hijackings of local government websites in Ukraine to spread false text propaganda saying his government had capitulated. He said most of Ukraine’s telecommunications and internet were fully operational.
Zhora told reporters in a teleconference that presumed Russian hackers continued to try to spread destructive malware in targeted email attacks on Ukrainian officials and — in what he considers a new tactic — trying to infect the devices of individual citizens.
Army of Cyber Hackers Rise Up to Back Ukraine
https://www.securityweek.com/army-cyber-hackers-rise-back-ukraine
An army of volunteer hackers is rising up in cyberspace to defend Ukraine, though internet specialists are calling on geeks and other “hacktivists” to stay out of a potentially very dangerous computer war.
According to Livia Tibirna, an analyst at cyber security firm Sekoia, nearly 260,000 people have joined the “IT Army” of volunteer hackers, which was set up at the initiative of Ukraine’s digital minister Mykhailo Fedorov.
The group, which can be accessed via the encrypted messaging service Telegram, has a list of potential targets in Russia, companies and institutions, for the hackers to target.
It’s difficult to judge the effect the cyber-army is having.
Russia Releases List of IPs, Domains Attacking Its Infrastructure with DDoS Attacks
https://thehackernews.com/2022/03/russia-releases-list-of-ips-domains.html
Russia Blocks Access to Facebook Over War
https://www.securityweek.com/russia-blocks-access-facebook-over-war
Russia’s state communications watchdog has ordered to completely block access to Facebook in Russia amid the tensions over the war in Ukraine.
The agency, Roskomnadzor, said Friday it decided to cut access to Facebook over its alleged “discrimination” of the Russian media and state information resources. It said the restrictions introduced by Facebook owner Meta on the RT and other state-controlled media violate the Russian law.
Cyberattack Knocks Thousands Offline in Europe
https://www.securityweek.com/cyberattack-knocks-thousands-offline-europe
Thousands of internet users across Europe have been thrown offline after what sources said Friday was a likely cyberattack at the beginning of Russia’s offensive in Ukraine.
According to Orange, “nearly 9,000 subscribers” of a satellite internet service provided by its subsidiary Nordnet in France are without internet following a “cyber event” on February 24 at Viasat, a US satellite operator of which it is a client.
Eutelsat, the parent company of the bigblu satellite internet service, also confirmed to AFP on Friday that around one-third of bigblu’s 40,000 subscribers in Europe, in Germany, France, Hungary, Greece, Italy and Poland, were affected by the outage on Viasat.
In the US, Viasat said on Wednesday that a “cyber event” had caused a “partial network outage” for customers “in Ukraine and elsewhere” in Europe who rely on its KA-SAT satellite.
Viasat gave no further details, saying only that “police and state partners” had been notified and were “assisting” with investigations.
General Michel Friedling, head of France’s Space Command said there had been a cyberattack.
Cybercriminals Seek to Profit From Russia-Ukraine Conflict
https://www.securityweek.com/cybercriminals-seek-profit-russia-ukraine-conflict
Dark web threat actors are looking to take advantage of the tensions between Russia and Ukraine, offering network access and databases that could be relevant to those involved in the conflict, according to a new report from Accenture.
Since mid-January, cybercriminals have started to advertise compromised assets relevant to the Russia-Ukraine conflict, and they are expected to increase their offering of databases and network access, with potentially crippling effects for the targeted organizations.
Just over a month ago, soon after the destructive WhisperGate attacks on multiple government, IT, and non-profit organizations in Ukraine, threat actors started to advertise on the dark web access to both breached networks and databases that allegedly contained personally identifiable information (PII).
Amid Russian invasion, Ukraine granted formal role with NATO cyber hub https://therecord.media/amid-russian-invasion-ukraine-granted-formal-role-with-nato-cyber-hub/
Ukraine was granted the formal role of “contributing participant” to the hub, known as the Cooperative Cyber Defence Centre of Excellence (CCDCOE), by its 27-member steering committee, the organization announced. “Ukraine’s presence in the Centre will enhance the exchange of cyber expertise, between Ukraine and CCDCOE member nations, ” Col.
Jaak Tarien, the institution’s director, said in a statement.
This Ukrainian cyber firm is offering hackers bounties for taking down Russian sites https://therecord.media/this-ukrainian-cyber-firm-is-offering-hackers-bounties-for-taking-down-russian-sites/
In the days following Russia’s invasion of Ukraine, dozens of hacking groups have taken sides in the conflict, launching attacks on various organizations and government institutions. Cyber Unit Technologies, a Kyiv-based cybersecurity startup, has been particularly outspoken on Tuesday, the company started a campaign to reward hackers for taking down Russian websites and pledged an initial $100, 000 to the program.
High Above Ukraine, Satellites Get Embroiled in the War
https://www.wired.com/story/ukraine-russia-satellites/
While the Russian invasion rages on the ground, companies that operate data-collecting satellites find themselves in an awkward position.
Some researchers are worried that the reliance on satellite imagery has given too much power to the companies that control this technology. “There’s companies like Maxar and Planet that are privately owned and they have the final say on whether or not they want to share the information, ” says Anuradha Damale. The role of private companies in conflicts such as Ukraine means commercial satellites could become targets. In the days before Russia invaded, US space officials warned satellite companies that the conflict could extend into space.
CISA Releases Advisory on Destructive Malware Targeting Organizations in Ukraine https://www.cisa.gov/uscert/ncas/current-activity/2022/02/26/cisa-releases-advisory-destructive-malware-targeting-organizations
CISA and the Federal Bureau of Investigation have released an advisory on destructive malware targeting organizations in Ukraine. The advisory also provides recommendations and strategies to prepare for and respond to destructive malware. Additionally, CISA has created a new Shields Up Technical Guidance webpage that details other malicious cyber activity affecting Ukraine. The webpage includes technical resources from partners to assist organizations against these threats.
Alert: https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
US firms should be wary of destructive malware unleashed on Ukraine, FBI and CISA warn – CNNPolitics
https://www.cnn.com/2022/02/26/politics/ukraine-malware-warning-cybersecurity-fbi-cisa/index.html
EU Activates Cyber Rapid Response Team Amid Ukraine Crisis
https://www.bankinfosecurity.com/eu-activates-cyber-rapid-response-team-amid-ukraine-crisis-a-18584
Amid rapid escalation in the Russia-Ukraine conflict derived from historical grievances and qualms with Ukraine’s plan to join the military alliance NATO, the world’s network defenders remain on high alert. And on Tuesday, the European Union confirmed that it will activate its elite cybersecurity team to assist Ukrainians if Russian cyberattacks occur.
UK alludes to retaliatory cyber-attacks on Russia
https://therecord.media/uk-alludes-to-retaliatory-cyber-attacks-on-russia/
The UK government alluded yesterday that it might launch offensive cyber operations against Russia if the Kremlin attacks UK computer systems after an invasion of Ukraine.
Amazon: Charities, aid orgs in Ukraine attacked with malware
https://www.bleepingcomputer.com/news/security/amazon-charities-aid-orgs-in-ukraine-attacked-with-malware/
Charities and non-governmental organizations (NGOs) providing critical support in Ukraine are targeted in malware attacks aiming to disrupt their operations and relief efforts seeking to assist those affected by Russia’s war. Amazon has detected these attacks while working with the employees of NGOs, charities, and aid organizations, including UNICEF, UNHCR, World Food Program, Red Cross, Polska Akcja Humanitarna, and Save the Children.
