Tag Archive for: Ukraine’s

Ukraine’s cyber chief comes to Black Hat in surprise visit • The Register

/in


Black Hat In Brief Victor Zhora, Ukraine’s lead cybersecurity official, made an unannounced visit to Black Hat in Las Vegas this week, where he spoke to attendees about the state of cyberwarfare in the country’s conflict with Russia. The picture Zhora painted was bleak.

Zhora, who is the deputy director of Ukraine’s State Service of Special Communications and Information Protection, said cyber incidents in the country have tripled since February, when Russia invaded. 

Zhora told attendees that Ukraine had detected over 1,600 “major cyber incidents” so far in 2022, but reports don’t include elaboration on how such incidents are classified. A number of huge incidents happened between March and April, Zhora said, including discovery of the “Industroyer2,” an apparent successor to the Industroyer malware discovered in 2017.

Industroyer was a particularly nasty strain that was able to control electrical substation software and cause power blackouts, as well as damage equipment. Ukraine was hit by a similar malware called BlackEnergy in 2015.

Online attacks against Ukraine were a common tactic in the leadup to Russia’s invasion of the country in late February he said. DDoS attacks took many of Ukraine’s government agencies offline, and new malware strains were discovered in the leadup to the invasion as well. 

The Russo-Ukraine conflict has had global cybersecurity implications, including leading to a large spike in data-wiping malware, of which six significant new strains have been found this year.

Fortinet, which reported the jump, said it hadn’t uncovered more than one significant file wiper a year since 2012, and several years when it didn’t spot a new one at all. Of the strains discovered in 2022, all have been used against Ukrainian infrastructure and organizations – in other words the gloves are off. 

Back at Black Hat, Zhora…

Source…

Russian cyber spies attack Ukraine’s allies, Microsoft says

/in


Microsoft President and Vice Chairman Brad Smith speaks during a meeting hosted by U.S. President Joe Biden with private sector CEOs to discuss the Build Back Better agenda at the White House in Washington, U.S., January 26, 2022. REUTERS/Kevin Lamarque

Register now for FREE unlimited access to Reuters.com

SAN FRANCISCO, June 22 (Reuters) – Russian government hackers have conducted multiple cyber spy operations on countries allied with Ukraine since Moscow’s February invasion of that country, Microsoft said in a report on Wednesday.

“The cyber aspects of the current war extend far beyond Ukraine and reflect the unique nature of cyberspace,” Microsoft President Brad Smith said in the report.

The Russian embassy in Washington did not immediately respond to a request for comment. Moscow has in the past denied conducting foreign cyber espionage missions, saying it “contradicts the principles of Russian foreign policy.”

Register now for FREE unlimited access to Reuters.com

Researchers had already traced a series of destructive cyberattacks on Ukrainian entities to Russian state-backed hacking groups since the conflict began.

The Microsoft report said researchers found 128 organizations in 42 countries outside Ukraine were also targeted by the same groups in stealthy, espionage-focused hacks.

Outside Ukraine, the United States was the country most-targeted by such intrusion efforts, the report said, but member countries of the military alliance NATO — which has provided critical support to Ukraine amid the conflict – were hit too.

These include organizations based in Denmark, Latvia, Lithuania, Norway and Poland, as well as Finland and Sweden, countries that have voiced a desire to join the NATO alliance.

“The target appeared to be mostly governments, although also included think tanks, humanitarian groups, and critical infrastructure providers,” the report said.

Microsoft said the hacking against allies was successful about 29% of the time and in some cases led to data being stolen.

Foreign policy experts say they fear Russia’s combined kinetic and cyber warfare strategy against Ukraine will become a model for future conflicts.

In an earlier report, Microsoft indicated…

Source…

In Ukraine’s South, Russian Occupiers Tighten the Screws

/in


DNIPRO, Ukraine—Russia is tightening its hold over occupied areas of southern Ukraine, installing pro-Moscow leaders, hunting for dissenters and dismantling Ukrainian state institutions.

In the city of Melitopol, like many others in the area, red, blue and white Russian flags now fly atop public buildings. Russian security forces patrol the streets and soldiers man checkpoints, inspecting people’s identification documents and looking through the contents of their mobile phones, residents say.

Source…

Prepare for Armageddon: Ukraine’s tactic against Russian hackers

/in


For years, a small and disparate Ukrainian team including IT experts, intelligence officers and a criminal prosecutor has kept a wary eye on a group of hackers nicknamed Armageddon.

The hackers were based in Crimea, shielded by the Russian government, which had seized the region in 2014, and out of the reach of the Security Service of Ukraine.

Instead, the Ukrainian team watched Armageddon from afar to learn the ways of their enemy. They quietly studied the hacking group’s cyber weapons, intercepted phone calls and even outed its purported leaders.

Armageddon is not the most sophisticated of Russian government-affiliated hacking groups that have attacked Ukraine, but it is among the most prolific. In 5,000 different attempts, it has unleashed ever more effective malware, hidden within cleverly engineered emails to spy on Ukrainian government bodies.

But following Russia’s invasion in February, its latest attacks have been parried thanks, in large part, to Ukraine’s deep knowledge of Armageddon’s signature moves.

“What is the best time to study your enemy? Long before the fight,” said a western official who asked not to be named. “This is especially true when you have no choice but to react.”

According to western and Ukrainian officials, as well as cyber security experts, the long-running tracking and tackling of Armageddon is just one example of a “persistent defence” that has enabled Ukraine to fend off an astounding number of cyber attacks in recent weeks.

That has allowed the country to show the same resilience online as its troops have on the ground. This toughness comes from years of preparing for, and sometimes recovering from, sophisticated Russian cyber attacks, including one that knocked out the power supply to some Kyiv suburbs in 2015.

A year later, retired US Navy Admiral Michael Rogers, who ran US Cyber Command and was the former head of the National Security Agency, sent the first teams of American soldiers to help bolster Ukrainian cyber defences. He said the missions allowed the Americans to simultaneously “look at Russian tradecraft, look at Russian malware, look at the specifics of how Russian cyber entities tend to operate”.

Earlier this…

Source…