Tag Archive for: russian

Ukraine dismantles disinformation botnet; UK warns of Russian invasion risk.

/in


The Minsk Accords, under negotiation since shortly after Russia’s 2014 seizure of Crimea, continue to serve as the centerpiece of Russian diplomacy with respect to its claims against Ukraine. The AP has a useful review of their history and implications. In general, the Accords give support to Russian ambitions for nominally separatist Ukrainian provinces to be treated as autonomous regions, their ultimate fate to be determined by plebiscite. Negotiations between Russia, Ukraine, and NATO have continued, slowly, and the Telegraph sees the slow-rolling as entirely to Russia’s advantage, with its opponents likely to concede incremental gains over the course of protracted diplomatic engagement. And amid concerns about a Russian threat to its electrical supply system, Ukraine has continued to prepare its separation from the Russian power grid. Such separation would be a contingency to be exercised upon invasion.

Ukraine’s SBU takes down Lviv bot-farms.

The SBU announced its liquidation of two bot farms in the Ukrainian city of Lviv, which the SBU says were operating under Russian direction. Three arrests were made. Two of the suspects are accused of lending their apartments to bot-farming; the third maintained the equipment and software. The two farms controlled some 18,000 bots, and were largely engaged in disruptive influence operations, spreading rumors of bombings and the placement of “mines” in critical infrastructure. The Record describes the bot-farm’s goal as “spreading panic.” The bomb threats may be connected to a wave of such threats Euromaidan reported near the end of January. The SBU at that time characterized the campaign as a preparatory operation in a Russian hybrid war.

Moscú habla español.

Foreign Policy cites a study by Omelas that found Russian-run Spanish language outlets outperforming their American counterparts in pushing a narrative on the crisis in Ukraine. The Russian media outpace US services by three-to-one as measured by audience engagement in the Spanish-speaking Western Hemisphere.

The UK issues a warning.

British Prime Minister Boris Johnson has been unusually direct at mid-week about the risks and consequences of any further Russian invasion of Ukraine….

Source…

Kaspersky finds evidence of continued Russian hacking campaigns in Ukraine

/in


APT group Armageddon was identified as acting against Ukraine late last year, and Symantec’s own data backs up that presented by The Security Service of Ukraine.

apt.jpg
Image: Profit_Image/Shutterstock

Security researchers at Symantec have presented what they said is further evidence that the Russian advanced persistent threat hacking team known as Shuckworm has been actively waging a cyber espionage campaign against organizations in Ukraine.

According to a report from The Security Service of Ukraine released in November 2021, Shuckworm, also known by Armageddon, Gamaredon, Primitive Bear and other monikers, is relatively new to the APT world. The SSU believes Shuckworm was founded in 2013 or 2014 and initially operated with a very low profile. Despite its relative newness to the scene, the SSU said “the group is able to turn into a cyberthreat with consequences, the scale of which will exceed the negative effect of the activities of [known Russian APTs APT28, SNAKE and APT29].”

Symantec said its findings are consistent with the SSU’s report, which said Shuckworm has become more sophisticated since 2017, the end result of which is a group with custom-built malware to infiltrate and legitimate tools to keep itself connected.

Anatomy of a cyber espionage attack

There are a variety of methods that APTs use to establish a permanent presence in victim networks. In the particular case study Symantec included in its report, Shuckworm likely used a tried-and-true ingress method: Phishing.

SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)

The attack began July 14, 2021, and continued for over a month, Symantec said, and it all began with a malicious Word document. “Just five minutes after the document is opened, a suspicious command is also executed to launch a malicious VBS file,” Symantec said. That file, in turn, installed the Pterodo backdoor software that was previously linked to Shuckworm.

The creation of Pterodo is what the SSU said divides Shuckworm’s early days from its more dangerous later years. Prior to the creation of Pterodo, Shuckworm relied on legitimate remote access tools like RMS and UltraVNC. Now, through the…

Source…

NATO, with Russian hackers in mind, takes hard look at cyber strategy

/in


The core concept behind NATO is a simple one: attack one member of the bloc, and all will respond. But while that logic worked during the Cold War, does it make sense to rely exclusively on it in cyberspace?

Western strategists are increasingly saying no. Last year, the alliance quietly announced that a series of lower-level cyberattacks could, cumulatively, be a tripwire for the pact’s mutual self-defense. The move marked a sea change in NATO cyber strategy, and sparked questions about how best to bolster NATO cyber defenses – and if offense, of a sort, might be part of the solution, too.

Why We Wrote This

NATO has based its security policy on deterrence, via a mutual defense pact among members. But its strategists are rethinking that approach when it comes to the digital battlefield.

In crafting NATO’s new cyber strategy, senior security and intelligence officials for the alliance say they were informed by a series of “increasingly destructive” cyberattacks by Russian and Chinese actors over the last few years.

What the incursions had in common was that, though damaging, they fell below the threshold of armed attack. It was increasingly evident, too, that the alliance needed to be more “proactive” in cyberspace, said NATO Assistant Secretary-General David van Weel.

That could mean using “hunt forward” teams of hackers like those the United States has, who defang threats before they have a chance to cause damage.

Brussels

Article 5 is the linchpin of the NATO pact, putting adversaries on notice that an attack against one is an attack against all. Founded on the Cold War logic of deterrence, the idea is that no aggressor will strike for fear of certain retaliation from combined NATO forces.

But with modern warfare expanding to virtual battlefields, NATO strategists are overhauling their cyber tactics. That means rethinking the concept of deterrence, as well as what constitutes a cyberattack that triggers Article 5: a crucial issue amid tensions between Russia and NATO-supported (though nonmember) Ukraine.

Since 2019 it has been clear that a large-scale cyberattack on a member could trigger Article 5. But…

Source…

Russian Hackers Go After Gloucester

/in


Gloucester City Council suffered a serious cyber security incident on the 20th December that resulted in the compromise of certain IT systems and disruption of daily operations. The council’s online revenue and benefits, planning and customer services have all been affected after the attack knocked out parts of a council website and the attack has been linked to the work of Russian hackers. 

Systems including online revenue and benefits, planning and customer services are still down across the authority more than a month after the attack was detected.

The cost of fixing the damage could run into millions of pounds, if similar attacks on other councils are anything to go by Gloucester businesses using council services could face months of disruption after a cyber attack knocked out parts of the computer system.

The attack is so serious that the National Crime Agency and the National Cyber Security Centre are involved in the investigation.

Other local authorities and even government agencies have put the council into IT quarantine, blocking the council’s emails.  Gloucester City Council said its sources, who do not wish to be named, allege the cyber attack was carried out by hackers from Russia. Officials at Gloucester City Council must be “more transparent” over the hack attack on the authority, a committee chairman has warned.

According to the Local Democracy Reporting Service, the malware made its way into the local authority’s system embedded in an email which had been sent to a council officer.The harmful software, known as sleeper malware, is understood to have been dormant for some time before it was activated. Other local authorities and government agencies are currently blocking the council’s emails.

Online application forms used to claim for housing benefit, council tax support, test and trace support payments, discretionary housing payments and several other services have been delayed or are unavailable. Residents have been asked to contact the council via email instead.

The council has warned the problem could take up to six months to resolve as affected servers and systems need to be rebuilt.
 

TEISS:         Gloucestershire…

Source…