Ransomware Used as Decoy in Destructive Cyberattacks on Ukraine
https://www.securityweek.com/ransomware-used-decoy-destructive-cyberattacks-ukraine
Destructive ‘HermeticWiper’ Malware Targets Computers in Ukraine
https://www.securityweek.com/destructive-hermeticwiper-malware-targets-computers-ukraine
Just as Russia was preparing to launch an invasion of Ukraine, Ukrainian government websites were disrupted by DDoS attacks and cybersecurity firms reported seeing what appeared to be a new piece of malware on hundreds of devices in the country.
The new malware, dubbed “HermeticWiper” by the cybersecurity community, is designed to erase infected Windows devices. The name references a digital certificate used to sign a malware sample — the certificate was issued to a Cyprus-based company called Hermetica Digital.
“At this time, we haven’t seen any legitimate files signed with this certificate. It’s possible that the attackers used a shell company or appropriated a defunct company to issue this digital certificate,” explained endpoint security firm SentinelOne, whose researchers have been analyzing the new malware.
The malware has also been analyzed by researchers at ESET and Symantec. Each of the companies has shared indicators of compromise (IoCs) associated with HermeticWiper.
ESET first spotted HermeticWiper on Wednesday afternoon (Ukraine time) and the company said hundreds of computers in Ukraine had been compromised.
HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine https://www.sentinelone.com/labs/hermetic-wiper-ukraine-under-attack/
On February 23rd, the threat intelligence community began observing a new wiper malware sample circulating in Ukrainian organizations. Our analysis shows a signed driver is being used to deploy a wiper that targets Windows devices, manipulating the MBR resulting in subsequent boot failure. This blog includes the technical details of the wiper, dubbed HermeticWiper, and includes IOCs to allow organizations to stay protected from this attack. This sample is actively being used against Ukrainian organizations, and this blog will be updated as more information becomes available. Also:
https://www.welivesecurity.com/2022/02/24/hermeticwiper-new-data-wiping-malware-hits-ukraine/
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ukraine-wiper-malware-russia
https://www.bleepingcomputer.com/news/security/new-data-wiping-malware-used-in-destructive-attacks-on-ukraine/
HermeticWiper: A detailed analysis of the destructive malware that targeted Ukraine https://blog.malwarebytes.com/threat-intelligence/2022/03/hermeticwiper-a-detailed-analysis-of-the-destructive-malware-that-targeted-ukraine/
The day before the invasion of Ukraine by Russian forces on February 24, a new data wiper was unleashed against a number of Ukrainian entities. This malware was given the name “HermeticWiper” based on a stolen digital certificate from a company called Hermetica Digital Ltd. This wiper is remarkable for its ability to bypass Windows security features and gain write access to many low-level data-structures on the disk. In addition, the attackers wanted to fragment files on disk and overwrite them to make recovery almost impossible.
In Ukraine, Online Gig Workers Keep Coding Through the War
https://www.wired.com/story/gig-work-in-ukraine/
Freelancers or gig workers who piece together work on online platforms are a hidden engine of the Ukrainian economyand the world’s. They work as software engineers, project managers, IT technicians, graphic designers, editors, and copywriters. And they work for everyone.
Invading Russian forces have plunged freelancers’ home offices into chaos and uncertainty. Vlad, a video editor in southern Ukraine, says he’s grown accustomed to the air alarm signal, and hiding until it has passed. Now there are battles 30 miles from his home. “But as long as there is water, electricity, and internet, I can work, ” he says.
“Because we all need to live for something, eat
Leaving Russia? Experts Say Wipe Your Phone Before You Go
https://www.forbes.com/sites/thomasbrewster/2022/03/04/russians-escaping-putins-repression-urged-to-wipe-their-phones/
Russians fleeing President Vladimir Putin’s regime as it cracks down on anti-war sentimentand rumors of martial law grow louderare being advised to wipe their phones, especially of any traces of support for Ukraine. If they don’t, experts say they may face detention. They’re starting by deleting messages on Signal, Telegram or any app that promises security. For those leaving the country, they’re deleting the apps themselves, and urging others to do the same. Russian media has first-hand accounts of lengthy interrogations at the border, along with phone and laptop searches, though Forbes could not corroborate those claims.
Why ICANN Won’t Revoke Russian Internet Domains
The organization says cutting the country off would have “devastating” effects on the global internet system.
https://www.wired.com/story/why-icann-wont-revoke-russian-internet-domains/#intcid=_wired-bottom-recirc_8e802014-a05f-48c5-89e8-9dad931361ad_text2vec1-reranked-by-vidi
Ukraine on Monday asked ICANN to revoke Russian top-level domains such as .ru, .рф, and .su; to “contribute to the revoking for SSL certificates” of those domains; and to shut down DNS root servers in Russia. Fedorov argued that the requested “measures will help users seek for reliable information in alternative domain zones, preventing propaganda and disinformation.”
Ukraine’s request to cut Russia off from core parts of the internet has been rejected by the nonprofit group that oversees the Internet’s Domain Name System (DNS). CEO Göran Marby of the Internet Corporation for Assigned Names and Numbers (ICANN) said the group must “maintain neutrality and act in support of the global internet.”
“Our mission does not extend to taking punitive actions, issuing sanctions, or restricting access against segments of the internet—regardless of the provocations,” Marby wrote in his response to Ukraine Vice Prime Minister Mykhailo Fedorov.
https://www.icann.org/en/system/files/correspondence/marby-to-fedorov-02mar22-en.pdf
TikTok Was Designed for War
As Russia’s invasion of Ukraine plays out online, the platform’s design and algorithm prove ideal for the messiness of war—but a nightmare for the truth.
https://www.wired.com/story/ukraine-russia-war-tiktok/#intcid=_wired-bottom-recirc_8e802014-a05f-48c5-89e8-9dad931361ad_text2vec1-reranked-by-vidi
2,078 Comments
Tomi Engdahl says:
Prigožin: Wagner-joukot vetäytyvät Bah’mutista – IL seuraa sotaa
https://www.iltalehti.fi/ulkomaat/a/9435695b-e455-4c18-8a2d-68e6e241c31f
Ukraina vaikuttaa torstai-iltana ampuneen oman drooninsa alas Kiovassa.
Ainakin 21 venäläiskaupunkia on perunut perinteisesti 9. toukokuuta järjestettävän voitonpäivän paraatinsa.
Wagner-joukkojen johtaja sanoo joukkojen vetäytyvän Bah’mutista ensi viikolla.
Tomi Engdahl says:
CERT-UA Warns of SmokeLoader and RoarBAT Malware Attacks Against Ukraine https://thehackernews.com/2023/05/cert-ua-warns-of-smokeloader-and.html
An ongoing phishing campaign with invoice-themed lures is being used to distribute the SmokeLoader malware in the form of a polyglot file, according to the Computer Emergency Response Team of Ukraine (CERT-UA). The emails, per the agency, are sent using compromised accounts and come with a ZIP archive that, in reality, is a polyglot file containing a decoy document and a JavaScript file
Tomi Engdahl says:
Venäjän voitonpäivän paraati kuin varjo entisestään – Putinin puhekin jäi tyngäksi
Venäjällä tiistaina vietettävän voitonpäivän juhlallisuudet jäivät torsoksi.
https://www.iltalehti.fi/ulkomaat/a/d5c566bd-bc2a-436c-8cf0-288bd1943a3b
Venäjällä juhlitaan tiistaina voitonpäivää, jonka symbolinen arvo ja tärkeys on presidentti Vladimir Putinin aikakaudella vain paisunut.
