Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

Russia, Ukraine Conflict Escalation Mirrored in Malware Activity

Political conflicts in the physical world have played out in the digital world more than once in the past. According to new research from FireEye, it may be happening yet again for people in Russia and the Ukraine.

Political conflicts in the physical world have played out in the digital world more than once in the past. According to new research from FireEye, it may be happening yet again for people in Russia and the Ukraine.

In an analysis of malware “callbacks” – communications made from compromised computers to an attacker’s first-stage command-and-control server – researchers at FireEye found that callback activity involving Russia and the Ukraine increased as the military conflict escalated. In a list of the top 20 countries to receive first-stage malware callbacks during the last 16 months, Russia and Ukraine ranked fifth and ninth respectively. In 2013 however, Russia was on average number seven on the list while Ukraine was 12.

The biggest single monthly jump occurred March 2014, when Russia moved from seven on the list to number three. It was during that month that Russia President Vladimir Putin signed a bill annexing Crimea into the Russian Federation and Russian military forces began to gather on the Ukrainian border.

As the conflict escalated, there were also attacks on NATO Websites by hacktivists protesting NATO involvement. There were also reports of other politically-motivated attacks as well

Kenneth Geers, senior global threat analyst at FireEye, noted in a blog post that the rise in callbacks to Russia and Ukraine was drastically different than what many other countries were experiencing between February and March. In fact, he noted, nearly half of the world’s countries experienced a decrease in callbacks during that time period.

“It is not my intention here to suggest that Russia and/or Ukraine are the sole threat actors within this data set,” he blogged. “I also do not want to speculate too much on the precise motives of the attackers behind all of these callbacks. Within such a large volume of malware activity, there are likely to be lone hackers, “patriotic hackers,” cyber criminals, Russian and Ukrainian government operations, and cyber operations initiated by other nations.”

“What I want to convey in this blog is that generic, high-level traffic analysis – for which it is not always necessary to know the exact content or the original source of individual communications – might be used to draw a link between large-scale malware activity and important geopolitical events,” he explained. “In other words, the rise in callbacks to Russia and Ukraine (or to any other country or region of the world) during high levels of geopolitical tension suggests strongly that computer network operations are being used as one way to gain competitive advantage in the conflict.”

Written By

Click to comment

Expert Insights

Related Content

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Cyberwarfare

Iranian APT Moses Staff is leaking data stolen from Saudi Arabia government ministries under the recently created Abraham's Ax persona

Cybercrime

Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.

Cyberwarfare

The UK’s NCSC has issued a security advisory to warn about spearphishing campaigns conducted by two unrelated Russian and Iranian hacker groups.

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cybercrime

Albanian prosecutors on Wednesday asked for the house arrest of five public employees they blame for not protecting the country from a cyberattack by...

Cyberwarfare

Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.

Cyberwarfare

Cybersecurity firm Group-IB is raising the alarm on a newly identified advanced persistent threat (APT) actor targeting government and military organizations in Asia and...