Ukraine and Russia seems to be at the moments on both traditional and cyber war. We could call that hybrid warfare. We are at a cyber war. Countless examples exist of damage to infrastructure from hostile acts via computer attacks. Russia’s invasion of Ukraine has been a hybrid war from the start, a mix of conventional military strategy — traditional “boots on the ground” — and a slightly more unconventional, digital or cyberwar. On the morning of February 22, 2022, the world woke to the news that Russia had moved troops into two separatist regions of eastern Ukraine. Russia started to conduct attacks to Ukraine on February 24. Before physical attacks Russia did several cyber attacks towards IT systems in Ukraine.
Here are links to some material on the cyber side of this war:
How the Eastern Europe Conflict Has Polarized Cyberspace
https://blog.checkpoint.com/2022/02/27/how-the-eastern-europe-conflict-polarized-cyberspace/
The war between Russia and Ukraine is advancing. People everywhere are deciding who they will support. The same dynamic happens in the cyberspace. Hacktivists, cybercriminals, white hat researchers or even technology companies are picking a clear side, emboldened to act on behalf of their choices. Historically, Russia has had superiority over Ukraine in the cyberspace. And last week, Ukraine was attacked by destructive wiping malware. However, the situation is starting to change, as most of the non-nation cyber state actors are taking the side of Ukraine. To defend itself, the Ukrainian government has created an international IT army of hacktivists.
As war escalates in Europe, it’s ‘shields up’ for the cybersecurity industry
https://techcrunch.com/2022/03/02/as-war-escalates-in-europe-its-shields-up-for-the-cybersecurity-industry/
In unprecedented times, even government bureaucracy moves quickly. As a result of the heightened likelihood of cyberthreat from Russian malactor groups, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) — part of the Department of Homeland Security — issued an unprecedented warning recommending that “all organizations — regardless of size — adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.”
Digital technology and the war in Ukraine
https://blogs.microsoft.com/on-the-issues/2022/02/28/ukraine-russia-digital-war-cyberattacks/
All of us who work at Microsoft are following closely the tragic, unlawful and unjustified invasion of Ukraine. This has become both a kinetic and digital war, with horrifying images from across Ukraine as well as less visible cyberattacks on computer networks and internet-based disinformation campaigns. We are fielding a growing number of inquiries about these aspects and our work, and therefore we are putting in one place a short summary about them in this blog. This includes four areas: protecting Ukraine from cyberattacks; protection from state-sponsored disinformation campaigns; support for humanitarian assistance; and the protection of our employees.. Also:
https://threatpost.com/microsoft-ukraine-foxblade-trojan-hours-before-russian-invasion/178702/
Ukraine: Cyberwar creates chaos, ‘it won’t win the war’
https://www.dw.com/en/ukraine-cyberwar-creates-chaos-it-wont-win-the-war/a-60999197
There have been at least 150 cyberattacks in Ukraine since Russia’s invasion. Their effect is mainly psychological, and experts say they won’t decide the war.
Russia’s invasion of Ukraine has been a hybrid war from the start, a mix of conventional military strategy — traditional “boots on the ground” — and a slightly more unconventional, digital or cyberwar.
The global technology company Microsoft has said its Threat Intelligence Center (MSTIC) detected “destructive cyberattacks directed against Ukraine’s digital infrastructure” hours before the first launch of missiles or movement of tanks on February 24.
Those attacks, which Microsoft dubbed FoxBlade, included so-called wipers — malicious software or malware — that make their way inside computer networks and literally wipe the data from all connected devices.
Cybersecurity experts in Germany have said there have been over a hundred cyberattacks, in various forms, since then. But their effect has mainly been psychological.
Why Russia Hasn’t Launched Major Cyber Attacks Since the Invasion of Ukraine
https://time.com/6153902/russia-major-cyber-attacks-invasion-ukraine/
In the relatively short and rapidly evolving history of cyber conflict, perhaps nothing has been established with greater certainty and more widely accepted than the idea that Russia has significant cyber capabilities and isn’t afraid to use them—especially on Ukraine. In 2015, Russian government hackers breached the Ukrainian power grid, leading to widespread outages. In 2017, Russia deployed the notorious NotPetya malware via Ukrainian accounting software and the virus quickly spread across the globe costing businesses billions of dollars in damage and disruption.
As tensions escalated between Russia and Ukraine, many people were expecting the conflict to have significant cyber components.
But as the invasion continues with few signs of any sophisticated cyber conflict, it seems less and less likely that Russia has significant cyber capabilities in reserve, ready to deploy if needed. Instead, it begins to look like Russia’s much vaunted cyber capabilities have been neglected in recent years, in favor of developing less expensive, less effective cyber weapons that cause less widespread damage and are considerably easier to contain and defend against. For instance, many of the cyberattacks directed at Ukraine in the past month have been relatively basic distributed denial-of-service attacks.
Given Russia’s past willingness to deploy cyberattacks with far-reaching, devastating consequences, it would be a mistake to count out their cyber capabilities just because they have so far proven unimpressive. And it’s all but impossible to prove the absence of cyber weapons in a nation’s arsenal. But the longer the conflict goes on without any signs of sophisticated cyber sabotage, the more plausible it becomes that the once formidable Russian hackers are no longer playing a central role in the country’s military operations.
Crowd-sourced attacks present new risk of crisis escalation
https://blog.talosintelligence.com/2022/03/ukraine-update.html
An unpredictable and largely unknown set of actors present a threat to organizations, despite their sometimes unsophisticated techniques.
Customers who are typically focused on top-tier, state-sponsored attacks should remain aware of these highly motivated threat actors, as well. Misattribution of these actors carries the risk of nations escalating an already dangerous conflict in Ukraine. Based on data from our fellow researchers at Cisco Kenna, customers should be most concerned about threat actors exploiting several recently disclosed vulnerabilities, highlighting the importance of consistently updating software and related systems.
Russia, Ukraine and the Danger of a Global Cyberwar
https://www.securityweek.com/russia-ukraine-and-danger-global-cyberwar
On the morning of February 22, 2022, the world woke to the news that Russia had moved troops into two separatist regions of eastern Ukraine. At the time of writing, it is not yet a full invasion of Ukraine, but Russia did conduct attacks on February 24, hitting cities with airstrikes and artillery in what was called a “special military operation” by Russian President Vladamir Putin.
Russia has been waging its own cyberwar against Ukraine for many years.
Since the beginning of 2022, however, it seems that Russian cyber activity against Ukraine has increased. This includes evidence that wiper malware has again disrupted some Ukrainian government networks, and attacks from the FSB-linked Gamaredon have targeted around 5,000 entities, including critical infrastructure and government departments. So far, however, there has not been the same scale of disruption as occurred in 2015, 2016 and 2017.
The purpose of such cyber activity is to weaken critical infrastructure, damage government’s ability to respond to any aggression, and to demoralize the population.
The U.S. has been warning the rest of the world against a potential widening scope of Russian cyber activity, and that cyber defenses generally should be tightened.
“Part of the worry,” said Willett, “is that cyberattacks against Ukraine might bleed over, like NotPetya, to affect other countries and cause wider damage unintentionally. There is some concern that the Russians may intentionally do stuff more widely, but that would probably be in retaliation for something that the U.S. or NATO might do.
This raises the whole question of ‘attribution’. The received belief is it is impossible to do accurate cyber attribution. ““It would be a mistake for any one nation to think it could attack another without being known,” said Willett.That is absolutely wrong,” said Willett.
But accidents happen. The two iconic cyberweapons have been Stuxnet and NotPetya. It is assumed that the U.S. developed Stuxnet (although this has never been admitted). NotPetya has been confidently attributed to the Russian government. Both malwares escaped from their assumed targets into the wider world. This was probably accidental – but similar accidents could lead to wider implications during a period of global geopolitical tension.
On the morning of February 24, 2022, Russian troops invaded Ukraine. This was accompanied by a further increase in cyber activity.
Ukraine Digital Army Brews Cyberattacks, Intel and Infowar
https://www.securityweek.com/ukraine-digital-army-brews-cyberattacks-intel-and-infowar
Formed in a fury to counter Russia’s blitzkrieg attack, Ukraine’s hundreds-strong volunteer “hacker” corps is much more than a paramilitary cyberattack force in Europe’s first major war of the internet age. It is crucial to information combat and to crowdsourcing intelligence.
