Tag Archive for: Russians

Why haven’t the Russians launched more cyber attacks?

/in


SAN DIEGO (KGTV) – As the war in Ukraine stretches into its second week, Russia’s military continues to wage a mostly conventional war.

That’s been a surprise to security experts who expected a barrage of powerful cyberattacks after several notable Russian hacks in Ukraine in years past.

In 2015, after the Russian invasion of Crimea, Russian hackers infiltrated electricity substations in western Ukraine, seized control of the computers remotely, and turned off the electricity for about 230,000 customers.

It was the world’s first successful cyberattack on a power grid.

The following year there was an attack on an electricity substation in Kyiv.

Two main theories have emerged about why Russia hasn’t yet levied similar cyber attacks in this invasion, said Peter Cowhey, dean emeritus of UC San Diego’s School of Global Policy and Strategy and a former adviser to the Clinton and Obama administrations on cyber issues.

The first theory is that the Russian military was overconfident in their ability to take Ukraine by conventional means. “They thought that Ukraine would go down easily. Why disrupt an infrastructure through cyber attacks that you assume you’re going to be ruling and administering?” he said.

In this line of thinking, Russia is intentionally holding back its cyber capabilities. Perhaps the Kremlin is using hacking tools to spy, not destroy.

The other principal theory, Cowhey said, is one of incompetence. Maybe Russian hackers tried dramatic cyber attacks but failed?

“The US and NATO had sent a number of experts to Ukraine over prior months to help them detect weaknesses in the cyber security arrangements in the country,” he said. Those efforts might have hardened Ukrainian cyber defenses, but not to an insurmountable degree, he said.

There are signs US Cyber Command may be taking an active role in Ukraine’s defense. This week, China claimed the US hacked into its computers to launch disguised cyber attacks on Russia.

“It’s hard to tell whether that’s propaganda or real, but there has been speculation that US Cyber Command has at least put the Russians on notice that they can’t do this easily,” Cowhey said.

Russian hackers have launched some successful…

Source…

Facebook parent Meta says Russians targeting Ukrainians with misinformation and hacking attempts on Facebook

/in


Facebook parent company Meta said Sunday night that it has taken down a coordinated Russian influence operation that was targeting Ukrainians across Facebook and Instagram. The company said the misinformation campaign has ties to another Russian network in the Donbas region that was previously banned from Facebook in April 2020. 

In addition to the influence operation, Meta said it also took down a coordinated hacking group attempting to target and compromise accounts within Ukraine.  

“We took this operation down, we’ve blocked their domains from being shared on our platform, and we’ve shared information about the operations with other tech platforms with researchers and with governments,” David Agranovich, director of threat disruption for Meta, told reporters.

Agranovich said the coordinated campaign used fake accounts to target high-profile Ukrainians including journalists, members of the military and public thinkers. Those behind the campaign operated fictitious personas and were also active on YouTube, Twitter, Telegram, and two Russian social media sites “to appear more authentic” and “avoid scrutiny,” Agranovich said.

The operation also ran a handful of websites, Meta said, which would publish claims about the West betraying Ukraine and Ukraine being a failed state. Agranovich said the content created by the influence operators was “primarily off of our platform.”

“The idea was they would write an article, posting that article onto their website as if they were a reporter or a commentator and then the accounts were really just designed to post links to their own websites and direct people off platform,” Agranovich said. 

While Meta described the influence operation as a “relatively small network” consisting of approximately 40 accounts, pages, and groups across Facebook — with fewer than 4,000 followers on Facebook and not even 500 on Instagram — the company would not say how many users interacted with the misinformation or how many times the posts were shared with others. 

“What we’ve generally found is that the best proxy for the size of these operations ends up being the number of people who follow them,” Agranovich said. “In general, what we saw here…

Source…

Russians responsible for SolarWinds hack are targeting COVID-19 research, cyber officials say

/in


Federal cyber officials on Thursday blamed the Russian Foreign Intelligence Service (SVR) for the SolarWinds hack of computer network management software and the targeting of COVID-19 research.

Previously, the government had said Russia was likely responsible for the hack that compromised nine federal agencies, but Thursday’s joint statement from the National Security Agency, FBI, and Cybersecurity and Infrastructure Security Agency provided more formal attribution of the hack that was publicly disclosed last year. The federal agencies pointed to SVR actors, also known as APT29 and Cozy Bear, as responsible for the hack.

“Recent Russian SVR activities include compromising SolarWinds® Orion® software updates, targeting COVID-19 research facilities through deploying WellMess malware, and leveraging a VMware® vulnerability that was a zero-day at the time for follow-on Security Assertion Markup Language (SAML) authentication abuse,” said the agencies in the cybersecurity advisory. “SVR cyber actors also used authentication abuse tactics following SolarWinds-based breaches.”

Source…

Six Russians accused of the world’s most destructive hacks indicted

/in
The faces of 6 men underneath a banner that reads WANTED BY THE FBI.

Enlarge (credit: US Justice Department)

Six men accused of carrying out some of the world’s most destructive hacks—including the NotPetya disk wiper and power grid attacks that knocked out electricity for hundreds of thousands of Ukrainians—have been indicted in US federal court.

The indictment said that all six men are officers in a brazen hacker group best known as Sandworm, which works on behalf of Unit 74455 of the Russian Main Intelligence Directorate, abbreviated from Russian as GRU. The officers are behind the “most disruptive and destructive series of computer attacks ever attributed to a single group,” prosecutors said. The alleged goal: to destabilize foreign nations, interfere with their internal politics, and cause monetary losses.

Among the hacks is NotPetya, the 2017 disk-wiping worm that shut down the operations of thousands of companies and government agencies around the world. Disguised as ransomware, NotPetya was in fact malware that permanently destroyed petabytes of data. The result, among other things, was hospitals that turned away patients, shipping companies that were paralyzed for days or weeks, and transportation infrastructure that failed to function.

Read 7 remaining paragraphs | Comments

Biz & IT – Ars Technica