ukraine (33)

10841887054?profile=RESIZE_400xActivity Summary - Week Ending on 14 October 2022:

  • Red Sky Alliance identified 26,570 connections from new IP’s checking in with our Sinkholes
  • Netskope IAD hit 56x
  • Analysts identified 556 new IP addresses participating in various Botnets
  • Bisamware and Chile Locker
  • njRat, a.k.a. Bladabindi
  • Emotet 2022
  • Singtel
  • Pinnacle Hack
  • Ukraine War
  • Optus Part II

Link to full report:  IR-22-288-001_weekly288.pdf

10840156473?profile=RESIZE_400xOur friends at FortiGuard Labs have observed an increasing number of campaigns targeting either side of the ongoing Russian-Ukrainian conflict.  These may be a cyber element to the conflict or simply opportunistic threat actors taking advantage of the war to further their malicious objectives.  Recently, researchers encountered a malicious Excel document masquerading as a tool to calculate salaries for Ukrainian military personnel.  The shared practical report discusses the technical details of

10804163868?profile=RESIZE_400xJust what is for sale on the Dark Web?  According to a published report, the North Atlantic Treaty Organization (NATO) is investigating the leak of data reportedly stolen from a European missile systems firm, which hackers have put up for sale on the Dark Web.  The leaked data includes blueprints of weapons used by Ukraine in its current war with Russia.  Integrated defense company MBDA Missile Systems, headquartered in France, has acknowledged that data from its systems is a part of the cache b

10778400060?profile=RESIZE_400xThe Ukrainian energy agency responsible for the oversight and safe operation of the nation’s nuclear power plants said earlier this week that Russian hackers had launched their most ambitious effort yet on the company’s official website.  The attack appeared to fail and there was no indication that it threatened to disrupt the Ukrainian power grid or the company’s oversight of the nation’s 15 working  nuclear reactors.

The company, Energoatom,[1] said it had managed to keep the attack from being

10752642088?profile=RESIZE_400xEven in the middle of a war, Ukrainian law enforcers claim to have dismantled a large bot farm used by Russian special services to spread disinformation and propaganda in the country.  The Secret Service of Ukraine (SSU) said the million-strong bot farm was used to “spin destabilizing content” on the country’s military and political leadership to an audience of over 400,000.

This included fake news on the situation at the front, an alleged conflict between the President’s Office and the commande

10733059301?profile=RESIZE_400xActivity Summary - Week Ending on 29 July 2022:

  • Red Sky Alliance identified 25,992 connections from new IP’s checking in with our Sinkholes
  • Hetzner 10x
  • Analysts identified 309 new IP addresses participating in various Botnets
  • Ransomware UpDate
  • Adversary-in-the-Middle - AiTM
  • South Africa under Attack
  • Mercenary Spyware
  • T-Mobile
  • US Electric Grid
  • Kherson Ukraine

Link to full report: IR-22-210-002_weekly210.pdf

10669951688?profile=RESIZE_400xA new cross-platform ransomware named Luna can encrypt files on Windows, Linux, and ESXi, but its developers only offer it to Russian-speaking affiliates.  The ransomware is fairly simple, according to researchers who analyzed the malware, but it uses an encryption scheme that is not typically used by ransomware a combination of X25519 elliptic curve Diffie-Hellman key exchange using Curve25519 with the Advanced Encryption Standard (AES) symmetric encryption algorithm.  The Diffie-Hellman key ex

10614408283?profile=RESIZE_400xActivity Summary - Week Ending on 1 July 2022:

  • Red Sky Alliance identified 40,622 connections from new IP’s checking in with our Sinkholes
  • MS hit 45 x – 2nd week
  • Analysts identified 1,801 new IP addresses participating in various Botnets
  • DeadLocker
  • Symbiote
  • Killnet
  • СПИСОК_посилань_на_інтерактивні_карти[.]docx
  • Apple, Google and theUS FTC
  • Guns and California Data Hacks

Link to full report: IR-22-182-001_weekly182.pdf

10579688677?profile=RESIZE_400xEver since the beginning of the Internet Age, the potential to weaponize digital technologies as tools of international aggression has been known.  This was exposed by Russia’s 2007 cyber-attack on Estonia, which was widely recognized as the first such act by one state against another.  In 2016, NATO officially recognized cyberspace as a field of military operations alongside the more traditional domains of land, sea and air.

The current Russia-Ukraine War demonstrates the next major milestone i

10491226470?profile=RESIZE_400xTesla Inc. CEO Elon Musk said SpaceX’s high-speed Internet service, Starlink, has held out against Russia’s cyberwar tactics amid the country’s ongoing invasion of Ukraine. 