Lässähdys?
Tänä vuonna juhlatunnelmasta odotetaan latistuneempaa aiempiin vuosiin verrattuna. Vuosi sitten Putin oli toivonut voivansa julistaa voitonpäivänä voiton Ukrainasta, mutta tämä ei onnistunut eikä kulunut vuosi ole antanut mitään aihetta juhlaan.
Venäjän asevoimat on heikentynyt kuluttavassa sodassa länsimaiden tukemaa Ukrainaa vastaan ja viime vuoden voitonpäivän jälkeen kymmenet tuhannet venäläissotilaat ovat saaneet surmansa.
Lisäksi viimeisenä nöyryytyksenä Venäjä on joutunut perumaan useita voitonpäivän juhlallisuuksia ja paraateja turvallisuushuolien vuoksi. Viime viikolla Venäjä väitti Kremliin kohdistuneen droonihyökkäyksen.
– En ole aiemmin nähnyt täällä tällaista hermostuneisuutta, Moskovan pormestarin kanslian viranomainen kommentoi aiemmin nimettömästi brittilehti Guardianille.
Tomi Engdahl says:
Kommentti: Putinin surkea paraati paljasti sotaa käyvän Venäjän todellisen tilanteen
Emil Kastehelmi
Venäjän voitonpäivän paraati oli tänä vuonna ennätyksellisen heikko esitys, jonka taustalla vaikuttaa hidas ja vaikea sota Ukrainassa, kirjoittaa Iltalehden erikoistoimittaja Emil Kastehelmi.
https://www.iltalehti.fi/ulkomaat/a/5825c2cf-21db-4d48-928b-9e8808c5981f
Voitonpäivän paraati alkoi Moskovassa kuten olettaa saattoi. Punainen tori oli täynnä venäläissotilaita univormuissaan Putinin valehdellessa suureen ääneen yleisestä ulko- ja turvallisuuspoliittisesta tilanteesta.
Lyhyen puheen loputtua oli sotilaskaluston esiinmarssin vuoro. Yleensä Venäjä esittelee tässä vaiheessa asevoimiensa keihäänkärkeä, mutta tänä vuonna kaikki oli toisin.
Kuvakulmat ja leikkaukset vaihtelivat, mutta millään ei pystytty peittämään, että paraatiin osallistui vain vaivaiset 50 ajoneuvoa ja yksi panssarivaunu, joka sekin oli toisesta maailmansodasta.
Yhtään modernia taistelu- tai rynnäkköpanssarivaunua ei ollut mukana. Tykistö ja raketinheittimet puuttuivat. Kaikki hävittäjien ja helikopterien ylilennot oli peruttu. Normaalisti paraateissa on ollut kalustoa ainakin 200 kappaleen verran, jopa viime vuoden supistettu paraati sisälsi noin 130 kappaletta erilaisia panssarivaunuja ja ajoneuvoja.
Kaluston vähäinen määrä kertoo Venäjän pelkäävän Ukrainan iskevän keskelle Moskovaa, tai vaihtoehtoisesti vielä kunnossa oleva kalusto on sidottu taistelukentille ja koulutustarkoituksiin. Luotto kykyyn torjua kaikki uhat ei vaikuta olevan kovin korkea.
Venäjä antoi itsestään vapaaehtoisesti nöyryytetyn, pelokkaan ja vaikeuksissa kärvistelevän kuvan.
Tomi Engdahl says:
Parade of “world’s second army” features only one tank, from World War II
https://www.pravda.com.ua/eng/news/2023/05/9/7401324/
The parade on Red Square in Moscow on Victory Day, 9 May 2023, was attended by significantly fewer units of Russian military equipment than in previous years; in particular, there was only one tank – a World War II-era Т-34.
Source: footage of the parade broadcast; Radio Svoboda (Liberty) referring to the calculations of analyst Oliver Alexander
Details: According to Alexander, a total of only 51 vehicles were involved in this year’s parade. Last year, when the parade was already reduced compared to the times before Russia’s large-scale invasion of Ukraine, 131 combat vehicles took part in the parade. In 2021, there were 197.
Tomi Engdahl says:
FBI disrupts sophisticated Russian cyberespionage operation https://cyberscoop.com/fbi-disrupts-russian-cyber-espionage-tool/
One of the Russian governments most sophisticated long-running cyberespionage operations was hacked and disrupted by the FBI as part of a sprawling international effort, officials with the U.S.
government announced Tuesday. The FBI operation dubbed Medusa targeted nearly 20-year-old malware operated by Turla, a unit within the Federal Security Service of the Russian Federation, which has been known for years as one of Russias premier cybersespionage outfits
Tomi Engdahl says:
Cyberwarfare
US Disrupts Russia’s Sophisticated ‘Snake’ Cyberespionage Malware
https://www.securityweek.com/us-disrupts-russias-sophisticated-snake-cyberespionage-malware/
The US government has announced the disruption of Snake, a sophisticated cyberespionage malware officially attributed to a unit of Russia’s FSB agency.
Tomi Engdahl says:
US Disrupts Russia’s Sophisticated ‘Snake’ Cyberespionage Malware
https://www.securityweek.com/us-disrupts-russias-sophisticated-snake-cyberespionage-malware/
The US government has announced the disruption of Snake, a sophisticated cyberespionage malware officially attributed to a unit of Russia’s FSB agency.
Tomi Engdahl says:
Supo: Venäläinen Turla-ryhmä on vakoillut suomalaisiakin verkossa
https://yle.fi/a/74-20031601
Yhdysvallat kertoi tällä viikolla tehneensä vaarattomaksi venäläisen vakoiluhaittaohjelman. Supo huomauttaa, että Snake oli vain yksi Turla-ryhmän työkaluista. Suojelupoliisin (supo) mukaan venäläisen Snake-vakoiluhaittaohjelman vaarattomaksi tekeminen rajaa merkittävästi Venäjän turvallisuuspalvelu FSB:n edellytyksiä toteuttaa suunnitelmallisia ja pitkäjänteisiä kybervakoiluoperaatioita ulkomailla. Se ei kuitenkaan poista edellytyksiä kokonaan, vaan Venäjän kybervakoilu on supon mukaan edelleen varteenotettava uhka
Tomi Engdahl says:
Suomalaisten satamien verkkosivuja kaadettiin palvelunestohyökkyäksillä – venäläinen hakkeriryhmä ilmoittautui tekijäksi
https://yle.fi/a/74-20032321
Useiden Suomen satamien verkkosivut ovat joutuneet tänään palvelunestohyökkäyksen kohteeksi.
Helsingin Satama tiedotti palvelunestohyökkäyksestä Twitterissä (siirryt toiseen
palveluun) aamupäivällä ennen kello yhtätoista.
Venäläinen hakkeriryhmä NoName 057(16) on ilmoittanut Telegram-kanavallaan (siirryt toiseen palveluun) olevansa palvelunestohyökkäysten takana.
Hakkeriryhmä viittaa Helsingin Sataman sivujen kaatumista koskevassa julkaisussaan Suomen itärajalle rakennettavaa aitaa. Palvelunestohyökkäys vaikuttaisi olevan hakkeriryhmän vastaus.