Inventions of the volunteer hackers range from software tools that let smartphone and computer owners anywhere participate in distributed denial-of-service attacks on official Russian websites to bots on the Telegram messaging platform that block disinformation, let people report Russian troop locations and offer instructions on assembling Molotov cocktails and basic first aid.
The movement is global, drawing on IT professionals in the Ukrainian diaspora whose handiwork includes web defacements with antiwar messaging and graphic images of death and destruction in the hopes of mobilizing Russians against the invasion.
The cyber volunteers’ effectiveness is difficult to gauge. Russian government websites have been repeatedly knocked offline, if briefly, by the DDoS attacks, but generally weather them with countermeasures.
It’s impossible to say how much of the disruption — including more damaging hacks — is caused by freelancers working independently of but in solidarity with Ukrainian hackers.
A tool called “Liberator” lets anyone in the world with a digital device become part of a DDoS attack network, or botnet. The tool’s programmers code in new targets as priorities change.
Ukraine Cyber Official: We Only Attack Military Targets
https://www.securityweek.com/ukraine-cyber-official-we-only-attack-military-targets
A top Ukrainian cybersecurity official said Friday a volunteer army of hundreds of hackers enlisted to fight Russia in cyberspace is attacking only what it deems military targets, prioritizing government services including the financial sector, Kremlin-controlled media and railways.
Victor Zhora, deputy chair of the state special communications service, also said that there had been about 10 hostile hijackings of local government websites in Ukraine to spread false text propaganda saying his government had capitulated. He said most of Ukraine’s telecommunications and internet were fully operational.
Zhora told reporters in a teleconference that presumed Russian hackers continued to try to spread destructive malware in targeted email attacks on Ukrainian officials and — in what he considers a new tactic — trying to infect the devices of individual citizens.
Army of Cyber Hackers Rise Up to Back Ukraine
https://www.securityweek.com/army-cyber-hackers-rise-back-ukraine
An army of volunteer hackers is rising up in cyberspace to defend Ukraine, though internet specialists are calling on geeks and other “hacktivists” to stay out of a potentially very dangerous computer war.
According to Livia Tibirna, an analyst at cyber security firm Sekoia, nearly 260,000 people have joined the “IT Army” of volunteer hackers, which was set up at the initiative of Ukraine’s digital minister Mykhailo Fedorov.
The group, which can be accessed via the encrypted messaging service Telegram, has a list of potential targets in Russia, companies and institutions, for the hackers to target.
It’s difficult to judge the effect the cyber-army is having.
Russia Releases List of IPs, Domains Attacking Its Infrastructure with DDoS Attacks
https://thehackernews.com/2022/03/russia-releases-list-of-ips-domains.html
Russia Blocks Access to Facebook Over War
https://www.securityweek.com/russia-blocks-access-facebook-over-war
Russia’s state communications watchdog has ordered to completely block access to Facebook in Russia amid the tensions over the war in Ukraine.
The agency, Roskomnadzor, said Friday it decided to cut access to Facebook over its alleged “discrimination” of the Russian media and state information resources. It said the restrictions introduced by Facebook owner Meta on the RT and other state-controlled media violate the Russian law.
Cyberattack Knocks Thousands Offline in Europe
https://www.securityweek.com/cyberattack-knocks-thousands-offline-europe
Thousands of internet users across Europe have been thrown offline after what sources said Friday was a likely cyberattack at the beginning of Russia’s offensive in Ukraine.
According to Orange, “nearly 9,000 subscribers” of a satellite internet service provided by its subsidiary Nordnet in France are without internet following a “cyber event” on February 24 at Viasat, a US satellite operator of which it is a client.
Eutelsat, the parent company of the bigblu satellite internet service, also confirmed to AFP on Friday that around one-third of bigblu’s 40,000 subscribers in Europe, in Germany, France, Hungary, Greece, Italy and Poland, were affected by the outage on Viasat.
In the US, Viasat said on Wednesday that a “cyber event” had caused a “partial network outage” for customers “in Ukraine and elsewhere” in Europe who rely on its KA-SAT satellite.
Viasat gave no further details, saying only that “police and state partners” had been notified and were “assisting” with investigations.
General Michel Friedling, head of France’s Space Command said there had been a cyberattack.
Cybercriminals Seek to Profit From Russia-Ukraine Conflict
https://www.securityweek.com/cybercriminals-seek-profit-russia-ukraine-conflict
Dark web threat actors are looking to take advantage of the tensions between Russia and Ukraine, offering network access and databases that could be relevant to those involved in the conflict, according to a new report from Accenture.
Since mid-January, cybercriminals have started to advertise compromised assets relevant to the Russia-Ukraine conflict, and they are expected to increase their offering of databases and network access, with potentially crippling effects for the targeted organizations.
Just over a month ago, soon after the destructive WhisperGate attacks on multiple government, IT, and non-profit organizations in Ukraine, threat actors started to advertise on the dark web access to both breached networks and databases that allegedly contained personally identifiable information (PII).
Amid Russian invasion, Ukraine granted formal role with NATO cyber hub https://therecord.media/amid-russian-invasion-ukraine-granted-formal-role-with-nato-cyber-hub/
Ukraine was granted the formal role of “contributing participant” to the hub, known as the Cooperative Cyber Defence Centre of Excellence (CCDCOE), by its 27-member steering committee, the organization announced. “Ukraine’s presence in the Centre will enhance the exchange of cyber expertise, between Ukraine and CCDCOE member nations, ” Col.
Jaak Tarien, the institution’s director, said in a statement.
This Ukrainian cyber firm is offering hackers bounties for taking down Russian sites https://therecord.media/this-ukrainian-cyber-firm-is-offering-hackers-bounties-for-taking-down-russian-sites/
In the days following Russia’s invasion of Ukraine, dozens of hacking groups have taken sides in the conflict, launching attacks on various organizations and government institutions. Cyber Unit Technologies, a Kyiv-based cybersecurity startup, has been particularly outspoken on Tuesday, the company started a campaign to reward hackers for taking down Russian websites and pledged an initial $100, 000 to the program.
High Above Ukraine, Satellites Get Embroiled in the War
https://www.wired.com/story/ukraine-russia-satellites/
While the Russian invasion rages on the ground, companies that operate data-collecting satellites find themselves in an awkward position.
Some researchers are worried that the reliance on satellite imagery has given too much power to the companies that control this technology. “There’s companies like Maxar and Planet that are privately owned and they have the final say on whether or not they want to share the information, ” says Anuradha Damale. The role of private companies in conflicts such as Ukraine means commercial satellites could become targets. In the days before Russia invaded, US space officials warned satellite companies that the conflict could extend into space.
CISA Releases Advisory on Destructive Malware Targeting Organizations in Ukraine https://www.cisa.gov/uscert/ncas/current-activity/2022/02/26/cisa-releases-advisory-destructive-malware-targeting-organizations
CISA and the Federal Bureau of Investigation have released an advisory on destructive malware targeting organizations in Ukraine. The advisory also provides recommendations and strategies to prepare for and respond to destructive malware. Additionally, CISA has created a new Shields Up Technical Guidance webpage that details other malicious cyber activity affecting Ukraine. The webpage includes technical resources from partners to assist organizations against these threats.
Alert: https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
US firms should be wary of destructive malware unleashed on Ukraine, FBI and CISA warn – CNNPolitics
https://www.cnn.com/2022/02/26/politics/ukraine-malware-warning-cybersecurity-fbi-cisa/index.html
EU Activates Cyber Rapid Response Team Amid Ukraine Crisis
https://www.bankinfosecurity.com/eu-activates-cyber-rapid-response-team-amid-ukraine-crisis-a-18584
Amid rapid escalation in the Russia-Ukraine conflict derived from historical grievances and qualms with Ukraine’s plan to join the military alliance NATO, the world’s network defenders remain on high alert. And on Tuesday, the European Union confirmed that it will activate its elite cybersecurity team to assist Ukrainians if Russian cyberattacks occur.
UK alludes to retaliatory cyber-attacks on Russia
https://therecord.media/uk-alludes-to-retaliatory-cyber-attacks-on-russia/
The UK government alluded yesterday that it might launch offensive cyber operations against Russia if the Kremlin attacks UK computer systems after an invasion of Ukraine.
