Cyber Attacks On Ukraine Step Up The Pressure

Uploaded on 2022-05-24 in INTELLIGENCE-Hot Spots-Russia, GOVERNMENT-National, FREE TO VIEW

As the war in Ukraine continues, the state sponsored hacker groups aligned with Russia and Belarus are continuing their cyber offensive against Ukraine with malicious cyber attacks and campaigns spreading disinformation, a new Report from Mandiant says. 

According to Mandiant, many of disinformation narratives they observed were aimed at demoralising Ukrainians and provoking internal unrest - dividing Ukraine from its allies and bolstering perceptions of Russia.

Some of the lies have targeted Russian domestic audiences, emphasising the  Russian government's desire to sell the war to its own citizens

So far, Russian, pro-Russian, and Belarusian cyber attackers have employed the most comprehensive array of methods to achieve "tactical and strategic objectives, directly linked to the conflict itself," according to Mandiant. “The recent phase of Russian aggression toward Ukraine, manifested by Russia’s full-scale invasion, has flooded the information environment with disinformation promoted by a full spectrum of actors.” 

The impact may be felt more broadly as hackers working for other countries, including China and Iran, are attempting to get involved 

"While these operations have presented an outsized threat to Ukraine, they have also threatened the US and other Western countries," Mandiant's researchers say. "As a result, we anticipate that such operations, including those involving cyber threat activity and potentially other disruptive and destructive attacks, will continue as the conflict progresses."

Even before Russia's invasion of Ukraine started, in January, the country and its government's websites were already under attack by Russian hackers.

Russia invaded on February 24th and a day before the Ukraine's State Service of Special Communications and Information Protection said the websites of the Ministry of Foreign Affairs, Ministry of Defense, Security Service, and various banks, went down because of a distributed denial-of-service (DDoS) attack.  "Concerted information operations have proliferated, ranging from cyber-enabled information operations, including those that coincided with disruptive and destructive cyber threat activity, to campaigns leveraging coordinated and inauthentic networks of accounts to promote fabricated content and desired narratives across various social media platforms, websites, and forums," the Mandiant researchers say. 

Mandiant  say that most current activity is "disruptive and destructive" and includes the deployment of wiper malware. 

Malware is not the only activity of concern. In March, hackers known as Secondary Infektion  spread a fake message claiming that Ukraine had surrendered through the Ukraine 24 website going so far as to generate a fake artificial intelligence (AI) model of Ukrainian President Zelenskyy delivering the message. While this group continues to promote fake stories, Ghostwriter malware has also been used. In February, the Computer Emergency Response Team for Ukraine (CERT-UA) warned that the group, also tracked as UNC1151, thought to be linked with the Belarus government, was responsible for an array of misinformation campaigns, phishing attempts, and assaults against Ukrainian targets. 

A new campaign discovered by Mandiant is tied to Ghostwriter and is spreading false narratives about refugees, while other groups are promoting a misinformation campaign aimed at an "aggressive defense of Russian strategic interests," according to the researchers. These activities appear to overlap with Ghostwriter, suggesting there may be a collaboration between the teams.

These fake narratives are being spread to try and damage relations between Ukraine and Poland which  portray Ukrainian refugees as a burden. The Russian threat group known as APT28, or Fancy Bear, continues to post content on Telegram channels related to the conflict, focusing on "weakening Ukrainians' confidence in their government and its response to the invasion."

Mandiant:     The Cyberwire:     Cybersecurity-Help:     Infosec Today:     ZDNet:  

You Might Also Read: 

The Ukraine War - By Satellite, Internet & Phone:

 

« Vishing Attacks Reach All Time High
Satellite Systems Security Needs To Be Reinforced Against Cyber Attack »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

TBG Security

TBG Security

TBG provides a portfolio of services including cyber security, compliance and continuity solutions.

HDI

HDI

HDI is the worldwide professional association and certification body for the technical service and support industry.

CSIS Security Group

CSIS Security Group

CSIS provide actionable threat intelligence, prevention, incident response and 24/7 managed security services.

4N6

4N6

4N6 is a privately-owned firm founded with the goal of providing expert knowledge of computer forensics.

EdgeWave

EdgeWave

EdgeWave provides simple but highly effective data security and advanced threat protection in solutions that are affordable, scalable and easy to use.

Magal Security Systems (Magal S3)

Magal Security Systems (Magal S3)

Magal Security Systems is a leading international provider of integrated solutions and products for physical and cyber security, safety and site management.

Magix Security

Magix Security

Magix Security assesses the cyber threat, gives you visibility of how vulnerable your business is to attack, and provides cybercrime detection and prevention services.

Ensurity Technologies

Ensurity Technologies

Ensurity is a deep-tech cybersecurity engineering company; designs and manufactures specialized secure hardware, software, and mobile application solutions.

Shift5

Shift5

Shift5 focus on securing operational technology (OT) by building best-in-class, dual-use products serving military and commercial entities.

HSB

HSB

HSB offers insurance for equipment breakdown, cyber risk, data breach, identity recovery & employment practices liability.

BitNinja

BitNinja

BitNinja provides full-stack server security in one easy-to-use protection suite. Enjoy real-time protection, automatic false positive handling and threat analysis for more in-depth insights.

Atlant Security

Atlant Security

Atlant Security is a cyber and IT security company offering consulting and implementation services.

NACVIEW

NACVIEW

NACVIEW is a Network Access Control solution. It allows to control endpoints and identities that try to access the network - wired and wireless, including VPN connections.

Keytos

Keytos

Keytos has revolutionized the Identity Management and PKI industry by creating cryptographic tools that allow you to go password-less by making security transparent to the user.

CyberForce Global

CyberForce Global

CyberForce Global are at the forefront of start-up technology recruitment in areas including cybersecurity, IT infrastructure, software, fintech, blockchain and more.

Rankiteo

Rankiteo

At Rankiteo, we are pioneers in cybersecurity risk management. Our mission is to empower organizations with the tools they need to assess, enhance, and safeguard their digital landscapes.