Go to listing page

Winter is Coming: Russia Ups the Cyberattacks as Ukraine War Intensifies

Winter is Coming: Russia Ups the Cyberattacks as Ukraine War Intensifies
The specter of nuclear war and cyberwar has been hanging over the world since Russia invaded Ukraine in February this year. Recently, Microsoft has warned that Russian-sponsored cyberattacks are expected to continue to rise against Ukrainian infrastructure and its allies, including the U.S., the EU, and NATO, throughout the winter.

Cyberwar intensifies worldwide

Microsoft warned that Russian military-affiliated hackers launched destructive wiper attacks against energy, water, and other critical infrastructure organizations’ networks in Ukraine.
  • The targeted sectors include government (25%), energy (13%), transportation (8%), water (4%), IT/communication (8%), law enforcement/emergency services (6%), financial (12%), and healthcare (4%), media (10%), and others (10%).
  • Of the roughly 50 Ukrainian organizations that they targeted with destructive wiper malware, 55% were critical infrastructure organizations.
  • Hackers expanded destructive attacks to several logistics and transportation sector networks in Poland in an effort to undermine foreign-based supply chains.
  • They were seen boosting selected narratives online through state-affiliated media outlets and social media accounts to amplify the intensity of popular dissent over energy and inflation across Europe.

Russia-Ukraine conflict: recent notable incidents

Russia-based OpZero went on the record with a $1.5 million offer for RCE exploits for Signal to gain surveillance capabilities over Ukrainians using the app to communicate.
  • Last month, Russian military threat group Sandworm deployed RansomBoggs, and Z-Team (UAC-0118) deployed Somnia ransomware against multiple Ukrainian organizations.
  • In September, Sandworm was masquerading as telecom providers to target Ukrainian entities to deliver Colibri Loader and Warzone RAT. The Gamaredon group targeted Ukrainian organizations with new info-stealing malware. 
  • Prestige ransomware, whose criminology supports Russia, was observed targeting transportation and logistics organizations in Ukraine and Poland. Last month, Microsoft attributed the ransomware to a Russian state-sponsored group Iridium (linked with the Sandworm group).
  • In addition, Microsoft observed that Russian threat actors launched cyber-enabled influence operations in Europe and globally to reduce support for Ukraine’s defense.

Conclusion

Russian attackers continue to launch attacks against Ukraine and its supporting countries, this time through the use of wiper malware and promoting fake propaganda over fake social channels against European entities. Microsoft recommends following multidimensional defenses around the four D’s (detect, disrupt, defend and deter) to protect against such multidimensional threats.
Cyware Publisher

Publisher

Cyware