28 April 2022

THE CYBERWARFARE RANGE - Everywhere and All The Time

Intro: It's always something, and sometimes we don't know

Microsoft says Russia hit Ukraine with hundreds of cyber attacks
Ukrainian flag

April 27, 2022 02:09 PM

"Microsoft has revealed the true scale of Russian-backed cyberattacks against Ukraine since the invasion, with hundreds of attempts from multiple Russian hacking groups targeting the country's infrastructure and Ukrainian citizens.

These attacks also include the use of destructive malware designed to take down critical systems and disrupt civilians' access to critical life services and reliable information.

"Starting just before the invasion, we have seen at least six separate Russia-aligned nation-state actors launch more than 237 operations against Ukraine – including destructive attacks that are ongoing and threaten civilian welfare," said Tom Burt, Microsoft's corporate vice president for customer security and trust.

"The destructive attacks have also been accompanied by broad espionage and intelligence activities. [..] We have also observed limited espionage attack activity involving other NATO member states, and some disinformation activity . .

 

Russia Is Being Hacked at an Unprecedented Scale

From “IT Army” DDoS attacks to custom malware, the country has become a target like never before.

<div class=__reading__mode__extracted__imagecaption>Photograph: George Diebold/Getty Images

The orders are issued like clockwork. Every day, often at around 5 am local time, the Telegram channel housing Ukraine’s unprecedented “IT Army” of hackers buzzes with a new list of targets. The volunteer group has been knocking Russian websites offline using wave after wave of distributed denial-of-service (DDoS) attacks, which flood websites with traffic requests and make them inaccessible, since the war started.

Russian online payment services, government departments, aviation companies, and food delivery firms have all been targeted by the IT Army as it aims to disrupt everyday life in Russia. “Russians have noticed regular hitches in the work of TV streaming services today,” the government-backed operators of the Telegram channel posted following one claimed operation in mid-April.

The IT Army’s actions were just the start. Since Russia invaded Ukraine at the end of February, the country has faced an unprecedented barrage of hacking activity. Hacktivists, Ukrainian forces, and outsiders from all around the world who are taking part in the IT Army have targeted Russia and its business. DDoS attacks make up the bulk of the action, but researchers have spotted ransomware that’s designed to target Russia and have been hunting for bugs in Russian systems, which could lead to more sophisticated attacks.

The attacks against Russia stand in sharp contrast to recent history. Many cybercriminals and ransomware groups have links to Russia and don’t target the nation. Now, it’s being opened up. “Russia is typically considered one of those countries where cyberattacks come from and not go to,” says Stefano De Blasi, a cyber-threat intelligence analyst at security firm Digital Shadows.

At the start of the war, DDoS was unrelenting. Record levels of DDoS attacks were recorded during the first three months of 2022, according to analysis from Russian cybersecurity company Kaspersky. Both Russia and Ukraine used DDoS to try to disrupt each other, but the efforts against Russia have been more innovative and prolonged . . .

While Kaspersky’s analysis says the number of DDoS around the world has returned to normal levels as the war has progressed, the attacks are lasting for longer—hours rather than minutes. The longest lasted for more than 177 hours, over a week, its researchers found. “Attacks continue regardless of their effectiveness,” Kaspersky’s analysis says. (On March 25, the US government added Kaspersky to its list of national security threats; the company said it was “disappointed” with the decision. Germany’s cybersecurity agency also warned against using Kaspersky’s software on March 15, although it didn't go as far as banning it. The company said it believed the decision was not made on a technical basis.)

[  ] While cyberwarfare throughout the conflict may not have been as obvious or have the impact some predicted, many incidents may happen without publicity or outsider knowledge. “I think the most sophisticated operations going on right now are espionage—to find out what the opponent is trying to do, wants to do, and will do next,” De Blasi says. “We may have to wait years before we discover anything about that.”

 . . .

While cyberattacks against Russia have increased, there are hints that this may push the country further down the path of internet isolation. For the past few years, Russian officials have talked of creating its own sovereign internet and breaking away from the global system. When the DDoS attacks started, Russia appeared to geofence government websites, and at the start of March, according to national media reports, the country’s Ministry of Digital Development told websites to improve their cybersecurity measures and keep control of their own domain names.

“I believe that full disconnect from the internet would still be an extreme approach, even now,” says Lukasz Olejnik, an independent cybersecurity researcher and consultant. “Furthermore, the government is apparently still in a kind of self-denial, acting as if nothing significant was happening due to the cyberattacks, or even due to the Western sanctions, too.” Despite this denial, Olejnik says, the country is still “doubling down” and pushing toward its long-term goal of a sovereign internet."

Reference: https://www.wired.com/story/russia-hacked-attacks/ 

RELATED Source: https://www.bleepingcomputer.com/

DDoS Denial of Service

Ukraine targeted by DDoS attacks from compromised WordPress sites

Ukraine's computer emergency response team (CERT-UA) has published an announcement warning of ongoing DDoS (distributed denial of service) attacks targeting pro-Ukraine sites and the government web portal.

 

New Bumblebee malware replaces Conti's BazarLoader in ccyber attack

Bee

A newly discovered malware loader called Bumblebee is likely the latest development of the Conti syndicate, designed to replace the BazarLoader backdoor used to deliver ransomware payloads.

Ukraine Flag

Microsoft says Russia hit Ukraine with hundreds of cyberattacks

Microsoft has revealed the true scale of Russian-backed cyberattacks against Ukraine since the invasion, with hundreds of attempts from multiple Russian hacking groups targeting the country's infrastructure and Ukrainian citizens.

  • Malware Phishing

    Russian govt impersonators target telcos in phishing attacks

    A previously unknown and financially motivated hacking group is impersonating a Russian agency in a phishing campaign targeting entities in Eastern European countries.

  • panda

    Chinese state-backed hackers now target Russian state officers

    Security researchers analyzing a phishing campaign targeting Russian officials found evidence that points to the China-based threat actor tracked as Mustang Panda (also known as HoneyMyte and Bronze President).

    No comments:

    QOD: You can dig it