Tomi Engdahl says:
Suomalaisten satamien verkkosivuja kaadettiin palvelunestohyökkyäksillä venäläinen hakkeriryhmä ilmoittautui tekijäksi
https://yle.fi/a/74-20032321
Useiden Suomen satamien verkkosivut ovat joutuneet tänään palvelunestohyökkäyksen kohteeksi. Helsingin Satama tiedotti palvelunestohyökkäyksestä Twitterissä (siirryt toiseen palveluun) aamupäivällä ennen kello yhtätoista. Venäläinen hakkeriryhmä NoName
057(16) on ilmoittanut Telegram-kanavallaan (siirryt toiseen
palveluun) olevansa palvelunestohyökkäysten takana. Hakkeriryhmä viittaa Helsingin Sataman sivujen kaatumista koskevassa julkaisussaan Suomen itärajalle rakennettavaa aitaa. Palvelunestohyökkäys vaikuttaisi olevan hakkeriryhmän vastaus
Tomi Engdahl says:
CloudWizard APT: the bad magic story goes on
https://securelist.com/cloudwizard-apt/109722/
In March 2023, we uncovered a previously unknown APT campaign in the region of the Russo-Ukrainian conflict that involved the use of PowerMagic and CommonMagic implants. However, at the time it was not clear which threat actor was behind the attack. While looking for implants bearing similarities with PowerMagic and CommonMagic, we identified a cluster of even more sophisticated malicious activities originating from the same threat actor
Tomi Engdahl says:
Russian IT guy sent to labor camp for DDoSing Kremlin websites https://www.theregister.com/2023/05/19/russian_it_worker_ddos/
A Russian IT worker accused of participating in pro-Ukraine denial of service attacks against Russian government websites has been sentenced to three years in a penal colony and ordered to pay 800,000 rubles (about $10,000). According to the state-owned TASS news agency, a Russian regional court handed down the sentence against Yevgeny Kotikov, who is said to have supported Kyiv during Russia’s invasion of Ukraine. To this end he and others DDoSed government websites including those belonging to the Russian president and the country’s Ministry of Defense, we’re told
Tomi Engdahl says:
Ukraines cyber chief on the ever-changing digital war with Russia https://therecord.media/ukraine-ssscip-yurii-shchyhol-interview
Russian hackers have been attacking Ukraine for over a decade, but until the war began, cyberattacks still seemed like something out of a science fiction movie for ordinary Ukrainians. Many had to learn how to safeguard their hardware and their data. The agency responsible for raising awareness for cybersecurity in society, private businesses, and the government is called Derzhspetszvyazok, or the State Service of Special Communications and Information Protection of Ukraine (SSSCIP). Its chief, Yurii Shchyhol, faced the difficult task of explaining Russias digital threat to Ukrainians and the rest of the world
Tomi Engdahl says:
Ukraine War: Vast hacker militias do little damage but can rally mass support, says study https://breakingdefense.com/2023/05/ukraine-war-vast-hacker-militias-do-little-damage-but-can-rally-mass-support-says-study
How do you mobilize a society for total war in the age of TikTok? If your model is the cyber militias that have sprung up over the last 15 months of conflict between Russia and Ukraine, you do it by rallying the masses to post propaganda memes and download simple do-it-yourself hacking scripts. A new study delves deep into the role that non-government groups have played in the ongoing cyber conflict. It grapples with how their role blurs traditional lines between civilian and non-combatant, neutrality and intervention, peace and war and, most importantly, what effect they actually have
Tomi Engdahl says:
Biden Picks New NSA head, Key to Support of Ukraine, Defense of US Elections
https://www.securityweek.com/biden-picks-new-nsa-head-key-to-support-of-ukraine-defense-of-us-elections/
U.S. President Joe Biden has picked a new NSA and Cyber Command leader to oversee America’s cyber warfare and defense.
WASHINGTON (AP) — President Joe Biden has chosen a new leader for the National Security Agency and U.S. Cyber Command, a joint position that oversees much of America’s cyber warfare and defense.
Air Force Lt. Gen. Timothy Haugh, the current deputy commander of Cyber Command, would replace Army Gen. Paul Nakasone, who has led both organizations since May 2018 and was expected to step down this year, according to a notice sent by the Air Force this week and confirmed by a person familiar with the announcement. The person spoke on condition of anonymity to discuss personnel matters not yet made public.
If confirmed, Haugh will take charge of highly influential U.S. efforts to bolster Ukraine’s cybersecurity and share information with Ukrainian forces fighting Russia’s invasion. He will also oversee programs to detect and stop foreign influence and interference in American elections, as well as those targeting criminals behind ransomware attacks that have shut down hospital systems and at one point a key U.S. fuel pipeline.
Tomi Engdahl says:
Venäjä vaihtoi taktiikkaa verkkosodassaan Ukrainassa – tässä ovat uudet kohteet https://www.is.fi/digitoday/tietoturva/art-2000009608448.html
Ukrainan kyberpuolustuksen avainhahmoihin kuuluvan Viktor Zhoran mukaan hyökkäykset ovat hyvin suunniteltuja ja toteutettuja.
VENÄJÄ jatkaa aggressiivisia kyberhyökkäyksiään Ukrainaa vastaan osana sotaansa. Vastoin monien käsityksiä, venäläisten hyökkäysten määrä ei ole vähentynyt ja tuskin vähentyy jatkossakaan. Sen sijaan Venäjä on vaihtanut kybersodassaan käyttämiään taktiikoita.
Suomalaisen tietoturvayhtiö WithSecuren Sphere-tapahtumassa Kiovasta videoyhteydellä puhunut Ukrainan digitalisaatioviraston puheenjohtaja Viktor Zhora kertoo Venäjän aloittaneen systemaattiset kyberhyökkäykset Ukrainaan 21. toukokuuta 2014, vain muutama kuukausi Krimin miehityksen jälkeen.
Näihin kuului karkuun päässyt ja maailmalla vähintään satojen miljoonien edestä tuhoa aiheuttanut NotPetya-kyberase, joka oli tarkoitettu Ukrainaa vastaan.
Tomi Engdahl says:
Venäjä vaihtoi taktiikkaa verkkosodassaan Ukrainassa tässä ovat uudet kohteet https://www.is.fi/digitoday/tietoturva/art-2000009608448.html
Venäjä jatkaa aggressiivisia kyberhyökkäyksiään Ukrainaa vastaan osana sotaansa. Vastoin monien käsityksiä, venäläisten hyökkäysten määrä ei ole vähentynyt ja tuskin vähentyy jatkossakaan. Sen sijaan Venäjä on vaihtanut kybersodassaan käyttämiään taktiikoita. Suomalaisen tietoturvayhtiö WithSecuren Sphere-tapahtumassa Kiovasta videoyhteydellä puhunut Ukrainan digitalisaatioviraston puheenjohtaja Viktor Zhora kertoo Venäjän aloittaneen systemaattiset kyberhyökkäykset Ukrainaan 21. toukokuuta 2014, vain muutama kuukausi Krimin miehityksen jälkeen
Tomi Engdahl says:
Näin Venäjä moukaroi Ukrainaa kyberiskuilla viime vuonna “Kybersota ei tunne https://www.tivi.fi/uutiset/tv/462990fc-b036-4d66-9e5a-ff5f2d8d5d7b
valtioiden rajoja”. Vuoden 2022 aikana Venäjä teki yhteensä 2194 kyberiskua ukrainalaisiin. siviilikohteisiin. Ukrainan kyberturvallisuusviraston johtaja Viktor Zhora kertoi. asiasta Helsingin Kaapelitehtaalla järjestetyssä Sphere23-tietoturvatapahtumassa. keskiviikkona 24. toukokuuta. Zhora esiintyi tapahtuman lavalla etäyhteydellä. Tiedot perustuvat Ukrainan.
kyberturvallisuuskeskuksen tilastoihin.
