Security News
Cybercriminals are taking sides over Russia's deadly invasion of Ukraine, putting either the West or Moscow in their sights, according to Accenture. "Pro-Ukrainian actors are refusing to sell, buy, or collaborate with Russian-aligned actors and are increasingly attempting to target Russian entities in support of Ukraine," Accenture claimed.
Ukraine's Computer Emergency Response Team is warning that threat actors are distributing fake Windows antivirus updates that install Cobalt Strike and other malware. The phishing emails are sent to Ukrainian state bodies and propose downloading "Critical security updates," which come in the form of a 60 MB file named "BitdefenderWindowsUpdatePackage.exe."
As Russian ground forces closed in on key Ukrainian cities including capital Kyiv, and airstrikes hit military bases near the western city of Lviv, the expected cyber-onslaught by Russia has largely failed to become reality. Until last week, when it emerged that Western spy agencies were investigating a large-scale satellite broadband outage affecting satellite communications provider Viasat, which began on 24 February - the day Russia invaded Ukraine.
British infosec pro Vic Harkness traveled to Ukraine to offer humanitarian help - and while taking a break in the western city of Lviv she described to The Register what it's like in the war-torn country. Harkness, who originally traveled to Poland with a group of friends to try to help out before crossing the border, is not there to do any infosec work, she explained.
China's Cyberspace Administration has claimed that "Since late February" it has observed continuous attacks on the Chinese internet and local computers by actors who used the resources they co-opted to target Russia, Belarus, and Ukraine. The allegation, the title of which translates as "My country's internet suffers from overseas cyber attacks," was posted last Friday and include a list of IP addresses that the Administration claims as the source or target of the attacks.
A new malware campaign is taking advantage of people's willingness to support Ukraine's cyber warfare against Russia to infect them with password-stealing Trojans. Last month, the Ukrainian government announced a new IT Army composed of volunteers worldwide who conduct cyberattacks and DDoS attacks against Russian entities.
Google is rolling out an air raid alert system to all Android phones in Ukraine to help them get back to safety from incoming Russian airstrikes. As Walker further explained, the airstrike warning system rolling out to Ukrainians' Android phones "Is supplemental to the country's existing air raid alert systems" and uses air raid alert info provided by the Ukrainian government.
In a Wednesday threat advisory, Cisco Talos described a campaign it's observed in which a threat actor was offering a supposed distributed denial-of-service tool on Telegram that's purportedly meant to pummel Russian websites. The crisis has brought both new threats and an influx of actors "Of varying skill," Cisco said.
The cyber activities related to the ongoing war in Ukraine have run the gamut from wiper malware hitting organizations and the border control in Ukraine, DDoS attacks aimed at government and media websites, and cyber disruption of satellite-based internet service, to preparations for watering hole attacks, next-level disinformation campaigns, and phishing campaigns. Many analysts expected more disruption and retaliatory attacks orchestrated by Russian-backed hackers, both aimed at Ukranian targets and targets in countries sympathetic to and supporting Ukraine.
It has been interesting to notice how unimportant and ineffective cyber operations have been in the Russia-Ukraine war. Russia launched a wiper against Ukraine at the beginning, but it was found...