Amazon: Charities, aid orgs in Ukraine attacked with malware
https://www.bleepingcomputer.com/news/security/amazon-charities-aid-orgs-in-ukraine-attacked-with-malware/
Charities and non-governmental organizations (NGOs) providing critical support in Ukraine are targeted in malware attacks aiming to disrupt their operations and relief efforts seeking to assist those affected by Russia’s war. Amazon has detected these attacks while working with the employees of NGOs, charities, and aid organizations, including UNICEF, UNHCR, World Food Program, Red Cross, Polska Akcja Humanitarna, and Save the Children.
Ransomware Used as Decoy in Destructive Cyberattacks on Ukraine
https://www.securityweek.com/ransomware-used-decoy-destructive-cyberattacks-ukraine
Destructive ‘HermeticWiper’ Malware Targets Computers in Ukraine
https://www.securityweek.com/destructive-hermeticwiper-malware-targets-computers-ukraine
Just as Russia was preparing to launch an invasion of Ukraine, Ukrainian government websites were disrupted by DDoS attacks and cybersecurity firms reported seeing what appeared to be a new piece of malware on hundreds of devices in the country.
The new malware, dubbed “HermeticWiper” by the cybersecurity community, is designed to erase infected Windows devices. The name references a digital certificate used to sign a malware sample — the certificate was issued to a Cyprus-based company called Hermetica Digital.
“At this time, we haven’t seen any legitimate files signed with this certificate. It’s possible that the attackers used a shell company or appropriated a defunct company to issue this digital certificate,” explained endpoint security firm SentinelOne, whose researchers have been analyzing the new malware.
The malware has also been analyzed by researchers at ESET and Symantec. Each of the companies has shared indicators of compromise (IoCs) associated with HermeticWiper.
ESET first spotted HermeticWiper on Wednesday afternoon (Ukraine time) and the company said hundreds of computers in Ukraine had been compromised.
HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine https://www.sentinelone.com/labs/hermetic-wiper-ukraine-under-attack/
On February 23rd, the threat intelligence community began observing a new wiper malware sample circulating in Ukrainian organizations. Our analysis shows a signed driver is being used to deploy a wiper that targets Windows devices, manipulating the MBR resulting in subsequent boot failure. This blog includes the technical details of the wiper, dubbed HermeticWiper, and includes IOCs to allow organizations to stay protected from this attack. This sample is actively being used against Ukrainian organizations, and this blog will be updated as more information becomes available. Also:
https://www.welivesecurity.com/2022/02/24/hermeticwiper-new-data-wiping-malware-hits-ukraine/
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ukraine-wiper-malware-russia
https://www.bleepingcomputer.com/news/security/new-data-wiping-malware-used-in-destructive-attacks-on-ukraine/
HermeticWiper: A detailed analysis of the destructive malware that targeted Ukraine https://blog.malwarebytes.com/threat-intelligence/2022/03/hermeticwiper-a-detailed-analysis-of-the-destructive-malware-that-targeted-ukraine/
The day before the invasion of Ukraine by Russian forces on February 24, a new data wiper was unleashed against a number of Ukrainian entities. This malware was given the name “HermeticWiper” based on a stolen digital certificate from a company called Hermetica Digital Ltd. This wiper is remarkable for its ability to bypass Windows security features and gain write access to many low-level data-structures on the disk. In addition, the attackers wanted to fragment files on disk and overwrite them to make recovery almost impossible.
In Ukraine, Online Gig Workers Keep Coding Through the War
https://www.wired.com/story/gig-work-in-ukraine/
Freelancers or gig workers who piece together work on online platforms are a hidden engine of the Ukrainian economyand the world’s. They work as software engineers, project managers, IT technicians, graphic designers, editors, and copywriters. And they work for everyone.
Invading Russian forces have plunged freelancers’ home offices into chaos and uncertainty. Vlad, a video editor in southern Ukraine, says he’s grown accustomed to the air alarm signal, and hiding until it has passed. Now there are battles 30 miles from his home. “But as long as there is water, electricity, and internet, I can work, ” he says.
“Because we all need to live for something, eat
Leaving Russia? Experts Say Wipe Your Phone Before You Go
https://www.forbes.com/sites/thomasbrewster/2022/03/04/russians-escaping-putins-repression-urged-to-wipe-their-phones/
Russians fleeing President Vladimir Putin’s regime as it cracks down on anti-war sentimentand rumors of martial law grow louderare being advised to wipe their phones, especially of any traces of support for Ukraine. If they don’t, experts say they may face detention. They’re starting by deleting messages on Signal, Telegram or any app that promises security. For those leaving the country, they’re deleting the apps themselves, and urging others to do the same. Russian media has first-hand accounts of lengthy interrogations at the border, along with phone and laptop searches, though Forbes could not corroborate those claims.
Why ICANN Won’t Revoke Russian Internet Domains
The organization says cutting the country off would have “devastating” effects on the global internet system.
https://www.wired.com/story/why-icann-wont-revoke-russian-internet-domains/#intcid=_wired-bottom-recirc_8e802014-a05f-48c5-89e8-9dad931361ad_text2vec1-reranked-by-vidi
Ukraine on Monday asked ICANN to revoke Russian top-level domains such as .ru, .рф, and .su; to “contribute to the revoking for SSL certificates” of those domains; and to shut down DNS root servers in Russia. Fedorov argued that the requested “measures will help users seek for reliable information in alternative domain zones, preventing propaganda and disinformation.”
Ukraine’s request to cut Russia off from core parts of the internet has been rejected by the nonprofit group that oversees the Internet’s Domain Name System (DNS). CEO Göran Marby of the Internet Corporation for Assigned Names and Numbers (ICANN) said the group must “maintain neutrality and act in support of the global internet.”
“Our mission does not extend to taking punitive actions, issuing sanctions, or restricting access against segments of the internet—regardless of the provocations,” Marby wrote in his response to Ukraine Vice Prime Minister Mykhailo Fedorov.
https://www.icann.org/en/system/files/correspondence/marby-to-fedorov-02mar22-en.pdf
TikTok Was Designed for War
As Russia’s invasion of Ukraine plays out online, the platform’s design and algorithm prove ideal for the messiness of war—but a nightmare for the truth.
https://www.wired.com/story/ukraine-russia-war-tiktok/#intcid=_wired-bottom-recirc_8e802014-a05f-48c5-89e8-9dad931361ad_text2vec1-reranked-by-vidi
2,078 Comments
Tomi Engdahl says:
LockBit suspect’s arrest sheds more light on ‘trustworthy’ gang https://www.theregister.com/2023/06/16/lockbit_suspect_arrest/
FBI agents have arrested a Russian man suspected of being part of the Lockbit ransomware gang. An unsealed complaint alleges the 20-year-old was an Apple fanboy, an online gambler, and scored 80 percent of at least one ransom payment given to the criminals.
Tomi Engdahl says:
LockBit suspect’s arrest sheds more light on ‘trustworthy’ gang https://www.theregister.com/2023/06/16/lockbit_suspect_arrest/
FBI agents have arrested a Russian man suspected of being part of the Lockbit ransomware gang. An unsealed complaint alleges the 20-year-old was an Apple fanboy, an online gambler, and scored 80 percent of at least one ransom payment given to the criminals.
Tomi Engdahl says:
Mika Aaltolan kolumni: Nyt pitää mennä eikä meinata https://www.is.fi/ulkomaat/art-2000009644989.html
Venäjän johto halveksii maita, jotka antavat periksi omasta kansallisista edustaan ja tinkivät arvoistaan. Olkaamme siis vahvoja, kehottaa Ulkopoliittisen instituutin johtaja Mika Aaltola.
Tomi Engdahl says:
Russian Hackers Using USB-Spreading Malware in Attacks on Ukrainian Government, Military
https://www.securityweek.com/russian-hackers-using-usb-spreading-malware-in-attacks-on-ukrainian-government-military/
Russia-linked hacking group Gamaredon is infecting USB drives for lateral movement within compromised Ukrainian networks.
Tomi Engdahl says:
https://www.securityweek.com/microsoft-outs-new-russian-apt-linked-to-wiper-attacks-in-ukraine/
Tomi Engdahl says:
A Russian Ransomware Gang Breaches the Energy Department and Other Federal Agencies
https://www.securityweek.com/a-russian-ransomware-gang-breaches-the-energy-department-and-other-federal-agencies/
The cybersecurity firm SecurityScorecard says it detected 2,500 vulnerable MOVEit servers across 790 organizations, including 200 government agencies.