Tomi Engdahl says:
Russia’s Wagner Group uses Twitter and Facebook to hunt new recruits
https://www.politico.eu/article/russia-ukraine-war-mercenaries-wagner-group-recruit-twitter-facebook-yevgeny-prigozhin/
Facing mounting losses in Ukraine, Russian mercenaries have been using the American social media companies to enlist fresh blood.
Russia’s paramilitary Wagner Group has been using Twitter and Facebook to recruit medics, drone operators and even psychologists to aid fighting operations, including in Ukraine, according to exclusive research seen by POLITICO.
Job ads for Wagner, which has mercenaries operating in several countries, have reached nearly 120,000 views on the two social media platforms over the last ten months, according to Logically, a U.K. disinformation-focused research group.
Sixty posts in dozens of languages – including French, Vietnamese and Spanish – shared information about fighting, IT, driving and medical positions apparently available with Wagner. They also included contact phone numbers, Telegram accounts and touted monthly salaries of 240,000 rubles (€2,800) with benefits including health care.
Tomi Engdahl says:
Navigaattorit seonneet Moskovassa – lukuisat digipalvelut kyykähtäneet https://www.is.fi/autot/art-2000009624139.html
Pitkään jatkunut voimakas gps-häirintä on sotkenut nykyaikaan tottuneiden moskovalaisten arkea osin jo pahastikin
NAVIGAATTOREIDEN käyttöön tottuneet kuluttajat joutuvat nyt käyttämään Moskovassa paperikarttoja ja lataamaan tarvitsemansa kartat puhelimeen etukäteen käytettäväksi ilman gps-seurantaa ja Internetiä, raportoivat nyt useat venäläismediat.
Ilmiön taustalla on Ukrainan sotaan liittyvien ilmahyökkäyksien vuoksi käyttöön otettu voimakas satelliittihäirintä, joka on sekoittanut pahasti paitsi kuluttajien kännykkä- ja autonavigattorit, mutta myös muun muassa Moskovan taksien tilausjärjestelmät, lähes koko ruokalähettitoiminnan ja ylipäätään melkein kaikki sellaiset digijärjestelmät, joissa mukana on reaaliaikainen paikannut.
Käytännössä taksinkuljettajat ovat esimerkiksi ajelleet harhaan eivätkä ole löytäneet asiakkaitaan. Samoin asiakkaat eivät ole löytäneet taksejaan.
Moskovalaisia onkin nyt kehotettu opettelemaan perinteisen kartan lukemista ja hankkimaan arjessa tarvittavia paperikarttoja. Kaupunkilaisia on myös muistutettu siitä, ettei neuvostovuosina kenelläkään ollut mukana kulkevaa Internetiä.
Tomi Engdahl says:
Russia’s ‘Silicon Valley’ hit by cyberattack; Ukrainian group claims deep access https://therecord.media/skolkovo-foundation-cyberattack-russia-ukraine
Ukrainian hackers have breached the systems of Skolkovo Foundation, the agency which oversees the high-tech business area located on the outskirts of Moscow.
The Foundation was founded and charged by Russian former President Dmitry Medvedev to rival Silicon Valley in the U.S.
According to Skolkovo’s statement, the hackers managed to gain limited access to certain information systems of the organization, including its file hosting service on physical servers.
A group of Ukrainian hacktivists took credit for the attack last week and shared screenshots on Telegram of systems they managed to access.
Tomi Engdahl says:
Venäjällä syytetään Suomea kyberhyökkäyksestä https://www.is.fi/digitoday/art-2000009626224.html
VENÄJÄLLÄ Yhtenäinen Venäjä -puolueen ennakkoäänestysjärjestelmä on joutunut kyberhyökkäyksen kohteeksi, kertoo Venäjän valtiollinen uutistoimisto Tass.
Suomi nostettiin esiin yhtenä keskeisenä maana, josta hyökkäys tuli. Asiasta kertoi Tassin mukaan Yhtenäisen Venäjän puoluesihteeri Andrei Turtshak.
– Pääasiassa hyökkäykset tulivat Yhdysvalloista, Saksasta ja Suomesta.
Hyökkäysten havaittiin tulevan yli 31 000 ip-osoitteesta, mutta ne eivät saaneet järjestelmää kaatumaan, Turtshak sanoi Tassin mukaan.
Käytännössä hyökkäävät koneet ovat tässäkin tapauksessa todennäköisesti olleet ympäri maailmaa – myös Suomessa – ja varsinainen hyökkääjä voi olla missä tahansa. Vaikka palvelunestohyökkäykset olisikin jäljitetty tiettyihin maihin, se ei välttämättä tarkoita, että hyökkäykset olisi alun perin näistä maista laukaistu.
Tomi Engdahl says:
Russia says US hacked thousands of iPhones in iOS zero-click attacks https://www.bleepingcomputer.com/news/security/russia-says-us-hacked-thousands-of-iphones-in-ios-zero-click-attacks/
Russian cybersecurity firm Kaspersky says some iPhones on its network were hacked using an iOS vulnerability that installed malware via iMessage zero-click exploits.
The delivery of the message exploits a vulnerability that leads to code execution without requiring any user interaction, leading to the download of additional malicious from the attackers’ server.
Subsequently, the message and attachment are wiped from the device. At the same time, the payload stays behind, running with root privileges to collect system and user information and execute commands sent by the attackers.
Kaspersky says the campaign started in 2019 and reports the attacks are still ongoing. The cybersecurity firm has named the campaign “Operation Triangulation” and is inviting anyone who knows more about it to share information.
Tomi Engdahl says:
Russia Blames US Intelligence for iOS Zero-Click Attacks
https://www.securityweek.com/russia-blames-us-intelligence-for-ios-zero-click-attacks/
Kaspersky said its corporate network has been targeted with a zero-click iOS exploit, just as Russia’s FSB said iPhones have been targeted by US intelligence.
tafsilar.info says:
Very interesting article. thank you for sharing this information.
Tomi Engdahl says:
”Vale-Putin” puhui hakkeroinnin seurauksena venäläisillä radiokanavillla https://www.is.fi/ulkomaat/art-2000009598881.html
“Vale-Putin” puhui hakkeroinnin seurauksena venäläisillä radiokanavillla – ilmoitti Ukrainan joukkojen ylittäneen rajan ja kehotti kansalaisia evakuoitumaan
Kremlin mukaan venäläisillä radiokanavilla maanantaina kuultu presidentti Vladimir Putinin puhe oli väärennetty ja päätyi radioaalloille hakkeroinnin seurauksena. Reutersin mukaan Venäjän valtion uutistoimisto RIA Novosti kertoi puheen kuuluneen useilla radioasemilla, jotka toimivat Ukrainan rajan tuntumassa sijaitsevilla alueilla.
- Kaikki nämä viestit ovat täysin väärennettyjä, sanoi Kremlin tiedottaja Dmitri Peskov RIA:n mukaan.
