Tag Archive for: Invasion

Hstoday Ukrainian Telecoms Hack Highlights Cyber Dangers of Russia’s Invasion

/in


A recent cyber attack on Ukraine’s largest telecommunications provider, Kyivstar, caused temporary chaos among subscribers and thrust the cyber front of Russia’s ongoing invasion back into the spotlight. Kyivstar CEO Oleksandr Komarov described the December 12 hack as “the biggest cyber attack on telco infrastructure in the world,” underlining the scale of the incident.

This was not the first cyber attack targeting Kyivstar since Russia launched its full-scale invasion in February 2022. The telecommunications company claims to have repelled around 500 attacks over the past twenty-one months. However, this latest incident was by far the most significant.

Kyivstar currently serves roughly 24 million Ukrainian mobile subscribers and another million home internet customers. This huge client base was temporarily cut off by the attack, which also had a knock-on impact on a range of businesses including banks. For example, around 30% of PrivatBank’s cashless terminals ceased functioning during the attack. Ukraine’s air raid warning system was similarly disrupted, with alarms failing in several cities.

Read the rest of the story at Atlantic Council, here.

Source…

Why Haven’t Ransomware Groups Assisted Russia’s Invasion?

/in


Cyberwarfare / Nation-State Attacks
,
Fraud Management & Cybercrime
,
Ransomware

Ransomware Task Force Members Square Pre-Invasion Assumptions With Reality

Mathew J. Schwartz (euroinfosec) •
May 5, 2023    

Why Haven't Ransomware Groups Assisted Russia's Invasion?
Artillery operated by the Ukrainian National Guard (Image: National Guard of Ukraine)

When Russia launched its all-out war against Ukraine in February 2022, many cybersecurity watchers feared ransomware groups would serve as a proxy force. But Moscow doesn’t appear to have deputized cybercrime-driven crypto-locking malware brigades.

See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources


So said participants in a panel held Friday by the Institute for Security and Technology on the ransomware implications of the Russian invasion of its European neighbor.


Rather than enlisting criminal ransomware groups into Russia’s cyber military operations against Ukraine, the invasion fractured major ransomware groups.


In particular, “political fissures” began to be seen in ransomware groups such as Conti, “as the world understood what Ukraine was about to suffer and started suffering and what Russia was doing in that,” said panelist Laura Galante, who has served as the U.S. intelligence community’s cyber executive and director of the Cyber Threat Intelligence Integration Center since May 2022. Ransomware hackers picked sides, she said.


The panelists were gathering to celebrate the two-year anniversary of the ITF’s Ransomware Task Force recommendations for combating ransomware syndicates, including coordinating international cooperation, having the White House lead by example by launching a “whole of…

Source…

Botnets, Trojans, DDoS From Ukraine and Russia Have Increased Since Invasion

/in


Activity from IP addresses in Ukraine and Russia has shown a substantial spike in malware, helping botnets spread since February 2022.

The data comes from security researchers at Top10VPN, who shared a report about the findings with Infosecurity ahead of publication.

In particular, Trojan malware with more significant increases in activity from Ukraine and Russia IP addresses since February 2022 included Citadel Trojan, CoreBOT Trojan, Wauchos Trojan and Nivdort Trojan.

“Some of the biggest sustained increases in malware activity since the war began were in Ukraine [and] have related to trojans, several of which can be used to create botnets,” wrote Simon Migliano, head of research at Top10VPN.

“This suggests that bad actors may have been targeting Ukraine, where cybersecurity has naturally been a lower priority for much of the population, in order to expand their botnets.”

Further, the report suggested an increase in the Avalanche malware families using Russian and Ukraine IP addresses despite the shutdown of the crime syndicate in 2016. In this regard, Top10VPN observed individual daily surges of as much as 1500% compared to before February.

“Despite the dismantling of major botnets Avalanche and Andromeda/Gamarue several years ago, some of the key malware families that were hosted on the now-defunct networks have been particularly resurgent in Ukraine and Russia in recent months,” Migliano added.

“While this is not to suggest that these networks have somehow been resurrected, it’s concerning to observe increases in the threat posed by this malware localized to countries directly involved in a major conflict.”

The report also noted that distributed denial-of-service (DDoS) attacks originating from Ukraine increased 363% in March compared to the average before February.

“These distributed denial-of-service (DDoS) attacks became relentless once Russia’s military invaded Ukraine on February 24, as the Kremlin sought to weaken its enemy by knocking offline critical networked infrastructure,” Migliano explained.

Further, while the most significant increases in malware activity have come from Ukraine IP addresses, Top10VPN noted that there have…

Source…

Russian hackers attacked Ukraine more than 1,000 times since start of invasion

/in


Since the start of the full-scale invasion, 1,123 cyberattacks have been launched against Ukraine.

The press service of the State Special Communications Service of Ukraine said in a Telegram post, Ukrinform reports.

“During the six months of the war, the national Computer Emergency Response Team of Ukraine CERT-UA, which operates under the State Special Communications Service, recorded 1,123 cyberattacks,” the report says.

It is noted that cybercriminals most often attacked the central government and local government bodies.

Among the main targets are also commercial and financial institutions, agencies of the security and defense sector, enterprises of the energy sector, transport industry and telecom – all essential public infrastructure.

As Ukrinform reported, since the beginning of the full-scale invasion, Ukrainian cyber police have repelled 83 enemy cyberattacks and prevented another 300.

iy

Source...