Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 400 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Actionable Intel on Russian-Based Cyberattacks and Operations
Vulnerabilities & TTPs
What We're Doing
Plenty of cyber implications arise when international conflict breaks out in a hyperconnected world. Deploying cyber operations in tandem with kinetic military operations, Russia’s ongoing invasion of its neighbor is case in point between coordinated cyberattacks on Ukrainian infrastructure by state-sponsored groups, and ransomware outfits threatening action against any interfering nation on the Kremlin’s behalf.
The new reality of globally entwined commerce puts every modern organization at risk. In light of the current geopolitical conflict, Optiv’s security operations centers (SOCs) and Global Threat Intelligence Center (gTIC) are operating with heightened awareness and will continue updating our clients and solutions through advisories and emerging intelligence.
Optiv’s Latest Russia-Ukraine Advisories
Russia/Ukraine Update - August 2022
Russia/Ukraine Update - June 2022
Optiv gTIC: Ransomware Outfits Announcing Support for Russia in the Event of Cyberattacks
Optiv gTIC: Russian Operations Against Ukraine
Source Zero: Russian Cyber Operations Supplementing Kinetic Military and Shaping Operations
Source Zero: Cyber Operations Augmenting Russian Military Operations
Ukraine, Poland and Romania are key global hubs for information technology and information security outsourcing, which increases the risk of linked Western companies being targeted through employees, satellite offices or supply chain attacks.
Practice defense-in-depth and defensive strategies to mitigate threats from all potential adversaries. Cybercriminal malware, business email compromise (BEC) and ransomware remain the most relevant, likely and dangerous threats to all organizations.
Optiv’s gTIC makes the following recommendations on mitigation:
Industries at Highest Risk for Disruptive Cyberattack
At-Risk Software and TTPs
CISA’s Known Exploited Vulnerabilities Catalog
Optiv’s gTIC advisory covers current software, vulnerabilities and TTPs that we estimate may likely be leveraged by Russian state-sponsored groups and other cyber adversaries over the next 12 months.
Download gTIC Advisory
Updated often, the Cybersecurity & Infrastructure Security Agency’s running list publishes vulnerabilities being actively exploited across common software and products.
See the Current List
October – December 2021
Russia masses troops along its Ukraine border.
January 13, 2022
A destructive malware campaign targets several Ukrainian public and private organizations. While the attack was disguised as ransomware, evidence suggests it was destructive in nature rather than financially motivated. The malware, dubbed “WhisperGate,” is a Master Boot Record (MBR) wiper malware and is believed to have been active since October 2021.
February 15, 2022
A large DDoS attack targets Ukrainian government and financial organizations. The distributed denial of service attack temporarily crashed multiple websites and was later attributed to the Russian Military Intelligence Group (GRU) by the U.S. and U.K. based on overlapping technical indicators.
February 24, 2022
Russia invades Ukraine. Despite repeated denials in preceding months, Russian troops launched a full-scale assault into Eastern Ukraine while bombarding cities across the country with missile attacks.
Download gTIC Advisory
February 25, 2022
Ransomware groups announce their support of Russia. Outfits including Conti, RedBandit and CoomingProject announced preparations to attack any country threatening action against Russia during its ongoing military invasion.
April 12, 2022
A malware attack on a major Ukrainian power grid is thwarted. CERT-UA, with the assistance of ESET, revealed an attempted deployment of Industroyer 2, a malware likely associated with the Sandworm threat actor group that’s designed to manipulate electrical utility equipment.
Here’s what we’re doing right now to protect our people, systems and clients:
Hardening the “Perimeter”
Strengthening Internal Controls
Evaluating Supply Chain