Itsenäiset venäläiset uutissivustot kertoivat, että väärennetyssä puheessa “Putin” kertoi Rostovin, Belgorodin sekä Voronezhin alueen asukkaille, että Ukrainan joukot olisivat ylittäneet Venäjän rajan. Sivustojen mukaan puheessa kerrottiin myös vastoin totuutta, että raja-alueille olisi julistettu poikkeustila ja Venäjällä olisi käynnistynyt koko maan laajuinen mobilisaatio.
Viestissään “Putin” kehotti alueiden asukkaita evakuoitumaan syvemmälle Venäjän alueelle.
Voronezhin aluehallinto vahvisti hakkeroinnin niin ikään ja kertoi poliisin ja muiden viranomaisten ottaneen paikalliset radioasemat kontrolliinsa. Sosiaalisessa mediassa liikkuvien tietojen mukaan “Vale-Putinin” puhe esitettiin myös joillakin paikallisilla tv-kanavilla videoversiona.
Ukraina on kiistänyt lähettävänsä joukkojaan Venäjän maaperälle. Ukrainan mukaan Venäjän rajaseudun hallintoalueilla viime kuukausina nähdyt ajoittaiset rajan yli tunkeutumiset ovat olleet venäläisten partisaanien tekoja.
Tomi Engdahl says:
Taitava väärennös Putinista loi kaaosta Venäjällä – levisi televisiossa ja radiossa
https://www.is.fi/digitoday/art-2000009636057.html
Hakkerit levittivät Venäjän johtajasta tehtyjä video- ja ääniväärennöksiä raja-alueiden televisio- ja radiotaajuuksille.
Venäjän johtajasta Vladimir Putinista tehty videoväärennös on aiheuttanut hämmennystä Ukrainan odotetun vastahyökkäyksen aattona. Asiasta kertovat muun muassa Ukrainan Pravda sekä Business Insider. Lisäksi sosiaalisessa mediassa on paljon kuvaa videosta.
Hakkerit tunkeutuivat eilen maanantaina venäläisille radio- sekä televisiokanaville ja näyttivät televisiossa videon, jossa tietokoneella luotu Putin kertoo Ukrainan armeijan hyökänneen Venäjälle. Venäjällä alkaisi raja-alueiden evakuointi ja täysimittainen liikekannallepano.
Tomi Engdahl says:
Venäjä kielsi Kah’ovkan padon räjähdyksen kaltaisten onnettomuuksien tutkinnan vain päiviä ennen tuhoa
Venäjän hallitus hyväksyi 31. toukokuuta asetuksen, joka kieltää viranomaisia aloittamasta tutkintaa Kah’ovkan padon kaltaisiin onnettomuuksiin.
https://www.iltalehti.fi/ulkomaat/a/467e4134-9a0d-4ff9-a2cd-62814bca013e
Tomi Engdahl says:
Ukrainian hackers take down service provider for Russian banks
https://www.bleepingcomputer.com/news/security/ukrainian-hackers-take-down-service-provider-for-russian-banks/?fbclid=IwAR3wJlAd6RA7r5FBq1ikHsGrno5V1z0DW-9Fp_VHjUlwI9nRLjkYAlLErKE
A group of Ukrainian hackers known as the Cyber.Anarchy.Squad claimed an attack that took down Russian telecom provider Infotel JSC on Thursday evening.
Among other things, Moscow-based Infotel provides connectivity services between the Russian Central Bank and other Russian banks, online stores, and credit institutions.
Following yesterday’s attack, multiple major banks across Russia had their access cut off from the country’s banking systems so that they can no longer make online payments, as Ukrainian news site Economichna Pravda first reported.
Infotel has confirmed the incident on its website, saying that it’s currently working on restoring systems that were damaged following what it described as a “massive” attack.
IODA also confirms that the Russian company is working on restoring its systems, and it was still offline 34 hours after it was knocked down.
“All their infrastructure was destroyed, nothing living was left there,” said the Ukrainian hacktivists on their Telegram channel when they announced the attack yesterday.
“In total, the company has about four hundred clients, a quarter of them are banks, the rest are credit institutions, car dealerships.”
As proof of their attacks, they released screenshots of alleged access to Infotel’s network, including a network diagram and what appears to be a compromised email account.
This is a recurring pattern for the Cyber.Anarchy.Squad Ukrainian hacking group, which has targeted other Russian companies since it surfaced after Russia invaded Ukraine.
Tomi Engdahl says:
Pro-Ukraine hackers claim to take down Russian internet provider https://therecord.media/proukraine-hackers-claim-to-take-down-russian-isp
Pro-Ukrainian hacktivists have hit a Russian internet and telecommunications company used mostly by banks and online stores with a “massive” cyberattack.
Tomi Engdahl says:
Nato aloittaa historiansa suurimman ilmasotaharjoituksen Euroopassa – ”Olisin yllättynyt, jos Putin ei tekisi muistiinpanoja”
https://www.is.fi/ulkomaat/art-2000009650090.html
USA:n suurlähettilään mukaan harjoitus osoittaa liittouman voimaa myös Venäjälle.
Sotilasliitto Nato aloittaa tänään historiansa suurimman ilmasotaharjoituksen Euroopassa.
Naton mukaan harjoituksen tarkoituksena on osoittaa yhtenäisyyttä ja varautua Venäjän uhkaan.
Air Defender 23 -sotaharjoitus on Saksan ilmavoimien johtama lentotoimintaharjoitus, joka kestää ensi viikon perjantaihin. Harjoitukseen osallistuu noin 250 sotilaskonetta Natosta ja sen kumppanimaista ja 10 000 henkilöä 25 maasta.
Suomen ilmavoimat osallistuu harjoitukseen neljän F/A-18 Hornet -hävittäjän osastolla.
– Olisin erittäin yllättynyt, jos jokainen maailman johtaja ei tekisi muistiinpanoja — mukaan luettuna presidentti Vladimir Putin — mitä tämä harjoitus osoittaa tämän liittouman hengestä, tarkoittaen sen voimaa, Gutmann sanoi.
Tomi Engdahl says:
Lada-tehtaat vakavissa vaikeuksissa – ”Ei ole käytännössä enää osaamista”
Ladalla on edessään tie ilman omia tuotteita, sanovat venäläiset autoteollisuusasiantuntijat.
https://www.is.fi/autot/art-2000009539912.html
Venäjän autoteollisuuden kruununjalokivi eli Lada-valmistaja Avtovaz on nyt täysin kykenemätön kehittämään omaan tekniseen osaamiseensa perustuvia automalleja, kertoo Venäjän hallituksen äänenkannattajiin kuuluva sanomalehti Gazeta.
– Avtovazilla ei ole käytännössä enää osaamista – ei insinööri- eikä teknologista sellaista, autoteollisuuskonsultti Sergei Burgazliev summaa lehdelle.
Avtovaz ei kykene kehittämään autoilleen omaa perusrakennetta, sillä sen vaatima teknologinen ja taloudellinen panostus on venäläisille yksiselitteisesti liian suuri. Käytännössä Avtovazilla onkin Gazetan mukaan edessään vain yksi vaihtoehto, eli vain matalaa osaamista vaativa Kiinasta osina tuotavien autojen kokoaminen Venäjällä. Kun kyseisiin autoihin lätkäistään keulalle Ladan logo, voidaan ne myydä kansalaisille Ladoina.