The Department of Energy and several other federal agencies were compromised in a Russian cyber-extortion gang’s global hack of a file-transfer program popular with corporations and governments, but the impact was not expected to be great, Homeland Security officials said Thursday.
But for others among what could be hundreds of victims from industry to higher education — including patrons of at least two state motor vehicle agencies — the hack was beginning to show some serious impacts.
Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, told reporters that unlike the meticulous, stealthy SolarWinds hacking campaign attributed to state-backed Russian intelligence agents that was months in the making, this campaign was short, relatively superficial and caught quickly.
Tomi Engdahl says:
Biden: Venäjän ydinaseuhka on todellinen – IL seuraa sotaa
Iltalehti seuraa Ukrainan sotaa hetki hetkeltä.
https://www.iltalehti.fi/ulkomaat/a/9435695b-e455-4c18-8a2d-68e6e241c31f
Šoigu: Venäjä tulkitsisi iskun Krimille pitkän kantaman aseilla Yhdysvaltojen ja Britannian suorana osallistumisena konfliktiin
klo 14:15: Venäjän puolustusministeri Sergei Šoigu sanoo, että isku Krimille lännen toimittamilla pitkän kantaman Himars- tai Storm Shadow -ohjuksilla tarkoittaisi Yhdysvaltojen ja Britannian täyttä osallistumista konfliktiin.
Laajoja pommituksia ympäri Ukrainaa yön aikana
klo 08:23: Venäjä iski yön aikana lukuisiin ukrainalaiskaupunkeihin, mukaan lukien Kiovaan ja Lviviin. Lviv sijaitsee Länsi-Ukrainassa lähellä Puolan rajaa.
Biden: Venäjän ydinaseuhka on todellinen
klo 06:33: Yhdysvaltain presidentti Joe Biden sanoo, että Venäjän taktisten ydinaseiden uhka on todellinen. Venäjä on sijoittanut taktisia ydinaseitaan Valko-Venäjälle, mitä Biden on kutsunut vastuuttomaksi toiminnaksi. Asiasta uutisoi Reuters.
- Kun olin täällä noin kaksi vuotta sitten ja sanoin olevani huolissani Coloradojoen kuivumisesta, kaikki katsoivat minua kuin olisin hullu: he katsoivat minua samalla tavalla kuin silloin, kun sanoin olevani huolissani siitä, että Putin käyttää taktisia ydinaseita. Se on todellista, Biden sanoi maanantaina kalifornialaisille lahjoittajille osoitetussa puheessa.
Valko-Venäjän itsevaltainen presidentti Aljaksandr Lukašenka sanoi viime viikolla, että Valko-Venäjä on alkanut vastaanottaa venäläisiä taktisia ydinaseita. Kyseessä on ensimmäinen kerta sitten Neuvostoliiton kaatumisen, kun Venäjä siirtää ydinaseitaan Venäjän rajojen ulkopuolelle.
Yhdysvaltain ulkoministeri Antony Blinken sanoi perjantaina, ettei Yhdysvallat ole toistaiseksi nähnyt merkkejä siitä, että Venäjä valmistautuisi käyttämään ydinaseita.
Tomi Engdahl says:
Putinin hakkerit etsivät hyökkäyskohteita Euroopasta – Naton jäsenmaita varoitetaan
https://www.iltalehti.fi/tietoturva/a/262c9d86-ec1d-412c-9f19-dd2c6c450a2f
Cadget Blizzard-niminen ryhmittymä on lisännyt kohteita Ukrainan lisäksi myös muualla Euroopassa. Microsoftin mukaan erityisesti Ukrainaa tukeneet Nato-maat ovat mahdollisia ryhmän kohteita.
Tietotekniikkayhtiö Microsoft varoittaa, että venäläinen Cadget Blizzardiksi nimetty hakkeriryhmittymä on aktivoinut toimintaansa uudestaan tammikuussa 2023. Heidän kohteita on lisätty Ukrainan lisäksi myös muualle Eurooppaan.
Yhtiön mukaan erityisesti Ukrainalle tukea antaneet Nato-maat ovat ryhmittymän mahdollisia kohteita. Muita kohteita on huomattu myös Keski-Aasiasta sekä ajoittain Latinalaisesta Amerikasta. Suurin toiminta heillä on kuitenkin Ukrainassa.
– Cadget Blizzard pyrkii häiritsemään, tuhoamaan ja keräämään tietoja millä tahansa keinoin. He voivat toimia myös sattumanvaraisesti, Microsoft kertoo.
Cadget Blizzardin kerrotaan toimivan Venäjän sotilastiedustelu GRU:n alaisuudessa. Ryhmittymän toiminta oli aktiivisimmillaan tammikuun ja kesäkuun välillä vuonna 2022.
Cadet Blizzard emerges as a novel and distinct Russian threat actor
https://www.microsoft.com/en-us/security/blog/2023/06/14/cadet-blizzard-emerges-as-a-novel-and-distinct-russian-threat-actor/
Tomi Engdahl says:
Russian APT28 hackers breach Ukrainian govt email servers https://www.bleepingcomputer.com/news/security/russian-apt28-hackers-breach-ukrainian-govt-email-servers/
A threat group tracked as APT28 and linked to Russia’s General Staff Main Intelligence Directorate (GRU) has breached Roundcube email servers belonging to multiple Ukrainian organizations, including government entities.
https://therecord.media/russia-fancy-bear-hackers-targeted-ukraine
Tomi Engdahl says:
Russian APT Group Caught Hacking Roundcube Email Servers
https://www.securityweek.com/russian-apt-group-caught-hacking-roundcube-email-servers/
A Russian hacking group has been caught hacking into Roundcube servers to spy on government institutions and military entities in Ukraine.
Tomi Engdahl says:
How to keep Ukraine’s research hopes alive
Ukrainian scientists reflect on their country’s invasion by Russia, how to halt a postwar brain drain, and how collaborations with Russian colleagues have suffered.
https://www.nature.com/articles/d41586-023-01395-1?utm_source=facebook&utm_medium=social&utm_campaign=CONR_NCARS_ENGM_GL_PCFU_CFULF_ISC_PC-SS1&fbclid=IwAR16AMSu1w4ETDh4JW8EsOwddCFsabkD-KojAZkf7CR8X1HizKUOUqNJfz8_aem_th_AbLWksGckEsIo2LR10tGYHg72KqDwVxFSSEj-AiC-gXkp1UvBy_ZvvI4cx_Y6HhwiLCJzYG-ys8hhuL_XS_k8s0z
Tomi Engdahl says:
Kremlin-backed hacking group puts fresh emphasis on stealing credentials https://therecord.media/nobelium-hacking-group-stealing-credentials
Microsoft has detected an increase in credential-stealing attacks conducted by the Russian state-affiliated hacker group often labeled as APT29, Cozy Bear or Nobelium. These attacks are directed at governments, IT service providers, nongovernmental organizations (NGOs), and defense and critical manufacturing industries.
Tomi Engdahl says:
Russian TV Hacked by AI Putin… Panic Ensues
https://m.youtube.com/watch?v=zNeYFOl_YyU&feature=share&fbclid=IwAR3yZvltB9NHga_jBPXTyHqxjQEFvE4qcUwnYu47RZQze2wdgws8kkfsRcc
Tomi Engdahl says:
CISA orders govt agencies to patch bugs exploited by Russian hackers https://www.bleepingcomputer.com/news/security/cisa-orders-govt-agencies-to-patch-bugs-exploited-by-russian-hackers/
On Thursday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added six more security flaws to its known exploited vulnerabilities (KEV) list.
Three of them were exploited by Russian APT28 cyberspies to hack into Roundcube email servers belonging to Ukrainian government organizations.
While the KEV catalog’s primary focus is alerting federal agencies of exploited vulnerabilities that must be patched as soon as possible, it is also highly advised that private companies worldwide prioritize addressing these bugs.
Tomi Engdahl says:
Tällaisia ajatuksia moskovalaisella nuorella on kotimaastaan juuri nyt: Putin ohjeistaa mediaa, mitä pitää kertoa
https://yle.fi/a/74-20038293
Nuoren venäläismiehen mukaan Venäjän tulevaisuutta on hyvin vaikeaa ennustaa.
Esitimme eilisten dramaattisten tapahtumien pohjalta kysymyksiä Moskovassa asuvalle kolmekymppiselle Sergeille.
