Security News

Hundreds of computers in Ukraine have been infected with data-wiping Windows malware, say researchers at ESET. In a series of tweets on Wednesday, the infosec biz said it picked up its first sample of the software nasty at about 1500 UTC, and believes the code has been in the works for the past two months. The malware uses drivers from a partitioning program to corrupt storage devices and destroy files on infected systems, according to ESET. It's not entirely clear right now how the malware is dropped onto victims' machines and run, though in one case, said ESET, an organization's Active Directory server was probably compromised to distribute the wiper through the network via a group policy object.

Cybersecurity firms have found a new data wiper used in destructive attacks today against Ukrainian networks just as Russia moves troops into regions of Ukraine. A data wiper is malware that intentionally destroys data on a device to make the data unrecoverable and for the operating system to no longer work correctly.

IBM's infosec division says the UK was one of the most targeted countries in Europe for cyberattacks last year. The 12-strong Lithuanian-led team - including members from Estonia, the Netherlands, Lithuania, Croatia, Romania and Poland - is visiting the Ukraine to help it defend against Russian cyberattacks both remotely and on-site in the country, an EU spokesman told the BBC. Separately, this afternoon another series of outages appeared to hit various Ukrainian government websites.

Today, the White House has linked the recent DDoS attacks that knocked down the sites of Ukrainian banks and defense agencies to Russia's Main Directorate of the General Staff of the Armed Forces. Neuberger also added that, although "Of limited impact" these incidents could be part of a more significant Russian effort to prepare for other, "Laying groundwork" for more disruptive attacks that would come together with a potential invasion of Ukraine's territory.

The websites of the Ukrainian military and at least two of the nation's biggest banks were knocked offline in a cyberattack today. On social media, it reported "Technical works on restoration of regular functioning" are underway after it was "Probably attacked by DDoS: an excessive number of requests per second was recorded." Other military sites are also apparently suffering outages.

A distributed denial-of-service cyber-attack today took down Ukrainian defense military websites - and at least two of the nation's biggest banks were knocked offline, too. Ukraine's Ministry of Defense website is still unavailable at time of publication.

The Security Service of Ukraine today said the country is the target of an ongoing "Wave of hybrid warfare," aiming to instill anxiety and undermine Ukrainian society's confidence in the state's ability to defend its citizens. "Ukraine is facing attempts to systemically sow panic, spread fake information and distort the real state of affairs. All this combined is nothing more than another massive wave of hybrid warfare," the SSU said.

Microsoft on Friday shared more of the tactics, techniques, and procedures adopted by the Russia-based Gamaredon hacking group to facilitate a barrage of cyber espionage attacks aimed at several entities in Ukraine over the past six months. The attacks are said to have singled out government, military, non-government organizations, judiciary, law enforcement, and non-profit organizations with the main goal of exfiltrating sensitive information, maintaining access, and leveraging it to move laterally into related organizations.

Microsoft said today that a Russian hacking group known as Gamaredon has been behind a streak of spear-phishing emails targeting Ukrainian entities and organizations related to Ukrainian affairs since October 2021. Security and threat researchers with the Microsoft Threat Intelligence Center and the Microsoft Digital Security Unit said today that Gamaredon's cyber-espionage campaign is being coordinated out of Crimea, confirming SSU's assessment that the Gamaredon hackers are officers of the Crimean FSB who sided with Russia during the 2014 occupation.

Microsoft said today that a Russian hacking group known as Gamaredon has been behind a streak of spear-phishing emails targeting Ukrainian entities and organizations related to Ukrainian affairs since October 2021. Security and threat researchers with the Microsoft Threat Intelligence Center and the Microsoft Digital Security Unit said today that Gamaredon's cyber-espionage campaign is being coordinated out of Crimea, confirming SSU's assessment that the Gamaredon hackers are officers of the Crimean FSB who sided with Russia during the 2014 occupation.