Gazeta arvioi, että Avtovaz pyrkii pitämään teknisesti vanhanaikaiset Renault-pohjaiset nyky-Ladat valmistuksessa niin kauan kuin mahdollista, eli vielä useiden vuoden ajan. Niiden pienikin kehittäminen on tosin vaikeaa, sillä Avtovazilla ei ole enää pääsyä Renaultin kehittämiin teknologioihin kuten esimerkiksi vielä reilu vuosi sitten.
Avtovaz kertoi huhtikuussa, että sen tuleva crossover-malli on nimeltään Lada X-Cross 5, joka valmistetaan Nissanilta viedyssä Pietarin autotehtaassa. Todellisuudessa itsenäistä Lada X-Cross 5:ä ei kuitenkaan ole olemassa, vaan kyseessä on Ladan keulalogolla varustettu kiinalainen FAW Bestune T77.
Tomi Engdahl says:
Ukraine police raid social media bot farm accused of pro-Russia propaganda https://therecord.media/ukraine-police-raid-social-media-bot-farm
Ukraine’s Cyber Police have shut down a bot farm allegedly spreading disinformation on social media in an attempt to sway public opinion about Russia’s war in Ukraine.
Officials announced on Monday that the bot farm administrators managed over
4,000 fraudulent accounts pretending to belong to Ukrainian citizens. These accounts were used to “criticize the Ukrainian armed forces, justify the Russian invasion of Ukraine, and create political tension in the country,” the police said.
Tomi Engdahl says:
France accuses Russians of impersonating French government and media to spread disinformation https://therecord.media/france-accuses-russians-of-impersonating-french-government-media-misinformation
French officials on Tuesday accused Russian actors of launching “a digital information manipulation campaign against France,” with the assistance of Russian state entities.
The campaign, which the authorities said they had monitored for more than a year, involved the creation of fake websites impersonating French government departments and national media outlets, alongside fake social media accounts.
Russian embassies and cultural centers were accused by the French ministry of foreign affairs of having “actively participated in amplifying this campaign.”
Russia was undermining “the conditions for a peaceful democratic debate and therefore undermine our democratic institutions,” the ministry said.
Tomi Engdahl says:
Cadet Blizzard emerges as a novel and distinct Russian threat actor https://www.microsoft.com/en-us/security/blog/2023/06/14/cadet-blizzard-emerges-as-a-novel-and-distinct-russian-threat-actor/
Today, Microsoft Threat Intelligence is sharing updated details about techniques of a threat actor formerly tracked as DEV-0586—a distinct Russian state-sponsored threat actor that has now been elevated to the name Cadet Blizzard. As a result of our investigation into their intrusion activity over the past year, we have gained high confidence in our analysis and knowledge of the actor’s tooling, victimology, and motivation, meeting the criteria to convert this group to a named threat actor.
Tomi Engdahl says:
ChamelGang and ChamelDoH: A DNS-over-HTTPS implant https://stairwell.com/news/chamelgang-and-chameldoh-a-dns-over-https-implant/
The Stairwell Threat Research team has recently identified various tools used in intrusions by ChamelGang, a sophisticated threat actor with a nexus to China. ChamelGang has previously been observed targeting energy, aviation, and government organizations in Russia, the United States, Japan, Turkey, Taiwan, Vietnam, India, Afghanistan, Lithuania, and Nepal.
This report is the first in a series detailing the capabilities and detection of various tools in ChamelGang’s intrusion arsenal.
Tomi Engdahl says:
Microsoft Outs New Russian APT Linked to Wiper Attacks in Ukraine
https://www.securityweek.com/microsoft-outs-new-russian-apt-linked-to-wiper-attacks-in-ukraine/
Microsoft is publicly exposing a Russian hacking group that worked on destructive wiper malware attacks that hit organizations in Ukraine.
Security researchers at Microsoft are publicly outing a new APT group linked to Russia’s General Staff Main Intelligence Directorate (GRU), warning that the threat actor has worked on destructive wiper malware attacks that hit organizations in Ukraine.
A new report from Redmond’s threat intelligence team tagged the group as ‘Cadet Blizzard’ and documented signs and evidence that adds clarity to the scope and usage of malware in a wartime environment.
“[The] emergence of a novel GRU affiliated actor, particularly one which has conducted destructive cyber operations likely supporting broader military objectives in Ukraine, is a notable development in the Russian cyber threat landscape,” Microsoft said, noting that Cadet Blizzard produced the infamous WhisperGate wiper malware that wiped the Master Boot Record (MBR) of computers in Ukraine.
Tomi Engdahl says:
That looks like a pretty slick move there.
Hacker drains Russian special services wallets, transfers funds to Ukraine
https://news.yahoo.com/hacker-drains-russian-special-services-121400918.html?guccounter=1&guce_referrer=aHR0cDovL20uZmFjZWJvb2suY29tLw&guce_referrer_sig=AQAAAJTIh0VrBixe-2HXwXIMdje2DtfVbEd0GlwiQ94ca5HnQuYjeWjFyRBLTx6IszML1XsPw7GCkisyVpk1lNayTg42iIcV7OulU8-8FotJ04sywAjQZ-Z2wG5RMylpVyTBVQPJvqW2MqDElaUQUHBQl-PN2NfdRdK_j2izicalIY_N
The mysterious user seems to have been able to put blockchain and Bitcoin technologies to work against the Russian terrorist state.
The hacker gained access to hundreds of crypto wallets that likely belong to Russian security agencies, cryptocurrency industry news site CoinDesk clarified, citing Chainalysis, a cryptocurrency monitoring company that works closely with the U.S. government.
Chainalysis analysts believe that the hacker used the transaction documentation feature of the Bitcoin blockchain to identify 986 wallets controlled by Russia’s foreign military intelligence agency (GRU), the Foreign Intelligence Service (SVR), and the Federal Security Service (FSB).
At the same time, the hacker left messages in Russian to the owners of the wallets, in which he stated that these wallets were used to pay for the services of hackers working for Russia.
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/ukrainian-hackers-take-down-service-provider-for-russian-banks/?fbclid=IwAR3YQGIYKog4-5VQJ_FbPp9w9YwMJFTPldk5alDgoDcMRoSV9eZ–zxEVcw
Tomi Engdahl says:
https://www.verkkouutiset.fi/a/saastuneet-merivedet-romanian-ja-bulgarian-rannoille-muutamassa-paivassa/?fbclid=IwAR0HOJ5eSsU_jI0oQNTuI704_JrGgHun3GQwWsyGUe-4j0Bqt4ndI2VZGZg#99f8d57a
Tomi Engdahl says:
Russia-backed hackers unleash new USB-based malware on Ukraine’s military https://arstechnica.com/information-technology/2023/06/russia-backed-hackers-unleash-new-usb-based-malware-on-ukraines-military/
Shuckworm’s relentless attacks seek intel for use in Russia’s invasion of Ukraine.
Tomi Engdahl says:
Microsoft Outs New Russian APT Linked to Wiper Attacks in Ukraine
Microsoft is publicly exposing a Russian hacking group that worked on destructive wiper malware attacks that hit organizations in Ukraine.
https://www.securityweek.com/microsoft-outs-new-russian-apt-linked-to-wiper-attacks-in-ukraine/
Tomi Engdahl says:
Carly Page / TechCrunch:
Russia-linked ransomware gang Clop lists its first victims targeted via Progress’ MOVEit Transfer tool since May 2023, including US banks and universities
Ransomware gang lists first victims of MOVEit mass-hacks, including US banks and universities
Researchers say the newly discovered security flaw was probed as far back as 2021
https://techcrunch.com/2023/06/15/moveit-clop-mass-hacks-banks-universities/
Sean Lyngaas / CNN:
CISA confirms “several” US federal government agencies “experienced intrusions” in the hack of Progress’ MOVEit Transfer tool and is providing support to them — “Several” US federal government agencies have been hit in a global cyberattack that exploits a vulnerability in widely used software.
