Security News

Microsoft has revealed the true scale of Russian-backed cyberattacks against Ukraine since the invasion, with hundreds of attempts from multiple Russian-backed hacking groups targeting infrastructure and Ukrainian citizens. Microsoft has also observed a direct link between cyberattacks and military operations, with the timing between hacking attempts and breaches closely matching that of missile strikes and sieges coordinated by the Russian military.

China appears to be entering a raging cyber-espionage battle that's grown in line with Russia's unprovoked attack on Ukraine, deploying advanced malware on the computer systems of Russian officials. China has tried to play a neutral role since Russia began its invasion of Ukraine on February 24, with government officials saying they want to see a peaceful resolution.

In a first for a major Chinese tech company, drone-maker DJI Technologies announced on Tuesday that it will temporarily suspend business in both Russia and Ukraine. "DJI is internally reassessing compliance requirements in various jurisdictions. Pending the current review, DJI will temporarily suspend all business activities in Russia and Ukraine. We are engaging with customers, partners and other stakeholders regarding the temporary suspension of business operations in the affected territories," declared DJI in a canned statement.

The tables have turned with the NB65 hacking group modifying the leaked Conti ransomware to use in attacks on Russian entities. The Karakurt group handles data extortion tasks for the Conti operation when they are blocked from deploying their ransomware.

Despite being less active, which may suggest that the ransomware business is closer to moonlighting, OldGremlin has demanded ransoms as high as $3 million from one of its victims. Security researchers at Singapore-based cybersecurity company Group-IB say that this time OldGremlin impersonated a senior accountant at a Russian financial organization warning that the recent sanctions imposed on Russia would suspend the operations of the Visa and Mastercard payment processing systems.

While for the longest time open source software has been reliable, community-fuelled, and efficient in that it takes out the need to reinvent the wheel, the recurring cases of voluntary self-sabotage by maintainers have cast doubts on the overall reliability of the ecosystem. This marks the third major protest of 2022 by an open source developer leveraging his vastly used software to express opinions on a matter of public interest.

Developers are increasingly voicing their opinions through their open source projects in active use by thousands of software applications and organizations. While for the longest time open source software has been reliable, community-fuelled, and efficient in that it takes out the need to reinvent the wheel, the recurring cases of voluntary self-sabotage by maintainers have cast doubts on the overall reliability of the ecosystem.

Today, the U.S. has announced exemptions on previously imposed sanctions on Russia related to telecommunications and internet-based communications, likely to prevent Russians from being isolated from Western news sources. The revised sanctions released today and signed by Deputy Director of the Office of Foreign Assets Control, Bradley Smith, re-opens the possibility for US companies to license, export, sell, or supply services for software, hardware, and IT technology related to communications.

The U.S. Department of Justice announced that it neutralized Cyclops Blink, a modular botnet controlled by a threat actor known as Sandworm, which has been attributed to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation. "The operation copied and removed malware from vulnerable internet-connected firewall devices that Sandworm used for command-and-control of the underlying botnet," the DoJ said in a statement Wednesday.

This includes Kremlin-backed operations looking to spy on and influence specific Ukrainian industries, including defense, energy, and telecoms, as well as journalists and activists in Ukraine, Russia and abroad. In one example, Meta says it removed fake-news posts linked to the Belarusian KGB. This account began posting misinformation in Polish and English about Ukrainian troops surrendering without a fight and the nation's leaders fleeing the country on February 24 when Russia began its "Special military operation" against the neighboring state. Ghostwriter has tried to hack into "Dozens" of Ukrainian military personnel's Facebook accounts, according to Meta's new threat report.