Google’s Threat Analysis Group (TAG) has released the update in the wake of the russian invasion of Ukraine. The Group has issued hundreds of warnings to users from Ukraine that they have been targeted by state-backed hackers, mostly from russia. Since the beginning of the russian invasion, TAG has seen FancyBear, the malicious group that is likely to be a part of the russian GRU (military intelligence agency), has been actively targeting Ukrainian users by conducting phishing campaigns against the Ukrainian media company UkrNet.
Ghostwrite is the hacker group that is likely to be linked to the Belarusian Ministry of Defence. The group may be responsible for carrying out cyberattacks targeting Ukrainian and Polish government resources as well as attacking Ukrainian users of UkrNet and Yandex resources. According to Google, its Safe Browsing service has blocked Ghostwriter’s phishing domains.
Crypto investors have already donated >$50M in virtual assets to Ukraine. However, U.S. officials are warning them of novel security risks they may face. The United States Treasury is warning that russia may attack crypto companies especially crypto exchanges as a response to Western sanctions. To evade sanctions russia may turn to crypto. The risk of a large number of cybercrimes linked to russia that may take place in the coming weeks is very high. Even before the war in Ukraine, most of the money stolen as a result of ransomware attacks was going to hackers from russia.
Scammers have created numerous fake donation websites and sent phishing emails to crypto users. To prevent sending assets to illicit addresses, it is highly recommended to send assets only to the official addresses provided by the Ukrainian Government and the National Bank of Ukraine. Users should also follow standard cyber hygiene practices such as using strong unique passwords, avoiding any interactions with malicious groups, etc.
After russia had started its invasion of Ukraine, the international group of hackers called Anonymous declared war on Putin’s regime. Many internet bystanders are highly motivated to make serious trouble for russia. Ukraine has created the IT Army to carry out coordinated cyberattacks against russia. Ukrainian hackers have heavily relied on DDoS tools during this cyber warfare.
The most impactful actions have been related to stealing data belonging to russian government agencies or officials and posting them to the public. The latest major leak occurred as a result of a massive DDoS attack, 800 GB of data related to Roskomnadzor were leaked. It is likely that the leaked data may be also used in the future for carrying out state-backed espionage activities. Also, there is a risk that cybercriminals may try to benefit from this cyber warfare by getting access to very sensitive data. Some of the most sophisticated malicious actors may operate under the cover of hacktivism. Thus, the current cyber warfare may have long-term consequences.
As the war in Ukraine escalates, cyber specialists discuss the kind of cyberattacks that may be conducted by russia. There is a risk that russian state-backed hackers may target the Ukrainian power grid, healthcare system, water supply infrastructure, etc. For the last decade, Ukraine has experienced a number of powerful cyberattacks such as election interference, attack on a power grid, Not Petya malware, and the recent massive attack on government websites.
At the same time, private and government entities, as well as individuals worldwide, are actively trying to support Ukraine’s cyber resilience. Responding to cyberattacks and building national cyber resilience requires following the whole-of-society approach that is based on international cooperation of efforts.
On Wednesday, the president of the USA signed the executive order calling on the government to examine the advantages and risks associated with cryptocurrencies. There have been reports of a divide between the White House and the Treasury. Under this order, federal agencies have to take a unified approach to regulation and oversight of virtual assets.
The measures announced will cover 6 main areas:
Biden’s administration strives to ensure that the use of digital assets does not create serious financial risks.
Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.