Exclusive: US government agencies hit in global cyberattack
https://edition.cnn.com/2023/06/15/politics/us-government-hit-cybeattack/
Tomi Engdahl says:
Toivottavasti näin alkaa tapahtumaan myös
venäläisille hävittäjille ja pommikoneille
”Pian venäläiset lentokoneet putoavat taivaalta” – kaksi hätälaskua kahdessa päivässä
https://www.verkkouutiset.fi/a/pian-venalaiset-lentokoneet-putoavat-taivaalta-kaksi-hatalaskua-kahdessa-paivassa/?fbclid=IwAR2mYHJeYzzfd7NUBl0Tc_yLlinwBaGb3C4FTF_PqdZaRTnLKa_m0_zxx7U#99f8d57a
Kansainvälisen Magnitski-kampanjan vetäjä ja Vladimir Putinin ykkösviholliseksi kutsuttu sijoittaja Bill Browder kommentoi Twitterissä uutista, jonka mukaan kaksi venäläistä matkustajalentokonetta on joutunut tekemään hätälaskun lyhyen ajan sisään Venäjällä.
– Näyttää siltä, että pakotteet alkavat purra. Pian venäläiset matkustajalentokoneet putoavat taivaalta, hän sanoo.
Länsimaat ovat asettaneet Venäjälle pakotteita sen jälkeen, kun Moskova aloitti viime vuoden helmikuussa laaja-alaisen hyökkäyksen Ukrainassa.
Venäjän ilmailualan kerrotaan joutuneen vähentämään matkustajalentokoneiden tuotantoa pakotteiden aiheuttaman varaosien puutteen vuoksi.
Tomi Engdahl says:
Sergiu Gatlan / BleepingComputer:
Microsoft details Cadet Blizzard, a GRU hacking group behind the WhisperGate data-wiping attacks in Ukraine carried out a month before Russia’s 2022 invasion
Microsoft links data wiping attacks to new Russian GRU hacking group
https://www.bleepingcomputer.com/news/security/microsoft-links-data-wiping-attacks-to-new-russian-gru-hacking-group/
Tomi Engdahl says:
Sattumaako? Uusi kiristysohjelma iskee venäjänkielisiin https://www.is.fi/digitoday/tietoturva/art-2000009657704.html
Enlisted-pelin pelaajat ovat kiristysohjelman kohteena. Muidenkin kuin venäläisten kannattaa olla varovaisia.
VENÄLÄINEN räiskintäpeli Enlisted on valjastettu verkkohyökkäysten aseeksi. Tietoturvayhtiö Cyblen mukaan venäjänkielisiä pelaajia houkutellaan aitoa peliä läheisesti muistuttaville verkkosivuille, jotka lupaavat peliä ladattavaksi.
Kun haitallisen version pelistä lataa, tietokone saastuu uhrin tiedot panttivangiksi ottavasta kiristysohjelmasta. Se teeskentelee olevansa pahamaineinen WannaCry-kiristäjä, mutta on tosiasiassa kaikkea muuta. Se osaa silti aiheuttaa tuhoa.
Threat Actor Targets Russian Gaming Community With WannaCry-Imitator
https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/
Phishing Gaming Site Opens the Door to Ransomware Infection
Gaming has gained immense popularity, attracting millions of players globally, primarily due to the wide range of game options available, strong community engagement, and its entertainment value. Unfortunately, this widespread appeal has also attracted the attention of Threat Actors (TAs), who seek to exploit gamers by targeting games with large user bases to maximize their potential victims. While searching for free or pirated games, some gamers disregard security measures and unknowingly download malicious software onto their systems.
Tomi Engdahl says:
Hacker groups reportedly team up to destroy European Banks in ‘world’s biggest cyber attack’
https://www.dexerto.com/tech/hacker-groups-reportedly-team-up-to-destroy-european-banks-in-worlds-biggest-cyber-attack-2178927/?fbclid=IwAR0iwZPH0g_7anCPPq0IzKzLOOi35rhKwPeExMq1X5wv7bK8jAgJ11ZYfME
Three pro-Russian hacker groups have allegedly joined forces to target European banks with a massive cyber attack.
KillNet, Anonymous Sudan and REvil reportedly uploaded a video announcing their threat to take down the entire European banking system.
According to reports, KillNet’s leader says preparations are already underway and the attack will begin very soon.
Cyberknow, a threat-tracking page, also posted about the alleged upcoming attacks, adding that hackers from the three groups had joined together for this campaign. They believe their first will be to paralyze the SWIFT payment system, which is commonly used for international payments.
KillNet warned: “This is not a DDoS attack, the games are over. We call on all active groups to engage in destructive activity against the European banking system. No money, no weapons, no Kiev regime. This is the formula for the death of Nazism and it will work.”
They went on to add that society has “not seen such problems before.”
Additionally, Anonymous Sudan claimed the attack would be the “most powerful in the recent history of the world,” further warning that this would be something severe.
“When we strike, it will be too late to make amends.”
On June 15, CNN reported that US government agencies had been hit in a global cyberattack. It is not confirmed if this attack was linked to Russia-based hacking groups.
So far, it’s unclear if these are just empty threats, a prank or if a massive attack is actually planned. In any case, this whole fiasco could very well turn into a real-life Mr Robot situation if things go according to plan.
Tomi Engdahl says:
Frank Bajak / Associated Press:
Microsoft says DDoS attacks by hacktivist group Anonymous Sudan “temporarily impacted availability” of some of its services, including Azure, in early June 2023 — In early June, sporadic but serious service disruptions plagued Microsoft’s flagship office suite …
Microsoft says early June disruptions to Outlook, cloud platform, were cyberattacks
https://apnews.com/article/microsoft-outage-ddos-attack-hackers-outlook-onedrive-7a23f92ab3cc2b7f0c590c7d08cf03fe
In early June, sporadic but serious service disruptions plagued Microsoft’s flagship office suite — including the Outlook email and OneDrive file-sharing apps — and cloud computing platform. A shadowy hacktivist group claimed responsibility, saying it flooded the sites with junk traffic in distributed denial-of-service attacks.
Initially reticent to name the cause, Microsoft has now disclosed that DDoS attacks by the murky upstart were indeed to blame.
But the software giant has offered few details — and did not immediately comment on how many customers were affected and whether the impact was global. A spokeswoman confirmed that the group that calls itself Anonymous Sudan was behind the attacks. It claimed responsibility on its Telegram social media channel at the time. Some security researchers believe the group to be Russian.
Tomi Engdahl says:
Ikea poistaa Maraboun tuotteet myös Suomen myymälöistään – ruokakaupan jätit eivät näe syytä boikottiin
Boikotti Maraboun, Daimin ja Oreo-keksien valmistajaa kohtaan laajenevat Ruotsissa. Suomen suuret päivittäistavaraketjut eivät pidä boikottia aiheellisena.
https://yle.fi/a/74-20037154?fbclid=IwAR0ZA-gM4UOylHtbI_eQDWfLX7mPK0FApjj1YRVcdVbTP68ihymT69heXS8