×

Irish Information Security Forum

Special Report: Ukraine

April 27, 2022

Since shortly before the invasion began, Microsoft has indicated that hackers in six groups aligned with the Kremlin have launched no fewer than 237 operations in concert with the physical attacks on the battlefield. Almost 40 of them targeting hundreds of systems used wiper malware, which deletes essential files stored on hard drives so the machines can’t boot.

microsoft logo

“As today’s report details, Russia’s use of cyberattacks appears to be strongly correlated and sometimes directly timed with its kinetic military operations targeting services and institutions crucial for civilians,” Tom Burt, Microsoft corporate vice president for customer security, wrote. He said the “relentless and destructive Russian cyberattacks” were particularly concerning because many of them targeted critical infrastructure that could have cascading negative effects on the country.

 

Throughout this conflict, Russian nation state cyber operatives conducted intrusions in concert with military action. At least six Russian Advanced Persistent Threat (APT) operatives have conducted destructive attacks, espionage operations, or both, while Russian military forces attacked the country by land, air, and sea. It is unclear whether computer network operators and physical forces are just independently pursuing a common set of priorities or actively coordinating. However, collectively, the cyber and kinetic actions work to disrupt or degrade Ukrainian government and military functions and undermine the public’s trust in those same institutions.

 

Russia stepped up its cyber offensive once the invasion began.
Details include:

 

  • The February 14 and February 17 compromises of critical infrastructure in the Ukrainian cities of Odesa and Sumy. These actions appeared to have set the stage for February 24, when Russian tanks advanced into Sumy.
  • On March 2, Russian hackers burrowed into the network of a Ukrainian nuclear power company. A day later, Russian forces occupied Ukraine’s biggest nuclear power station.
  • On March 11, a government agency in Dnipro was targeted with a destructive implant. The same day, Russian forces launched strikes into Dnipro government buildings.


Wednesday’s report said that as early as March 2021, hackers aligned with Russia prepared for conflict with its neighboring country by escalating actions against organizations inside or aligned with Ukraine.


The actions haven’t stopped since. Burt wrote:

When Russian troops first started to move toward the border with Ukraine, we saw efforts to gain initial access to targets that could provide intelligence on Ukraine’s military and foreign partnerships. By mid-2021, Russian actors were targeting supply chain vendors in Ukraine and abroad to secure further access not only to systems in Ukraine but also NATO member states. In early 2022, when diplomatic efforts failed to de-escalate mounting tensions around Russia’s military build-up along Ukraine’s borders, Russian actors launched destructive wiper malware attacks against Ukrainian organizations with increasing intensity. Since the Russian invasion of Ukraine began, Russian cyberattacks have been deployed to support the military’s strategic and tactical objectives. It’s likely the attacks we’ve observed are only a fraction of activity targeting Ukraine.

 

The report includes a variety of security measures likely targets of Russian cyberattacks can take to protect themselves. 

Special Report: Ukraine : report cover page

IISF Logo

If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
IISF Secretary:

By email:
secretary@iisf.ie

By post:

David Cahill

Information Security

GPO, 1-117
D01 F5P2

Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland

 


Forum SPONSORS 

Invitations for Annual Sponsorship of IISF has now reopened.

Sponsorship of IISF Opportunity
(your logo & profile link here)

 

Sponsors are featured prominently throughout the IISF.IE website, social media channels as well as enjoying other benefits Read more

 

secured by edgescan digital security radar logo

© iiSf. All rights reserved. CRN: 3400036GH  - Privacy  - Sponsorship  - Cybersecurity News Index  - Cybersecurity Resources  - X  - Produced by
LinkedIn Twitter