AcidRain | A Modem Wiper Rains Down on Europe
As the most impactful cyber attack of the Ukrainian invasion gets downplayed, SentinelLabs uncovers a more plausible explanation.
U.S. Says It Secretly Removed Malware Worldwide, Pre-empting Russian Cyberattacks - The New York Times
The operation is the latest effort by the Biden administration to thwart actions by Russia by making them public before Moscow can strike.
Putin's hackers gained full access to Hungary's foreign ministry networks, the Orbán government has been unable to stop them
On December 30, 2021, in Moscow, Russian Foreign Minister Sergey Lavrov pinned the Order of Friendship on the suit of his Hungarian counterpart Péter Szijjártó. Although the medal was presented by Lavrov, it was Russian President Vladimir Putin himself who decided to award it. Not coincidentally, the medal, which is in the form of a wreath of olive branches encircling a globe, includes the inscription “Peace and Friendship” in Cyrillic on the back, is the highest Russian state decoration that can be awarded to a foreigner.
When Nokia Pulled Out of Russia, a Vast Surveillance System Remained
The Finnish company played a key role in enabling Russia’s cyberspying, documents show, raising questions of corporate responsibility.
Ukraine warns of InvisiMole attacks tied to state-sponsored Russian hackers
InvisiMole has been collaborating with the Gamaredon APT for years.
Sabotage: Code added to popular NPM package wiped files in Russia and Belarus | Ars Technica
When code with millions of downloads nukes user files, bad things can happen.
%2Fcloudfront-us-east-2.images.arcpublishing.com%2Freuters%2FTD3S5SVJJJMLDNBMZSGOM2MIEQ.jpg?width=92&height=&ar=&mode=&format=avif&dpr=2)
Exclusive: U.S. spy agency probes sabotage of satellite internet during Russian invasion, sources say | Reuters
Western intelligence agencies are investigating a cyberattack by unidentified hackers that disrupted broadband satellite internet access in Ukraine coinciding with Russia's invasion, according to three people with direct knowledge of the incident.
Belarus conducted widespread phishing campaigns against Ukraine, Poland, Google says
Belarus conducted widespread phishing attacks against members of the Polish military as well as Ukrainian officials, security researchers said Monday, providing more evidence that its role in Russia’s invasion of Ukraine has gone beyond serving as a staging area for Russian troops
Asylum Ambuscade: State Actor Uses Compromised Private Ukrainian Military Emails to Target European Governments and Refugee Movement
- Proofpoint has identified a likely nation-state sponsored phishing campaign using a possibly compromised Ukrainian armed service member’s email account to target European government personnel involved in managing the logistics of refugees fleeing Ukraine. * The email included a malicious macro attachment which attempted to download a Lua-based malware dubbed SunSeed. * The infection chain used in this campaign bears significant similarities to a historic campaign Proofpoint observed in July 2021, making it likely the same threat actor is behind both clusters of activity. * Proofpoint is releasing this report in an effort to balance accuracy with responsibility to disclose actionable intelligence during a time of high-tempo conflict.
2022 Russia-Ukraine war — Cyber group tracker
A tracker to collate cyber groups engaged in cyber activities during the Russia-Ukraine war 2022.
Twitter and Facebook restricted in Russia amid conflict with Ukraine
NetBlocks metrics confirm the restriction of Twitter in Russia from the morning of Saturday 26 February 2022. Facebook servers have subsequently been restricted as of Sunday. The restrictions are in ...
Facebook, Twitter remove disinformation accounts targeting Ukrainians
The larger of the two disinformation groups operated in Russia, as well as the Russian-dominated Donbas and Crimea regions of Ukraine.
Anonymous: the hacker collective that has declared cyberwar on Russia | Ukraine
The group has claimed credit for hacking the Russian Ministry of Defence database, and is believed to have hacked multiple state TV channels to show pro-Ukraine content
Anonymous hacktivists, ransomware groups get involved in Ukraine-Russia conflict
Experts expressed concerns about the influx of non-government cyber groups taking sides in the Russian invasion of Ukraine.
Conti ransomware group announces support of Russia, threatens retaliatory attacks
An infamous ransomware group with potential ties to Russian intelligence and known for attacking health care providers and hundreds of other targets posted a warning Friday saying it was “officially announcing a full support of Russian government.”
Ukraine: Disk-wiping Attacks Precede Russian Invasion
Destructive malware deployed against targets in Ukraine and other countries in the region in the hours prior to invasion.