Millainen on tilanne ja millaisia ovat tämänhetkiset tunnelmat Moskovassa?
– Kaikki riippuu ihmisestä. Moskovassa elämä on päivästä päivään samanlaista etenkin sellaiselle henkilölle, joka ei lue uutisia, joka käy vain töissä ja huolehtii omista asioitaan. Jos taas vastustat sotaa, voit lähinnä seurata hiljaa sivusta, kuinka ”rupikonna” eli Jevgeni Prigožin rettelöi ”kyykäärmeen” eli Putinin kanssa. Moskovassa ei tapahdu juuri mitään, mutta kaikki muuttuu radikaalisti, kun mennään lähemmäksi Ukrainan rajaa.
Mitä ajattelet Wagnerin ja Kremlin välisestä konfliktista?
– Putinin metodina on hajottaa ja hallita. Viime vuoden helmikuussa hän epäonnistui täydellisesti Venäjän armeijan kanssa. Tämän takia Wagner tuli mukaan kuvioihin. Putin kuitenkin pelkää, että jokin taho kasvaa liian voimakkaaksi, joten hän tarvitsee erilaisia sätkynukkeja, jotka hän sitten pistää tappelemaan toisiaan vastaan. Tällaisia sätkynukkeja ovat Ramzan Kadyrovin yksityinen tšetšeeniarmeija Akhmat ja Sergei Šoigun ja Valeri Gerasimovin johtama venäläinen armeija, joka on erittäin korruptoitunut. Rikkana rokassa ovat Venäjän turvallisuuspalvelu FSB sekä tyhmistä ja aggressiivisista ihmisistä koostuva Rosguardia, joka on hakannut mielenosoituksissa opiskelijoita ja naisia.
– Nyt sitten yksi näistä sätkynukeista eli Wagner voimistui liikaa, koska se on ollut ainoa taho, joka on pystynyt ”demilitarisoimaan” ja ”denatsifioimaan” Ukrainaa. Putin ryhtyi pelkäämään, että yksi hänen sätkynukeistaan kasvaa liian vahvaksi, joten hän lopetti Wagnerin rahoittamisen ja tukemisen. Syntyi kapina, koska Prigožin ei enää halunnut olla mikään pikkutekijä. Ehkä Prigožin halusi päästä jopa presidentiksi. Joka tapauksessa hän pisti kaiken peliin.
Mitä venäläinen media on kertonut tästä konfliktista?
– Venäjällä propagandaa tekevät ne tahot, jotka saavat propagandan tekemisestä rahaa. Putin antaa medialle rahaa ja ohjeistaa, mitä pitää kertoa juuri nyt. On oleellista muistaa, ettei Venäjällä ole olemassa varsinaista oikeaa mediaa.
Erilaiset meemit tuntuvat olevat suosittuja nyky-Venäjällä, miksi?
– Ihmiset yrittävät purkaa jatkuvaa stressiä huumorin avulla, kyse on normaalista reaktiosta. Meemejä tehdään sotaan liittyvien tapahtumien päähenkilöistä. Toki jotkut loukkaantuvat meemeistä, mutta todellinen elämä on paljon brutaalimpaa. On jokaisen oma valinta, kuinka meemeihin reagoi.
Tomi Engdahl says:
Putinin väkivaltamonopolin rikkonut Prigožin joutuu vilkuilemaan olkansa yli loppuelämänsä ajan, arvioi suomalaisasiantuntija
https://yle.fi/a/74-20038302
Ulkopoliittisen instituutin Jyri Lavikaisen mukaan presidentti Vladimir Putinin asema on horjunut Venäjällä.
Ulkopoliittisen instituutin asiantuntija Jyri Lavikainen arvioi, että palkkasoturiryhmä Wagnerin johtaja Jevgeni Prigožinin henkiinjääminen olisi poikkeuksellista.
– Venäjällä vakavin mahdollinen rikos on ryhtyä aseelliseen kapinaan esivaltaa vastaan. Tilanne, että kapinoitsija saa pitää henkensä, toimii ennakkotapauksena tulevaa varten, Lavikainen sanoi sunnuntaina Ylen erikoislähetyksessä.
Prigožin uhkasi perjantaina kaataa Venäjän sotilasjohdon. Kapina päättyi lauantai-iltana, kun hän pääsi sopimukseen presidentti Vladimir Putinin kanssa.
Prigožin joutuu lähtemään maanpakoon Valko-Venäjälle ja luultavasti luopumaan Wagner-joukoistaan.
Prigožin sai toistaiseksi pitää henkensä, mutta Lavikaisen mukaan hän joutuu katsomaan olkansa yli loppuelämänsä ajan.
– Putinin kanssa tehdyt sopimukset eivät ole pitäviä. Hän katsoo, että pettureita rangaistaan aina, Lavikainen sanoi.
Prigožinille ei todennäköisesti enää sallita merkittävää roolia Venäjän sisäpolitiikassa.
– Putin menetti väkivaltamonopolin hetkeksi. Ei tämän aiheuttaneelle kaverille anneta enää valtaa Venäjällä.
Putinin asema horjui
Lavikaisen mielestä Venäjän tapahtumat sai Putinin näyttämään heikommalta.
Hänen mukaansa Putinin suosio ja asema Venäjällä perustuu lähinnä pakkoon.
Prigožinin Wagner-joukot pystyivät käytännössä ajamaan Rostovin kaupunkiin kenenkään estelemättä. Heitä oli Lavikaisen mukaan vastassa jopa iloinen ihmisjoukko.
– Se kertoo, että Wagnerilla ja Prigožinilla itsellään on aitoa suosiota venäläisten keskuudessa, Lavikainen selitti.
Valko-Venäjän presidentti Aljaksandr Lukašenka pönkitti asemaansa Venäjän suuntaan. Lavikaisen mielestä hän on selkkauksen ainoa voittaja.
– Lukašenka puuttui tilanteeseen alusta asti ja mahdollisti neuvotteluyhteyden. Se olisi ollut vielä suurempi heikkoudenosoitus Putinille, jos Putin itse tai hänen viranomaisensa olisi pitänyt neuvotella suoraan vallankaappaajan kanssa ehdoista, joilla tämä lopettaa vallankaappauksensa, Lavikainen sanoi.
Tomi Engdahl says:
https://www.uusiteknologia.fi/2023/06/26/eu-tiukentaa-teknologian-vientikeltoja-venajalle/
Tomi Engdahl says:
Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers https://thehackernews.com/2023/06/microsoft-warns-of-widescale-credential.html
Microsoft has disclosed that it’s detected a spike in credential-stealing attacks conducted by the Russian state-affiliated hacker group known as Midnight Blizzard.
The intrusions, which made use of residential proxy services to obfuscate the source IP address of the attacks, target governments, IT service providers, NGOs, defense, and critical manufacturing sectors, the tech giant’s threat intelligence team said.
Midnight Blizzard, formerly known as Nobelium, is also tracked under the monikers APT29, Cozy Bear, Iron Hemlock, and The Dukes.
Tomi Engdahl says:
https://www.independent.co.uk/news/world/europe/ukraine-russia-putin-wagner-group-latest-news-b2365501.html?fbclid=IwAR0cjbCrRuns_L6Rw5JCIJxgnkn8jSNDN7Y1CwbaSrdpQvKLfQuRp_4aRcc
Tomi Engdahl says:
Case Study: Graph Databases Help Track Ill-Gotten Assets
If you want to find oligarchs’ dirty money — or reveal connections hidden in any data — you will need a graph, not a map.
https://thenewstack.io/case-study-graph-databases-help-track-ill-gotten-assets/?utm_source=Facebook&utm_medium=Paid+Social+Media&utm_campaign=Jun+Spon+Articles&utm_content=Graph+Databases&fbclid=IwAR2z6qV4w4KgyTIE2wZJF0bPAf0CwO1Nkxj0WuPV4bJotCu_YzL15Jvm01I_aem_Abj3oeHjp57Ms0cFBP29b_FeynqtZdvqvM5y8YScHGLA8Cua2eogDH5XGxq4nQUDsNnYWIS5Gq9N80Zrxc-qMYwK
Tomi Engdahl says:
Putin käy salaista maailmansotaa – tästä on kyse https://www.is.fi/ulkomaat/art-2000009676211.html
Tomi Engdahl says:
Cyberwarfare
What is Cyberwar?
https://www.securityweek.com/what-is-cyberwar/
Ask any three people to define cyberwar and you will get three different answers. But as global geopolitics worsen and aggressive cyberattacks increase, this becomes more than an academic question.
https://www.securityweek.com/category/cyberwarfare/
Tomi Engdahl says:
Pro-Russia DDoSia hacktivist project sees 2,400% membership increase https://www.bleepingcomputer.com/news/security/pro-russia-ddosia-hacktivist-project-sees-2-400-percent-membership-increase/
The pro-Russia crowdsourced DDoS (distributed denial of service) project, ‘DDoSia,’ has seen a massive 2,400% growth in less than a year, with over ten thousand people helping conduct attacks on Western organizations.
