09 March 2022

DEFENSIVE DEPLOYMENT IN ADVANCE OF UKRAINE CONFLICT: Secret Cyber Mission Teams to Thwart an Unexpected Cyber Attack by Russia

Intro: So far, experts who have watched the Russian cyber assaults have been confused at their lack of success, as well as the lower tempo, intensity, and sophistication of what Russian-government hackers are known to be capable of.
This surge of US personnel (team members were soldiers with the US Army’s Cyber Command, civilian contractors and some employees of American companies) in October and November of last year was different

The secret US mission to bolster Ukraine’s cyber defenses ahead of Russia’s invasion

Throughout 2021, US soldiers, experts worked to thwart an expected Russian cyber attack.

<div class=__reading__mode__extracted__imagecaption>Enlargegwengoat | Getty Images

"Months before the Russian invasion, a team of Americans fanned out across Ukraine looking for a very specific kind of threat.

Some team members were soldiers with the US Army’s Cyber Command. Others were civilian contractors and some employees of American companies that help defend critical infrastructure from the kind of cyber attacks that Russian agencies had inflicted upon Ukraine for years.

The US had been helping Ukraine bolster its cyber defenses for years, ever since an infamous 2015 attack on its power grid left part of Kyiv without electricity for hours.

But this surge of US personnel in October and November was different: it was in preparation of impending war.
People familiar with the operation described an urgency in the hunt for hidden malware, the kind Russia could have planted, then left dormant in preparation to launch a devastating cyber attack alongside a more conventional ground invasion.

Experts warn that Russia may yet unleash a devastating online attack on Ukrainian infrastructure of the sort that has long been expected by Western officials. But years of work, paired with the past two months of targeted bolstering, may explain why Ukrainian networks have held up so far.

Officials in Ukraine and the US are careful to describe the work of the “cybermission teams” as defensive, compared with the billions of dollars of lethal weapons that have poured into Ukraine to fight and kill Russian soldiers.

Russian attacks have been blunted because “the Ukrainian government has taken appropriate measures to counteract and protect our networks,” said Victor Zhora, a senior Ukrainian government official. . .

> In the Ukrainian Railways, the team of American soldiers and civilians found and cleaned up one particularly pernicious type of malware, which cyber security experts dub “wiperware”—disabling entire computer networks simply by deleting crucial files on command...

> A similar malware went undetected within the border police, and last week, as hundreds of thousands of Ukrainian women and children tried to leave the country, computers at the crossing to Romania were disabled, adding to the chaos, according to people familiar with the matter.

> With a much smaller budget—about $60 million—these teams also had to lay the groundwork with private groups that provide the backbone for most of the infrastructure that Russian hackers, either government-affiliated or not, were expected to attack.

Its Working Out So Well For Them Graham Hadfield GIF - Its Working Out So Well For Them Graham Hadfield Hinduman GIFs

> On the last weekend in February, the Ukrainian national police, alongside other Ukrainian government arms, were facing a massive onslaught of “distributed denial-of-service attacks” (DDoS), which are relatively unsophisticated attacks that take down networks by flooding them with demands for small amounts of data from a large number of computers.

Within hours, the Americans had contacted Fortinet, a California cyber security group that sells a “virtual machine” designed to counter just such an attack.

Funding was approved within hours, and the US Department of Commerce provided clearance within 15 minutes. Within eight hours of the request, a team of engineers had installed Fortinet’s software onto Ukrainian police servers to fend off the onslaught, said a person familiar with the rapid-fire operation.

The fact that these onslaughts are often targeting commercially available software—mostly from Western manufacturers—has forced major US and European companies to dedicate resources to defending Ukrainian networks.

> Microsoft, for instance, has for months run a Threat Intelligence Center that has thrust its resources in between Russian malware and Ukrainian systems. . .On the US government’s advice, Microsoft immediately extended the warning to neighboring Nato countries, said a person familiar with the late-night decision.

“We are a company and not a government or a country,” Smith wrote, but added that Microsoft and other software makers needed to remain vigilant against what happened in 2017, when a malware attributed to Russia spread beyond the borders of the Ukrainian cyber arena to the wider world, disabling computers at Merck, Maersk, and elsewhere and causing $10 billion of damage.

Friends Chandler GIF - Friends Chandler Joey GIFs

[. ] Ukrainian defenses have proved resilient, said one European official who was briefed this week by the Americans at a NATO meeting, and Russian offenses have proved mediocre. He said the reason was that, so far, Russia has held back its elite corps in the cyber arena, much as it has on the battlefield, perhaps by underestimating the Ukrainians. . ."

Reference : https://arstechnica.com/information-technology/2022/03/the-secret-us-mission-to-bolster-ukraines-cyber-defences-ahead-of-russias-invasion/ 

_____________________________________________________________________________

RELATED CONTENT TODAY | Bleeping Computer

Russia

Russian government sites hacked in supply chain attack

Russia says some of its federal agencies' websites were compromised on Tuesday after unknown attackers hacked the stats widget used to track the number of visitors by multiple government agencies.

Russia cryptocurrency

US Treasury: Russia may bypass sanctions using ransomware payments

The Treasury Department's Financial Crimes Enforcement Network (FinCEN) warned U.S. financial institutions this week to keep an eye out for attempts to evade sanctions and US-imposed restrictions following Russia's invasion of Ukraine.

Hacker threat actor

Hackers fork open-source reverse tunneling tool for persistence

Security experts have spotted an interesting case of a suspected ransomware attack that employed custom-made tools typically used by APT (advanced persistent threat) groups.

No comments:

Le Monde Editorial: The End of An American World

The path on which Trump, strengthened for his second term by his party's success in the Senate, will take his country diverges fundament...