Russia’s invasion of Ukraine has been characterized by strategic and significant use of cyberattacks to support its military objectives. In the days to come, there is likely to be a sharp increase in cyberthreat activity globally and leading organizations must be prepared for the ripple effects that spill out of the conflict.
Throughout the start of 2022, Russia has pressured Ukraine against joining the North Atlantic Treaty Organization (NATO) which would grant them access to powerful military allies. After conducting multiple cyber-attacks against Ukrainian networks, the Russian military is now executing a military assault on Ukraine, invading from multiple directions. This conflict has resulted in a significant increase in cybersecurity threats worldwide and will likely trigger an escalation in cyber-attacks on organizations everywhere. The Ankura Cyber Threat Investigations and Expert Services (CTIX) team is continuously monitoring and analyzing the global cyber threat landscape and is supplying this content to provide specific insights for organizations to help them proactively prepare and be ready to defend their environments and avoid operational disruptions.
How Did Russia Leverage Cyberattacks for its Invasion?
On January 26, 2022, Computer Emergency Response Team of Ukraine (CERT-UA) released a report stating that between January 13th and 14th multiple websites of state organizations were tampered with by Russia, resulting in content alteration and system destruction. The attack, now known as WhisperGate, gained access through the supply chain, and through the abuse of the vulnerabilities OctoberCMS and Log4j. The malware itself is made up of three components: BootPatch, WhisperGate, and WhisperKill. Similar to the WhisperGate attacks, on February 23, 2022, ESET and Broadcom’s Symantec discovered a second data wiper malware. This malware, dubbed HermeticWiper (KillDisk.NCV), has been used to target hundreds of additional machines. HermeticWiper is a custom application designed to wipe local data, as well as damage the master boot record of the hard drive, preventing the system from booting into the operating system, which is nearly identical to how…