The project was launched by a pro-Russian hacktivist group known as “NoName057(16)” last summer, quickly reaching 400 active members and 13,000 users on its Telegram channel.
Tomi Engdahl says:
Hackers claim to take down Russian satellite communications provider https://therecord.media/hackers-take-down-russian-satellite-provider
A group of previously unknown hackers has claimed responsibility for a cyberattack on the Russian satellite communications provider Dozor-Teleport, which is used by energy companies and the country’s defense and security services.
Doug Madory, the head of internet analysis at the network monitoring company Kentik confirmed to Record Future News that Dozor-Teleport has been disconnected from the internet and is currently unreachable.
Tomi Engdahl says:
Threat Actor Targets Russian Gaming Community With WannaCry-Imitator
https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/
Tomi Engdahl says:
This’ll change things a wee bit in Ukraine?
This Hacker Tool Can Pinpoint a DJI Drone Operator’s Exact Location
Every DJI quadcopter broadcasts its operator’s position via radio—unencrypted. Now, a group of researchers has learned to decode those coordinates.
https://www.wired.com/story/dji-droneid-operator-location-hacker-tool/?fbclid=IwAR2avsjy7pQ94QSomRdp3Ga6AR0NH8T8xyn_RwcUqHbrgprm9Rs4-0u1qgQ&mbid=social_facebook&utm_brand=wired&utm_campaign=falcon_nGeO&utm_medium=social&utm_social-type=owned&utm_source=facebook
Tomi Engdahl says:
Pro-Russian hackers upgrade DDoSia bot used to attack Ukraine, NATO countries https://therecord.media/ddosia-pro-russian-hackers-upgrades
The DDoSia project by pro-Russian hackers has seen significant growth this year as attackers continue to use the technology against countries critical of Russia’s invasion of Ukraine.
DDoSia is a distributed denial-of-service attack toolkit developed and used by the pro-Russia hacktivist group NoName057(16).
The group and its followers are actively deploying the tool against government agencies, media, and private companies in Lithuania, Ukraine, Poland, Italy, and other European countries, according to a report released by cybersecurity company Sekoia this week.
Tomi Engdahl says:
Mitä Medvedevin uusi kirjoitus tarkoittaa? Asiantuntijalta viiltävä analyysi
https://www.is.fi/ulkomaat/art-2000009694472.html
Venäjän ex-presidentti Dmitri Medvedev kirjoittaa julkaisemassaan artikkelissaan Suomen olevan maa, jonka Lenin loi ajattelemattomuuttaan.
Ulkopoliittisen instituutin ohjelmajohtaja Arkady Moshesin mukaan Venäjän entisen presidentin Dmitri Medvedevin tuoretta kirjoitusta Venäjän ulkopoliittisista suhteista ei voida pitää vakavana julkaisuna.
– Ensimmäinen asia, joka Medvedevin artikkelia luettaessa on hyvä ymmärtää, että se on kirjoitettu kielellä, joka ei ole edes sosiaalisessa mediassa hyväksyttävää. Se ei ole analyyttinen artikkeli.
Artikkelissaan Medvedev käsittelee Venäjän ja lännen välistä vastakkainasettelua, jonka hän arvioi kestävän vielä pitkään, jopa vuosikymmenien ajan. Hänen mukaansa kyse ei ole kuitenkaan pelkästään Venäjän ja lännen välisistä kiistoista, vaan käytännössä koko muu maailma on hänen mukaansa länttä vastaan.
Medvedev ehdottaa myös muutamia toimenpiteitä, mitä hänen mielestään Venäjän pitäisi tehdä seuraavaksi. Yksi niistä on diplomaattisuhteiden katkaisu Suomeen.
Nykyään Venäjän turvallisuusneuvoston varapuheenjohtajana toimiva Medvedev kirjoitti sunnuntaina laajan Venäjän ja lännen suhteita käsittelevän artikkelin Venäjän hallituksen viralliseen lehteen Rossiiskaja gazetaan.
Medvedevin mielestä Venäjän pitäisi pistää diplomaattisuhteet tauolle paitsi Suomen myös Puolan ja Baltian maiden kanssa. Moshesilla on yksiselitteinen mielipide Medvedin kirjoitukseen: sitä ei pidä missään nimessä ottaa tosissaan.
– Tämä on henkilön, joka on menettänyt kaiken poliittisen vallan, tapa hakea huomiota. Hän haluaa kiinnittää Putinin huomion, mutta ei pysty siihen.
– Hän ei tehnyt päätöksiä edes silloin, kun hän oli presidentti. Hänen sanansa eivät tee päätöksiä nytkään. En usko, että Putin kuuntelee häntä tai ottaa häntä tosissaan.
Moshes ei koe, että tapa, jolla Medvedev kirjoittaa Suomesta, Puolasta ja Baltian maista, olisi täysin odottamatonta.
– En usko, että diplomaattisia suhteita katkaistaan tämän takia. Minkään muunkaan maan kanssa ei ole tehty vastaavaa. Tietenkin muutokset suhteen tasolla ovat mahdollisia teoriassa, mutta Medvedevin kirjoitukset tuskin ovat niiden innoittajia.
Kirjoituksessa Medvedev kirjoittaa Suomen olevan maa, jonka Vladimir Lenin loi ajattelemattomuuttaan. Moshesin mielestä väitteelle ei tulisi antaa painoarvoa.
– Lenin ei tietenkään voi kommentoida tapahtunutta. On huomioitava myös 1930- ja 1940- lukujen tapahtumat, jolloin Stalin yritti ”korjata” Leninin virheitä. Eli sillä, mikä ikinä olikaan Lenin motivaatio, ei ole väliä.
– Historia näyttää sen, mitä tapahtui. Suomi taisteli itsenäisyydestään ja voitti. Se on se, millä on merkitystä, Moshes lisää.
Moshes tiivistää, että Medvedev ei ole Venäjällä henkilö, jolla olisi poliittista valtaa päätöksenteossa.
Tomi Engdahl says:
Times: Putin tietää loppunsa olevan karmaiseva
Venäjän autoritääriset johtajat ovat poistettu vallasta tyypillisesti väkivalloin, mikäli johtaja ei ole pedannut itselleen seuraajaa. Myös Putin tietää noutajan tulevan todennäköisesti sisäpiiristä.
https://www.iltalehti.fi/ulkomaat/a/a1092110-c903-44b0-b72b-a41e284826d9
Tomi Engdahl says:
Paljastus: FSB valvoo Whatsappia – Näin se vaikuttaa suomalaisiin
NYT:n tietojen mukaan FSB on kehittänyt uusia metodeja valvoa venäläisten sähköistä viestintää.
https://www.iltalehti.fi/digiuutiset/a/255f4c24-5e00-43c6-9ec9-ffa8da86e288
urvallisuuspalvelu FSB:llä on pääsy pikaviestipalveluiden metadataan.
Se saa selville muun muassa sen, kuka kommunikoi kenen kanssa, milloin ja missä keskustelu tapahtuu, ja kenen kanssa ihminen on tekemisissä ja missä tämä liikkuu.
Suomalaisasiantuntijan mukaan sovellukset ovat edelleen turvallisia käyttää.
Venäjän turvallisuusviranomaiset ovat Ukrainan sodan alkamisen jälkeen vahvistaneet kykyään valvoa kansalaistensa digitaalista viestintää, kertoo The New York Times.
Yhdysvaltalaislehden mukaan Venäjän turvallisuuspalvelu FSB on kehittänyt useita uusia digitaalisen valvonnan metodeja, joilla valvotaan erityisesti sisäistä tietoliikennettä.
