russia (144)

Activity Summary - Week Ending on 25 March 2022:

  • Red Sky Alliance identified 15,245 connections from new IP’s checking in with our Sinkholes
  • Malicious Keylogger data is back with 24 Keylogged emails
  • Analysts identified 1,081 new IP addresses participating in various Botnets
  • CaddyWiper
  • CryptBot
  • Russian Cyber Attacks – Train your Machine
  • IssacWiper
  • A 3rd Wipper (after HermeticWiper and IzaakWiper)
  • Wiper remediation

Link to full report: IR-22-084-001_weekly084.pdf

10235226663?profile=RESIZE_400xSince declaring cyberwar on Russia through the #OpRussia campaign, the hacktivist group Anonymous has been busy.  It has been three weeks since the Anonymous collective tweeted their declaration of war, and in that time the decentralized group has been a mainstay of news headlines.   

Since Russia invaded Ukraine the Anonymous twitter account, @YourAnonNews has gained close to 500,000 followers.  In the hybrid war format where both acts of kinetic war and cyber war have been documented many hack

10226651692?profile=RESIZE_400xA provocative piece from Vox, explains the current state of the Russian Cyber War.   After three weeks of fighting, Russia is beginning to deploy increasingly brutal tactics in Ukraine, including indiscriminate shelling of cities and “medieval” siege warfare. Other elements of its military strategy, however, are conspicuously absent in cyberwarfare.  Russia has a history of employing cyberwarfare tactics, which some experts believed could feature prominently in its invasion of Ukraine. The cyber

10219803084?profile=RESIZE_400xActivity Summary - Week Ending on 18 March 2022:

  • Red Sky Alliance identified 16,707 connections from new IP’s checking in with our Sinkholes
  • Malicious Keylogger data is back with 20 Keylogged emails
  • Analysts identified 3,8171 new IP addresses participating in various Botnets
  • Soul Searcher
  • SharkBot
  • Blue, Yellow and Gray Zones
  • Open-Source Reverse Tunneling Tool
  • Strengthening American Cybersecurity Act
  • Vessel Impersonation

Link to full report: IR-22-077-001_weekly077.pdf

10200055882?profile=RESIZE_400xThe US president signed an executive order (E.O.) on 9 March for “ensuring responsible innovation in digital assets.”  The E.O. is designed to, among other things, crack down on the use of cryptocurrency among cybercriminals.[1]

This long-awaited directive orders federal agencies, including the Department of Justice and the Treasury Department, to coordinate their approach to the booming cryptocurrency sector.  Although the order does not lay out specific policy suggestions, it takes aim at cons

10200049488?profile=RESIZE_400xAt the start of March, residents of Kyiv had been bracing themselves for a 40-mile-long convoy of Russian tanks, armored vehicles, and towed artillery to arrive for an assault on the Ukrainian capital.  Days later, they are still waiting.   Perhaps Russian men are too disinclined to ask for directions

On 03 March 2022, US intelligence suggested that the convoy was still stalled some distance from Kyiv, backing claims made by both the Ukrainian government and UK's defense ministry.  "We still ass

10177930093?profile=RESIZE_400xThe Russian government announced on 04 March 2011 that it will begin to “partially restrict” access to Facebook, according to an announcement from its internet regulatory agency Roskomnadzor.  Russia claimed that it would implement the measures, which were not specified after Facebook put its own restrictions on four Russian state-linked media outlets, the television network Zvezda, news agency RIA Novosti, and the websites Lenta.ru and Gazeta.ru.

“On 24 February 2022, Roskomnadzor sent requests

10175695874?profile=RESIZE_400xLast week, Russia blocked access to BBC website and the media outlet resorted to broadcasting news bulletins over shortwave radio in the country.  According to a UK media report, the BBC said it was bringing back the WWII-era broadcasting technology in the region, just hours before its sites were banned.  "It's often said truth is the first casualty of war.  In a conflict where disinformation and propaganda is rife, there is a clear need for factual and independent news people can trust and in a

10169770270?profile=RESIZE_400xActivity Summary - Week Ending on 4 March 2022:

  • Red Sky Alliance identified 5,761 connections from new IP’s checking in with our Sinkholes
  • Malicious Keylogger data is back
  • Analysts identified 5,700 new IP addresses participating in various Botnets
  • Kraken Botnet
  • TA2541 Part II
  • Russian Hackers
  • Indian Port hit with Malware
  • Anonymous: Good or Bad Guys?
  • Popular Journalist Hacked
  • Bridgestone Americas
  • US Banks on High Alert

Link to full report: IR-22-063-001_weekly063.pdf

10167240466?profile=RESIZE_400xAs news continues to break about the ongoing crisis in Western Europe, Cyber Security professionals have been busy making sense of the role that presumably planned cyber-attacks have played in the conflict between Russia and Ukraine.  A number of Russian cyber-attacks have served as a prelude to a physical invasion of Ukraine.  There is a lot of information from the past two months to unpack and new events are continuing to be reported.

