According to the new research by Aqua Security’s Team Nautilus, cloud technologies now make difference on the digital front of the war. The team has tracked code and tools in public repositories including code libraries, Docker container images, and popular software packages such as PyPI, Ruby, and npm. The Team searched for guides, tools, and names promoted for use in digital attacks by either side.
40% of these public repositories were related to DDoS attacks. Two container images, “abagayev/stop-russia:latest” and “erikmnkl/stoppropaganda:latest,” drew the attention of the team. Both are DDoS tools that contain how-to guides, that expand the possibility of website disruption through cloud deployment to audiences without technical expertise. Russian financial and service providers are on the target list.
A new form of wiper malware is used in assaults against Ukrainian organizations. According to ESET, the wiper has been detected “on a few dozen systems in a limited number of organizations”. CaddyWiper is the malicious code designed to damage target systems by erasing user data, hard drives, programs, and partition information. Unlike other common malware variants, wipers are not focused on financial gain or theft.
Caddy Wiper avoids erasing information on domain controllers. Thereby, attackers can keep their access inside the organization while disturbing operations. This malware was spread through Microsoft Group Policy Objects. The first time this malware was used against Ukraine was in January this year prior to the Russian invasion of Ukraine.
Digital war has become a key pillar of Ukraine’s defence. The experience the country gets when fighting against Russia in the digital space is likely to be used during the country’s post-war reconstruction. According to Alex Bornyakov, the Deputy Minister of Digital Transformation of Ukraine, Ukraine is going to become a global leader in the use of cryptocurrencies. During the first days of the war, Ukraine received huge volumes of assets in crypto (close to $100M so far).
The use of crypto has made money transfers much faster which is of the greatest importance since at the time of war is crucial. This week, the President of Ukraine Zelensky signed the law “On Virtual Assets” thereby sending a powerful message to the global crypto community “After the war, Ukraine will welcome crypto businesses from worldwide to do business in our country”. Ukraine has also created its Cyber Army and is actively conducting digital diplomacy.
Representative Brad Sherman is going to introduce the bill aimed at forcing crypto exchanges to stop working with Russian wallets amid the war in Ukraine. The legislation was firstly announced by Senator Elizabeth Warren on 8 March. Although the official text of the bill is unavailable, the proposed legislation would reportedly give the Treasury Department the authority to stop crypto exchanges operating under U.S. jurisdiction from processing transactions related to Russian crypto addresses.
U.S. taxpayers would be also required to report any crypto transactions exceeding $10K to FinCEN, Financial Crimes Enforcement Network. The call to block crypto addresses belonging to Russian users was made by the Minister of Digital Transformation of Ukraine Mykhailo Fedorov. However, the CEOs of major crypto exchanges state that banning all Russian users may have a negative impact on crypto development.
Although the scope of cyberattacks utilized during the war in Ukraine has not reached its peak yet, the financial sector remains on high alert to the possibility. Denial of service is among the main threats that can affect the financial sector. According to CrowdStrike, over preparedness is the key part of cybersecurity. Although cyberattacks are effective in disrupting infrastructure, Russia is likely to continue relying on kinetic attacks as the main strategy in the war against Ukraine.
However, before the invasion of Ukraine, Russia was using cyberattacks as an instrument to cause damage to Ukrainian infrastructure. Russian active role in promoting cyberattacks worldwide forced the US government to impose sanctions on Russian research institutions responsible for the development of the destructive Triton malware.
Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.