Tiedot perustuvat lukuisiin asiakirjoihin, joita lehti on saanut haltuunsa valvontaviranomaisilta, sekä haastatteluihin, jotka on tehty tietoturva-asiantuntijoiden, teknologia-aktivistien ja nimettömän lähteen kanssa, joka on mukana Venäjän digitaalisessa valvonnassa.
https://www.nytimes.com/2023/07/03/technology/russia-ukraine-surveillance-tech.html
Tomi Engdahl says:
Brittieverstin tyly arvio: Venäjän aika on lähes lopussa
Venäjän strategia on epäonnistunut, Britannian asevoimien entinen upseeri arvioi.
https://www.iltalehti.fi/ulkomaat/a/c346b019-ba7b-46fd-bc74-f8ebee2addc2
Professori: Putin on ajanut Venäjän umpikujaan – ”Vain harva voi teeskennellä uskovansa onnelliseen loppuun”
Yhä useampi venäläinen näkee Venäjän ajautuneen umpikujaan, venäläisprofessori sanoo.
https://www.iltalehti.fi/ulkomaat/a/0d5614c1-3611-42a9-b53f-041fe14caedd
Tomi Engdahl says:
Päätoimittaja Ilja Kosygin arvelee Venäjän olevan matkalla sisällissotaan: “Jopa sodan kannattajat uskovat siihen”
Oppositiomedian päätoimittaja Ilja Kosygin uskoo, että sota, liikekannallepano ja Wagner ajavat venäläistä yhteiskuntaa sisällissotaan. Hän ennakoi suuria poliittisia muutoksia jo vuonna 2024.
https://yle.fi/a/74-20039459
Venäläisen oppositiomedia Dovodin päätoimittaja Ilja Kosygin lähti kotiseudultaan Vladimirista Puolaan voidakseen raportoida yleisölle rehellisesti Venäjän sotatappioista.
Hän kokoaa listaa kuolleista venäläissotilaista todistaakseen, että Venäjä valehtelee sodassa kaatuneiden määrästä.
Hän uskoo Venäjän olevan matkalla kaaokseen.
Paljonko venäläissotilaita on kuollut Ukrainassa?
Dovod, BBC ja [venäläinen oppositiomedia] Mediazona ovat onnistuneet vahvistamaan 26 000 venäläissotilaan kuoleman Ukrainassa. Yhteisen näkemyksemme mukaan hautausmaille eri puolilla Venäjää on todennäköisesti haudattu ainakin 50 000 sotilasta.
Luku ei tietenkään yksinään kerro Venäjän sotilastappioista koko totuutta. Monia ihmisiä on ilmoitettu kadonneiksi. Lisäksi Venäjä hautaa sotilaita Itä-Ukrainan miehitetyille alueille. Sieltä on vaikea saada tietoja.
Arvioni mukaan tietomme sotilastappioista pitäisi kertoa vähintään kolmella, jotta päästään yhtään lähelle Venäjän todellisia tappioita.
Millainen mieliala Venäjällä vallitsee nyt sodan suhteen?
Tuntuu, että ihmiset turvautuvat yhä useammin kuluneeseen retoriikkaan, jonka mukaan vaihtoehtoja ei ole. Jotkut lietsovat pelkoa, että maa hajoaa ja vaipuu kaaokseen, jos Venäjä häviää. Monet myöntävät sodan olevan hirveä asia, mutta heistä sotaa on jatkettava, kunnes Venäjä voittaa.
Tomi Engdahl says:
Russian railway site allegedly taken down by Ukrainian hackers https://therecord.media/russian-railway-site-taken-down-by-ukrainian-hackers
The Russian state-owned railway company RZD said Wednesday that its website and mobile app were down for several hours due to a “massive” cyberattack, forcing passengers to only buy tickets at railway stations.
The Ukrainian hacktivist group IT Army claimed responsibility for the attack on its Telegram channel. “The terrorist state is heading non-stop to the station called Chaos,” the hackers said. The group’s claims could not be immediately verified.
Tomi Engdahl says:
Killnet as a private military hacking company? For now, it’s probably just a dream https://therecord.media/killnet-cybercrime-group-russia-kremlin-hacking-company
Despite its uneven record, researchers are interested in Killnet as a phenomenon that could shake up Russia’s community of underground hackers. It’s a crowdsourced collective with an enigmatic leader who garners support from other self-proclaimed hacktivists. When the group posts one of its threatening announcements on Telegram, observers in the West pay close attention.
Recently, Killnet’s purported founder, known only as Killmilk, announced the group’s most ambitious goal yet: to transform the collective into a private military hacking company that will engage in cybercrime on behalf of the Russian state.
To achieve this, Killmilk plans to restructure Killnet, recruit more skilled hackers and provide training to potential members through what it calls “The Dark School” initiative. The school will reportedly offer courses in four
languages: Russian, English, Spanish and Hindi. Members of the Russian armed forces will be offered an opportunity to enroll in the school for free.
Tomi Engdahl says:
Hakkerit käynnistivät kyberhyökkäysten aallon Liettuaan
https://www.is.fi/digitoday/art-2000009709911.html
Liettuaan on kohdistunut kyberhyökkäysten aalto Nato-huippukokouksen aattona, kertoo Liettuan hallitus. Naton johtajien on määrä kokoontua Liettuan pääkaupungissa Vilnassa huomenna.
– Tälläkin hetkellä maahamme kohdistuu hajautettuja palvelunestohyökkäyksiä, Liettuan kansallisen kyberturvallisuuskeskuksen johtaja Liudas Alisauskas sanoi toimittajille.
Kyberhyökkäykset kohdistuvat Vilnan kaupungin verkkosivuihin, mukaan lukien matkailuneuvontasivustoon ja joukkoliikennesovellukseen.
Tomi Engdahl says:
Venäjä testasi jälleen internetistä irtautumista – kärsijöinä myös omat virastot https://www.tivi.fi/uutiset/tv/b2e09cc4-8253-4cbb-a3b8-b84898d14ecb
Venäjä on jälleen ainakin osittain irtautunut kansainvälisestä internetistä testatessaan itsenäistä verkkoaan 4.–5. heinäkuuta. Aiheesta raportoi yhdysvaltalainen ajatushautomo Institute for the Study of War (ISW).
Yöllinen kokeilu esti kansalaisia käyttämästä länsimaisia palveluja, kuten Wikipediaa, mutta maan sisällä toimiviin palveluihin pääsy toimi normaalisti.
ISW arvioi, että testin yhteydessä verkkokatkoista kärsivät myös maan omat virastot ja toimijat, kuten valtiollinen Venäjän rautatiet sekä Venäjän
eläinlääkintä- ja kasvinterveyslaitos Rosselkhoznadzor. Myös teleoperaattorit Megafon ja Beeline ovat raportoineet katkoista.
Tomi Engdahl says:
RomCom Threat Actor Suspected of Targeting Ukraine’s NATO Membership Talks at the NATO Summit
https://blogs.blackberry.com/en/2023/07/romcom-targets-ukraine-nato-membership-talks-at-nato-summit
On July 4, the BlackBerry Threat Research and Intelligence team found two malicious documents submitted from an IP address in Hungary, sent as lures to an organization supporting Ukraine abroad, and a document targeting upcoming NATO Summit guests who may also be providing support to Ukraine.
Our analysis based on the tactics, techniques, and procedures (TTPs), code similarity, and threat actor network infrastructure leads us to conclude that the threat actor known as RomCom is likely behind this operation.
Based on our internal telemetry, network data analysis, and the full set of cyber weapons we collected, we believe the threat actor behind this campaign ran their first drills on June 22, and also a few days before the command-and-control (C2) mentioned in this report was registered and went live.
Tomi Engdahl says:
A Cybersecurity Wish List Ahead of NATO Summit
Assuming NATO can play a greater part in the cybersecurity of its members, possibly through a more formal NATO Cyber Command, the question then becomes ‘what should we hope for?’
https://www.securityweek.com/a-cybersecurity-wish-list-ahead-of-nato-summit/
Tomi Engdahl says:
Venäjän hakkerit virittivät diplomaateille kieron ansan – kohteena jo 22 lähetystöä
Joakim Kullas14.7.202318:11HAITTAOHJELMATHAKKERITTIETOTURVA
Hakkereiden viestit voivat näyttää kiinnostavilta, mutta ne sisältävät ikävän yllätyksen.
https://www.tivi.fi/uutiset/venajan-hakkerit-virittivat-diplomaateille-kieron-ansan-kohteena-jo-22-lahetystoa/f09fddec-3ec6-4fcd-9fcb-0b68e234e359
Venäjän valtion tukema hakkeriryhmä APT29 houkuttelee Ukrainassa toimivia diplomaatteja klikkaamaan auton myynti-ilmoituksessa olevia linkkejä, joista latautuu haittaohjelma. Venäjän ulkomaantiedusteluun kytkeytyvä ryhmä valikoi usein kohteikseen korkean tason henkilöitä ja tekee iskujaan ympäri maailmaa.
