Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Russia vs Ukraine – The War in Cyberspace

Russia vs Ukraine cyberwar

Russia vs Ukraine cyberwar

Russian troops have launched a major assault on Ukraine and while their forces battle in the physical world for control over various cities and regions, a battle is also taking place in cyberspace.

Just before Russia launched an invasion of Ukraine on February 24, Ukrainian government websites were disrupted by distributed denial-of-service (DDoS) attacks, and cybersecurity firms reported seeing a new piece of destructive malware on hundreds of devices in the country.

The malware used in this attack has been named HermeticWiper and it has been described by experts as a wiper malware disguised as ransomware. This attack wave came just weeks after Ukrainian government websites were disrupted as part of a campaign that involved WhisperGate, a completely different wiper malware that was also disguised as ransomware.

Due to the timing of the attacks, the main suspects are Russian state-sponsored threat actors. Russian hackers have often been accused of targeting Ukraine over the past decade, including in attacks that caused significant disruption to critical infrastructure.

However, the BBC reported that at least some of the latest DDoS attacks against Ukrainian government websites were launched by “patriotic” Russian hackers, including some who work at a “respectable Russian cyber-security company.” One of the individuals claiming to work at the unnamed firm admitted that they would be terminated if their employer found out about their after-hours activities.

These patriotic hackers also claim to have obtained access to Ukrainian government email accounts — which they plan on using for phishing attacks — and they claim to have stolen data.

The Conti ransomware gang, which has thrived in recent months amid crackdowns on other ransomware groups, has pledged its support for the Russian government, warning that it will use its “full capacity to deliver retaliatory measures in case the Western warmongers attempt to target critical infrastructure in Russia or any Russian-speaking region of the world.” The cybercrime group has threatened to “strike back at the critical infrastructures of any enemy.”

Russia-linked ransomware groups demonstrated in the past that they are capable of causing significant disruption to critical infrastructure organizations.

Advertisement. Scroll to continue reading.

The Ukrainian government has issued a warning to the population regarding an email attack campaign whose goal appears to be the delivery of malware.

The country’s Computer Emergency Response Team (CERT) has also reported seeing email attacks that have been linked to UNC1151, a threat actor previously tied to Belarus and possibly Russia, and which specializes in disinformation campaigns.

Several cybersecurity companies and industry professionals have offered free tools and services to organizations and individuals in Ukraine after Russia launched its invasion. Curated Intelligence has compiled a list of threat reports, access brokers, data brokers, and other resources that could be useful to Ukraine.

Ukraine’s activities in cyberspace have not been purely defensive. Mykhailo Fedorov, the country’s minister of digital transformation, over the weekend announced the creation of an “IT Army” and urged cyber specialists to join the new unit. A Telegram channel created for the IT Army urged members — instructions have been provided in both English and Ukrainian — to target major Russian businesses and government websites, with DDoS and other types of attacks.

[ READ: Russia, Ukraine and the Danger of a Global Cyberwar ]

The IT Army was created shortly after the Ukrainian government called for cyber volunteers to help defend the country’s critical infrastructure.

Several major Russian government and media websites have been intermittently offline since the conflict started, with many attributing the outages to DDoS attacks.

Some of these attacks were conducted by members of the Anonymous hacktivist movement, which has declared cyberwar against Russia. Hackers operating under the Anonymous banner have defaced Russian websites and leaked data allegedly stolen from high-profile organizations, including the Russian Ministry of Defense. However, these data leak claims have not been verified and hacktivists have been known to publish data that later turned out to be fake or obtained in older breaches.

Anonymous hackers have also claimed responsibility for disrupting the websites of pro-Kremlin Russian media, and posted messages appealing to Russians to try to stop the war and not participate as fighters. 

There have also been reports of Russian TV channels getting hacked to play Ukrainian songs.

Russia’s National Coordination Center for Computer Incidents warned last week that cyberattacks on Russian critical information infrastructure and other information resources could increase. The agency also said there could be misinformation operations whose goal was to damage Russia’s image.

The Russian government has also issued an alert to the media regarding the circulation of false information, and the country’s Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor) has lashed out at Facebook and YouTube after they suspended the accounts of several Russian media organizations.

NATO Secretary General Jens Stoltenberg warned that cyberattacks could trigger NATO’s Article 5, which considers an attack on any NATO ally an attack on all.

NBC reported last week that U.S. President Joe Biden had been presented with options for “massive cyberattacks” against Russia, but the White House called NBC’s report “off base” and claimed it did “not reflect what is actually being discussed in any shape or form.”

Users around the world have also been warned about scams exploiting the war in Ukraine. ESET has spotted several cyber fraud operations whose goal is to steal money and information from people using fake charity campaigns as a lure.

Related: Cybercriminals Seek to Profit From Russia-Ukraine Conflict

Related: New ‘Cyclops Blink’ Malware Linked to Russian State Hackers Targets Firewalls

Related: Ransomware Used as Decoy in Destructive Cyberattacks on Ukraine

*updated with information on more attacks by Anonymous on Russian media

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cyberwarfare

Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.