%2Fcloudfront-us-east-2.images.arcpublishing.com%2Freuters%2FXY5Z7L7O35NTBDZDJ45R3NUWB4.jpg?width=92&height=&ar=&mode=&format=avif&dpr=2)
EXCLUSIVE Ukraine calls on hacker underground to defend against Russia
The government of Ukraine is asking for volunteers from the country's hacker underground to help protect critical infrastructure and conduct cyber spying missions against Russian troops, according two people involved in the project.
HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine
A new malware is attacking Ukrainian organizations and erasing Windows devices. In this early analysis, we provide technical details, IOCS and hunting rules.
New data-wiping malware used in destructive attacks on Ukraine
Cybersecurity firms have found a new data wiper used in destructive attacks today against Ukrainian networks just as Russia moves troops into regions of Ukraine.
Second data wiper attack hits Ukraine computer networks
Two cybersecurity firms with a strong business presence in Ukraine—ESET and Broadcom’s Symantec—have reported tonight that computer networks in the country have been hit with a new data-wiping attack. The attack is taking place as Russian military troops have crossed the border and invaded Ukraine’s territory in what Russian President Putin has described as a “peacekeeping” mission.
The US is unmasking Russian hackers faster than ever
The White House rapidly gathered evidence and blamed Russia for a cyberattack against Ukraine, the latest sign that cyber attribution is an increasingly crucial tool in the American arsenal.
Kazakhstan's Internet Shutdowns Could Be a Warning for Ukraine
Control of the internet is increasingly part of any modern conflict.
%2Fcdn.vox-cdn.com%2Fuploads%2Fchorus_asset%2Ffile%2F8726989%2Facastro_170621_1777_0003_fin.jpg?width=92&height=&ar=&mode=&format=avif&dpr=2)
Russian hackers have obtained sensitive defense information technology by targeting US contractors, according to CISA
The FBI, NSA, and CISA warned that Russian state-sponsored intrusions will continue.
Leaked Pentagon Document Claims Russian Hacktivists Breached Canadian Gas Pipeline Company
The document, part of a cache of leaks recently circulated on the internet, suggests the hackers had the ability to cause an explosion and sought instruction from the FSB.
From Discord to 4chan: The Improbable Journey of a US Intelligence Leak - bellingcat
In recent days, the US Justice Department and Pentagon have begun investigating an apparent online leak of sensitive documents, including some that were marked “Top Secret”. A portion of the documents, which have since been widely covered by the news media, focused on Russia’s invasion of Ukraine, while others detailed analysis of potential UK policies on the South China Sea and the activities of a Houthi figure in Yemen. The existence of the documents was first reported by the New York Times after a number of Russian Telegram channels shared five photographed files relating to the invasion of Ukraine on April 5 – at least one of which has since been found by Bellingcat to be crudely edited.
Winter Vivern | Uncovering a Wave of Global Espionage
SentinelLabs uncover a previously unknown set of espionage campaigns conducted by Winter Vivern advanced persistent threat (APT) group.
Meet the FSB contractor: 0Day Technologies
An investigation into the FSB’s digital surveillance and disinformation contractor
SEKOIA.IO analysis of the #VulkanFiles leak
* Exfiltrated Russian-written documents provide insights into cyber offensive tool projects contracted by Vulkan private firm for the Russian Ministry of Defense. * Scan-AS is a database used to map adversary networks in parallel or prior to cyber operations. Scan-AS is a subsystem of a wider management system used to conduct, manage and capitalize results of cyber operations. * Amezit is an information system aimed at managing the information flow on a limited geographical area. It allows communications interception, analysis and modification, and can create wide information campaigns through social media, email, altered websites or phone networks.
Exploitation is a Dish Best Served Cold: Winter Vivern Uses Known Zimbra Vulnerability to Target Webmail Portals of NATO-Aligned Governments in Europe
* Proofpoint has observed recent espionage-related activity by TA473, including yet to be reported instances of TA473 targeting US elected officials and staffers. TA473 is a newly minted Proofpoint threat actor that aligns with public reporting on Winter Vivern. * TA473 since at least February 2023 has continuously leveraged an unpatched Zimbra vulnerability in publicly facing webmail portals that allows them to gain access to the email mailboxes of government entities in Europe. * TA473 recons and reverse engineers bespoke JavaScript payloads designed for each government targets’ webmail portal. * Proofpoint concurs with Sentinel One analysis that TA473 targeting superficially aligns with the support of Russian and/or Belarussian geopolitical goals as they pertain to the Russia-Ukraine War.
‘Vulkan files’ leak reveals Putin’s global and domestic cyberwarfare tactics
Vulkan engineers have worked for Russian military and intelligence agencies to support hacking operations, prepare for attacks on infrastructure and spread disinformation