Security News

One of the wipers also took wind turbines in Germany offline, satellite communication modems in Ukraine seemingly being the primary target in this specific attack. While the wipers have primarily targeted Ukrainian organizations to date, as the illegal and bloody Russian invasion of Ukraine continues, cybersecurity and law enforcement agencies warn that Kremlin-backed crime gangs may turn their destructive attacks toward Western governments and companies.

Ukraine's computer emergency response team has published an announcement warning of ongoing DDoS attacks targeting pro-Ukraine sites and the government web portal. The threat actors, who at this time remain unknown, are compromising WordPress sites and injecting malicious JavaScript code to perform the attacks.

At least six Russian Advanced Persistent Threat actors and other unattributed threats, have conducted destructive attacks, espionage operations, or both, while Russian military forces attack the country by land, air, and sea. It is unclear whether computer network operators and physical forces are just independently pursuing a common set of priorities or actively coordinating.

Cyberattacks against Ukraine have been used strategically to support ground campaigns, with five state-sponsored advanced persistent threat groups behind attacks that began in February. From late February to mid-March, another series of wiper attacks using malware called HermeticWiper, IsaacWiper and CaddyWiper targeted organizations in the Ukraine as Russia commenced its physical invasion.

Microsoft has revealed the true scale of Russian-backed cyberattacks against Ukraine since the invasion, with hundreds of attempts from multiple Russian-backed hacking groups targeting infrastructure and Ukrainian citizens. Microsoft has also observed a direct link between cyberattacks and military operations, with the timing between hacking attempts and breaches closely matching that of missile strikes and sieges coordinated by the Russian military.

China appears to be entering a raging cyber-espionage battle that's grown in line with Russia's unprovoked attack on Ukraine, deploying advanced malware on the computer systems of Russian officials. China has tried to play a neutral role since Russia began its invasion of Ukraine on February 24, with government officials saying they want to see a peaceful resolution.

In a first for a major Chinese tech company, drone-maker DJI Technologies announced on Tuesday that it will temporarily suspend business in both Russia and Ukraine. "DJI is internally reassessing compliance requirements in various jurisdictions. Pending the current review, DJI will temporarily suspend all business activities in Russia and Ukraine. We are engaging with customers, partners and other stakeholders regarding the temporary suspension of business operations in the affected territories," declared DJI in a canned statement.

DDoS attacks were at all-time high in Q1 2022 due to war in Ukraine. Kaspersky recently released findings that the number of DDoS attacks are the most frequent they have ever been and dwarf the rate of DDoS attacks from just a year prior.

Shuckworm's attacks are part of an ongoing campaign by Russian state-sponsored threat groups that escalated their efforts in the run-up to the invasion of Ukraine in late February, and have continue their attacks since. The Security Service of Ukraine last year said the group was responsible for more than 5,000 attacks against public agencies or critical infrastructure and linked Shuckworm to the FSB, Russia's security service and successor to the KGB. The SSU said the group targeted more than 1,500 government computer systems over seven years.

Threat analysts report that the Russian state-sponsored threat group known as Gamaredon is launching attacks against targets in Ukraine using new variants of the custom Pteredo backdoor. According to a report by Symantec, who tracks the group as Shuckworm, the actor is currently using at least four variants of the "Pteredo" malware, also tracked as Pteranodon.