.
The war between Russia and Ukraine is also carried out digitally, with cyberattacks. There are, therefore, threats aimed at strategic European sectors of companies and public institutions arising from this conflict. The Energy, Telecommunications, Transport and Critical Infrastructure sectors are the most at risk from a cybersecurity point of view.
“There is a suspicion that we will see an increase in cyberattacks targeting European Union countries and other NATO countries. We believe that these actions may not be openly communicated by Russia, as this could lead to an escalation of reactions and trigger a worldwide conflict. For now, most efforts are focused on Ukraine, but over time we may see some scenarios, with the exception that these are possibilities, such as: use of cyber-offensive tactics that allow retaliation against the same sectors where Russia is subject to international sanctions; camouflaged sponsorship of cyberattacks, by Russia, organizations and companies from European Union countries, Canada or the United States of America through cybercriminal groups (such as Ransomware groups or digital militias); cyberattacks coordinated by the FSB or GRU intelligence agencies targeting critical infrastructure in countries close to Ukraine”.
Hugo Nunes, Threat Intelligence Team Leader at S21sec Portugal
History shows us that since 2014 there are records of cyberattacks between Russia and Ukraine, starting as early as that same year, when Russian attackers blocked telecommunications systems in Crimea. In 2015 and 2016, attackers allegedly sponsored by Russia attacked Ukrainian energy companies.
In 2017, the NotPeya ransomware attack that was carried out by Russian forces against Ukraine quickly had significant impacts across the rest of the world. In 2018, several international security agencies were already warning of Russian operations against strategic sectors, and last year several cybercriminal groups of Russian origin carried out campaigns against European organizations and entities.
In the analysis that S21sec has carried out on the conflict between Russia and Ukraine, several attacks with malware of the type wiper. This type of malware manages to destroy the systems it targets or eliminate the data on them. Several new families of this type of malware used in targeted attacks against Ukraine have already been discovered, namely “WhisperGate”, “HermeticWiper”, “PartyTicket” and “CaddyWiper”.
APT – Advanced Persistent Threat Groups
The APT groups linked to Russia are truly multidisciplinary organizations, with up-to-date hacking tools and a high technical level. Among the different Russian groups we find the following:
- Primitive Bear / Gamaredon — its objective is to carry out espionage and intelligence gathering activities, with a special focus on Ukraine. This group has been active at least since 2013.
- Venomous Bear / Turla — cyber-espionage campaigns against the academic, government and telecommunications sectors. This group is characterized by its high motivation and use of sophisticated operating techniques.
- Cozy Bear (APT29) — one of the most active groups targeting Ukraine and the United States, with campaigns of spear phishing volume and an extensive malware portfolio at your disposal.
Malware of the type wiper shown below were attributed to an APT linked to a nation state:
- SHAMOON — at least six campaigns related to this malware were identified, using at least 3 different versions of this malware.
- NOTPETYA — The attackers compromised a software vendor’s servers to introduce NotPetya samples into their updates and, in this way, go unnoticed and spread the malicious component that initially affected more than 2000 organizations in Ukraine, but which quickly spread to other geographies.
- STONEDRILL — uses numerous functions with invalid parameters to try to avoid detection by antivirus and heuristic detections. Victims of this wiper also occurred in countries in the European community.
- OLYMPIC DESTROYER — this malware tries to erase information from the device and increase its difficulty of recovery and incident analysis. This wiper had one of its first inclusions in the Winter Olympic games 2018 held in South Korea.
- WHISPERGATE — It camouflages itself to look like ransomware, but its real purpose is to cause as much damage as possible to infected systems and render them inoperable. This malware was used against Ukrainian targets last January.
Follow all the technological updates on TecheNet through Google News. All the news in real time and without delays!
Other interesting articles:
.