Tomi Engdahl says:
EU sanctions individuals, organizations connected to Russian disinformation network https://therecord.media/eu-sanctions-russian-operation-rnn-media
The European Union is drawing fresh attention to Russia’s information war against Ukraine.
The EU has imposed sanctions on a Kremlin-controlled disinformation network intended to undermine Western support for Ukraine. The sanctions, announced Friday, target seven Russian individuals and five entities involved in an operation called Recent Reliable News (RRN).
Tomi Engdahl says:
Finland sees fourfold spike in ransomware attacks since joining NATO, senior cyber official says https://therecord.media/finland-sees-fourfold-spike-in-rasomware-attacks-nato
Ransomware attacks targeting Finnish organizations have increased four-fold since the Nordic country began the process of joining NATO last year, according to a senior official.
In an interview with Recorded Future News on Thursday, Sauli Pahlman, the deputy director general for Finland’s National Cyber Security Centre (NCSC), cautioned that “correlation doesn’t equal causality,” but said he believed the surge in cases was linked to geopolitics.
Tomi Engdahl says:
Cloud Security
Microsoft Catches Russian Government Hackers Phishing with Teams Chat App
https://www.securityweek.com/microsoft-catches-russian-government-hackers-phishing-with-teams-chat-app/
Microsoft says a Russian government-linked hacking group is using its Microsoft Teams chat app to phish for credentials at targeted organizations.
Tomi Engdahl says:
Comrades in Arms? North Korea Compromises Sanctioned Russian Missile Engineering Company https://www.sentinelone.com/labs/comrades-in-arms-north-korea-compromises-sanctioned-russian-missile-engineering-company/
SentinelLabs identified an intrusion into the Russian defense industrial base, specifically a missile engineering organization NPO Mashinostroyeniya.
SentinelLabs findings suggest two instances of North Korea related compromise of sensitive internal IT infrastructure within this same Russian DIB organization, including a specific email server, alongside use of a Windows backdoor dubbed OpenCarrot.
Tomi Engdahl says:
Microsoft: Unpatched Office zero-day exploited in NATO summit attacks https://www.bleepingcomputer.com/news/security/microsoft-unpatched-office-zero-day-exploited-in-nato-summit-attacks/
Microsoft disclosed today an unpatched zero-day security bug in multiple Windows and Office products exploited in the wild to gain remote code execution via malicious Office documents.
Unauthenticated attackers can exploit the vulnerability (tracked as
CVE-2023-36884) in high-complexity attacks without requiring user interaction.
Successful exploitation could lead to a total loss of confidentiality, availability, and integrity, allowing the attackers to access sensitive information, turn off system protection, and deny access to the compromised system.
In a separate blog post, the company says the CVE-2023-36884 bug was exploited in recent attacks targeting organizations attending the NATO Summit in Vilnius, Lithuania.
Tomi Engdahl says:
Storm-0978 attacks reveal financial and espionage motives https://www.microsoft.com/en-us/security/blog/2023/07/11/storm-0978-attacks-reveal-financial-and-espionage-motives/
Microsoft has identified a phishing campaign conducted by the threat actor tracked as Storm-0978 targeting defense and government entities in Europe and North America. The campaign involved the abuse of CVE-2023-36884, which included a remote code execution vulnerability exploited before disclosure to Microsoft via Word documents, using lures related to the Ukrainian World Congress.
Storm-0978 (DEV-0978; also referred to as RomCom, the name of their backdoor, by other vendors) is a cybercriminal group based out of Russia, known to conduct opportunistic ransomware and extortion-only operations, as well as targeted credential-gathering campaigns likely in support of intelligence operations.
Tomi Engdahl says:
Diplomats Beware: Cloaked Ursa Phishing With a Twist https://unit42.paloaltonetworks.com/cloaked-ursa-phishing/
Russia’s Foreign Intelligence Service hackers, which we call Cloaked Ursa (aka APT29, UAC-0029, Midnight Blizzard/Nobelium, Cozy Bear) are well known for targeting diplomatic missions globally. Their initial access attempts over the past two years have predominantly used phishing lures with a theme of diplomatic operations.
These types of lures are generally sent to individuals who handle this type of embassy correspondence as part of their daily jobs. They are meant to entice targets to open the files on behalf of the organization they work for.
Recently, Unit 42 researchers observed instances of Cloaked Ursa using lures focusing on the diplomats themselves more than the countries they represent.
We have identified Cloaked Ursa targeting diplomatic missions within Ukraine by leveraging something that all recently placed diplomats need – a vehicle.
We observed Cloaked Ursa targeting at least 22 of over 80 foreign missions located in Kyiv. While we don’t have details on their infection success rate, this is a truly astonishing number for a clandestine operation conducted by an advanced persistent threat (APT) that the United States and the United Kingdom publicly attribute to Russia’s Foreign Intelligence Service (SVR).
Tomi Engdahl says:
Malicious campaigns target government, military and civilian entities in Ukraine, Poland https://blog.talosintelligence.com/malicious-campaigns-target-entities-in-ukraine-poland/
Talos first discovered a campaign in late April using several malicious files very likely intended for users in Ukraine, based on the content of the lure displayed when the target opens a malicious Microsoft Excel file. Talos eventually uncovered additional campaigns, including the two previously mentioned by Ukraine’s Computer Emergency Response Team (CERT-UA) and FortiGuard Labs researchers. The campaigns we discovered also involve malicious files intended for users in Poland.
The actor is focusing on Ukrainian and Polish government and military targets, based on the content of Excel and PowerPoint lures that include official-looking images and text. The purpose of these socially engineered lures is to convince the targeted users to enable macros, thereby allowing the execution chain to commence.
Tomi Engdahl says:
Russia’s Turla hackers target Ukraine’s defense with spyware https://therecord.media/turla-hackers-targeting-ukraine-defense
The Russian hacking group Turla is attacking Ukrainian defense forces with spying malware, according to new research from the country’s computer emergency response team (CERT-UA).
Turla, a cyberespionage group also known by the names Waterbug and Venomous Bear, is closely affiliated with the FSB Russian intelligence agency. The group has been linked to numerous high-profile cyberattacks, including on the German Bundestag and the Ukrainian Parliament in 2014.
In a report published on Wednesday, CERT-UA said it had observed the group targeting Ukrainian defense forces with Capibar and Kazuar spyware.
Tomi Engdahl says:
BlueBravo Deploys GraphicalProton Backdoor Against European Diplomatic Entities https://thehackernews.com/2023/07/bluebravo-deploys-graphicalproton.html
The Russian nation-state actor known as BlueBravo has been observed targeting diplomatic entities throughout Eastern Europe with the goal of delivering a new backdoor called GraphicalProton, exemplifying the continuous evolution of the threat.
The phishing campaign is characterized by the use of legitimate internet services (LIS) for command-and-control (C2) obfuscation, Recorded Future said in a new report published Thursday. The activity was observed between March and May 2023.
Tomi Engdahl says:
Ukrainian official touts country’s wartime cyber intelligence efforts https://therecord.media/ukraine-cyber-intelligence-war-russia
Intelligence gathered in cyberspace is helping Ukraine understand Russia’s plans and stop the enemy from carrying them out, according to the country’s top cyber and information security official.
Illia Vitiuk, head of cybersecurity at the Security Service of Ukraine (SBU), said Thursday that hackers have been getting into Russian systems to find out the Kremlin’s targets, how the enemy’s troops move, and how Russia avoids Western sanctions.
For example, the SBU recently acquired intelligence about Russia’s attempt to obtain, through other countries, thousands of microchips for Iranian Shahed drones that are used to attack Ukraine. “With the help of our partners, we successfully blocked this shipment,” Vitiuk said at the iForum conference in Kyiv.