A quick review of the cyber events leading up to boots on t

10167245075?profile=RESIZE_400xThe common definition of Guerrilla Warfare is a form of ‘irregular’ warfare in which small groups of combatants, such as paramilitary personnel, armed civilians, or irregulars, use military tactics including ambushes, sabotage, raids, petty warfare, hit-and-run tactics, and mobility, to fight a larger and less-mobile traditional military.  Now enter cyber guerrilla warfare.  A Ukrainian cyber guerrilla warfare group is in the process of launching digital sabotage attacks against critical Russian

10160746052?profile=RESIZE_400xA member of the Conti ransomware group, believed to be Ukrainian of origin, has leaked the gang’s internal chats after the group’s leaders posted an aggressive pro-Russian message on their official site, on February 25th, in the aftermath of Russia’s invasion of Ukraine.  The message appears to have rubbed Conti’s Ukrainian members the wrong way, and one of them has hacked the gang’s internal Jabber/XMPP server. Internal logs were leaked earlier today via an email sent to multiple journalists an

10158988062?profile=RESIZE_400xSeveral days ago, our friends at FortiGuard Labs shared a valuable check list considering the current Ukrainian crisis.  We would like to share with our readers and thank Fortinet.   With Russian military operations currently underway in Ukraine, the question of whether cyber warfare will also be employed remains unanswered.  While researchers have seen cases of destructive cyber actions focused on Ukraine, at this point specific attribution is not possible. 

As a result of these actions, there

10158457088?profile=RESIZE_400xThe Russian military continues to be active in Ukraine; movements that started on 23 February.  Of interest, the cyber conflict is mirroring the military conflict with Russian government websites going dark to some parts of the world after being targeted with a flood of web traffic via a distributed denial-of-service (DDoS) attack attempting to knock them offline.  It is unclear who directed the attack or if it was successful in disrupting the sites.  However, cybersecurity researchers say the R

10145072099?profile=RESIZE_400xThere is an English ballad which was first published in the 1640’s titled, The World Turned Upside Down.  Many believe the current international geo-political atmosphere meets this time aged ballad.  The US has publicly accused Russia of being responsible for last week’s cyber-attacks targeting Ukraine’s defense ministry and major banks.  Now some experts believe Russia could escalate malicious cyber activity and conduct sophisticated cyber-attacks on the West too.  If this occurs, the attacks w

10083766087?profile=RESIZE_400xThe European Central Bank is preparing banks for a possible Russian-sponsored cyber-attack as tensions with Ukraine mount as the region braces for the financial fallout of any conflict.  The stand-off between Russia and Ukraine has rattled Europe's political and business leaders, who fear an invasion that would inflict damage on the entire region. 

Earlier this week, French President flew to Moscow, then to Kyiv Ukraine in a bid to act as a mediator after Russia massed troops near Ukraine.[1]  N

10053400461?profile=RESIZE_400xActivity Summary - Week Ending on 28 January 2022:

  • Red Sky Alliance identified 21,120 connections from new IP’s checking in with our Sinkholes
  • Intern LLC in Moscow hit
  • Analysts identified 5,665 new IP addresses participating in various Botnets
  • AvosLocker Ransomware
  • Wormable Windows Vulnerability
  • Nmap
  • Belarus Trains hit
  • Canada mad at Russia
  • QR Code Confusion
  • 22% Gone Phishing
  • Vessel Impersonation

 

Link to full report: IR-22-028-001_weekly028.pdf

10051028253?profile=RESIZE_400xThe U.S. Department of Homeland Security is reportedly warning that the U.S. could witness a retaliatory cyberattack at the hands of Russia if it decides to respond to the latter's potential invasion of Ukraine, where 100,000 or more troops have been amassed for weeks.  According to a DHS Intelligence and Analysis bulletin dated 23 January 2022 and sent to law enforcement agencies around the country, officials believe that if the U.S. responds to rising tensions at Ukraine's eastern border, the

10035854891?profile=RESIZE_400xThe US Federal Energy Regulatory Commission (FERC) announced on 20 January 2022, to strengthen its Critical Infrastructure Protection (CIP) Reliability Standards by requiring internal network security monitoring (INSM) for high and medium impact bulk electric system cyber systems.

The Notice of Proposed Rulemaking (NOPR) proposes to direct the North American Electric Reliability Corporation to develop and submit new or modified Reliability Standards to address a gap in the current standards.[1]

9933098252?profile=RESIZE_400xThe US and the UK have ‘quietly’ sent cyber warfare experts to Ukraine to help sabotage any cyber warfare threats like that in the 2015 Ukraine power grid hack when Russian hackers remotely took over a power company’s control center.  It was the first publicly international acknowledged attack using digital weaponry that attacked the Ukrainian power grid, causing power outages across the country.  In the hopes of protecting the Ukraine, as the US and allies speculate the next move of Russia, bot