What Happened - Musk said last week that Starlink has resisted Russia’s “jamming & hacking attempts,” even as the Vladimir Putin-led country is ramping up efforts.  Musk linked his comment to a Reuters report that said Russia was behind a massive cyberattack against a satellite internet network that took tens of thousands of

10464656892?profile=RESIZE_400xWhen one of your enemies begins attacking another one of your other enemies, does this mean that your first enemy is now an ally?   I will let the philosophers answer this question.  A China-linked state-sponsored cyberespionage group has started targeting the Russian military in recent attacks, which aligns with China’s interests in the Russia-Ukraine war.  Tracked as Mustang PANDA, Bronze President, RedDelta, HoneyMyte, Red Lichand TA416, the government-backed hacking group previously focused

10401512465?profile=RESIZE_400xThe Sandworm Group, a Russian based APT, which recently made headlines after their botnet of machines infected with Cyclops Blink malware, was taken down by the US Department of Justice, has been busy crafting attacks targeting the Ukrainian power grid.  The Computer Emergency Response Team of Ukraine (CERT-UA), had to step in and take action to thwart the attack on the country’s energy facilities.  Blame for the attack has been placed on Sandworm in support of Russian military actions in Easter

10359900282?profile=RESIZE_400xA spokesman from the United States said on 07 April 2022 that it had secretly removed malware from computer networks around the world in recent weeks, a step to pre-empt Russian cyberattacks and send a message to President Vladimir V. Putin of Russia.  The actions, made public by Attorney General Merrick B. Garland, comes as U.S. officials warn that Russia could try to strike American critical infrastructure including financial firms, pipelines and the electric grid in response to the sanctions

10347898074?profile=RESIZE_400xUnderstandable fears of an unparalleled Russian cyberwar began to grow around the same time Russia began staging its military on their border with Ukraine.  Some people pictured a Russian digital assault not just on Ukraine but on all the West. At least a few people thought the Kremlin might team up with ransomware gangs to punish those who defied the invasion. Others were afraid that conflict between Putin’s hackers and Ukraine might spin out of control and spur a broader cyber melee around the

10235226663?profile=RESIZE_400xSince declaring cyberwar on Russia through the #OpRussia campaign, the hacktivist group Anonymous has been busy.  It has been three weeks since the Anonymous collective tweeted their declaration of war, and in that time the decentralized group has been a mainstay of news headlines.   

Since Russia invaded Ukraine the Anonymous twitter account, @YourAnonNews has gained close to 500,000 followers.  In the hybrid war format where both acts of kinetic war and cyber war have been documented many hack

10226651692?profile=RESIZE_400xA provocative piece from Vox, explains the current state of the Russian Cyber War.   After three weeks of fighting, Russia is beginning to deploy increasingly brutal tactics in Ukraine, including indiscriminate shelling of cities and “medieval” siege warfare. Other elements of its military strategy, however, are conspicuously absent in cyberwarfare.  Russia has a history of employing cyberwarfare tactics, which some experts believed could feature prominently in its invasion of Ukraine. The cyber

10169770270?profile=RESIZE_400xActivity Summary - Week Ending on 4 March 2022:

  • Red Sky Alliance identified 5,761 connections from new IP’s checking in with our Sinkholes
  • Malicious Keylogger data is back
  • Analysts identified 5,700 new IP addresses participating in various Botnets
  • Kraken Botnet
  • TA2541 Part II
  • Russian Hackers
  • Indian Port hit with Malware
  • Anonymous: Good or Bad Guys?
  • Popular Journalist Hacked
  • Bridgestone Americas
  • US Banks on High Alert

Link to full report: IR-22-063-001_weekly063.pdf

10167240466?profile=RESIZE_400xAs news continues to break about the ongoing crisis in Western Europe, Cyber Security professionals have been busy making sense of the role that presumably planned cyber-attacks have played in the conflict between Russia and Ukraine.  A number of Russian cyber-attacks have served as a prelude to a physical invasion of Ukraine.  There is a lot of information from the past two months to unpack and new events are continuing to be reported.

A quick review of the cyber events leading up to boots on t

10167245075?profile=RESIZE_400xThe common definition of Guerrilla Warfare is a form of ‘irregular’ warfare in which small groups of combatants, such as paramilitary personnel, armed civilians, or irregulars, use military tactics including ambushes, sabotage, raids, petty warfare, hit-and-run tactics, and mobility, to fight a larger and less-mobile traditional military.  Now enter cyber guerrilla warfare.  A Ukrainian cyber guerrilla warfare group is in the process of launching digital sabotage attacks against critical Russian

10160746052?profile=RESIZE_400xA member of the Conti ransomware group, believed to be Ukrainian of origin, has leaked the gang’s internal chats after the group’s leaders posted an aggressive pro-Russian message on their official site, on February 25th, in the aftermath of Russia’s invasion of Ukraine.  The message appears to have rubbed Conti’s Ukrainian members the wrong way, and one of them has hacked the gang’s internal Jabber/XMPP server. Internal logs were leaked earlier today via an email sent to multiple journalists an