Russia-Ukraine Cyber Warfare Updates + Advisories

 

Actionable Intel on Russian-Based Cyberattacks and Operations

International Conflict and Cybersecurity

Plenty of cyber implications arise when international conflict breaks out in a hyperconnected world. Deploying cyber operations in tandem with kinetic military operations, Russia’s ongoing invasion of its neighbor is case in point between coordinated cyberattacks on Ukrainian infrastructure by state-sponsored groups, and ransomware outfits threatening action against any interfering nation on the Kremlin’s behalf.

 

The new reality of globally entwined commerce puts every modern organization at risk. In light of the current geopolitical conflict, Optiv’s security operations centers (SOCs) and Global Threat Intelligence Center (gTIC) are operating with heightened awareness and will continue updating our clients and solutions through advisories and emerging intelligence. 

Mitigation Recommendations for Operations and Assets in Eastern Europe

 

Ukraine, Poland and Romania are key global hubs for information technology and information security outsourcing, which increases the risk of linked Western companies being targeted through employees, satellite offices or supply chain attacks.

Industries at Highest Risk for Disruptive Cyberattack

Image
financials-icon.png

 

Financials

Image
government-icon.png

 

Government

Image
utilities-icon.png

 

Utilities

Image
energy-icon.png

 

Energy

Image
telecommunications-icon.png

 

Telecommunications

Image
transportation-icon.png

 

Transportation

Vulnerabilities and Adversarial Tactics, Techniques and Procedures

Russia–Ukraine Invasion and Kinetic Warfare Timeline

October – December 2021

 

Russia masses troops along its Ukraine border.

January 13, 2022

 

A destructive malware campaign targets several Ukrainian public and private organizations. While the attack was disguised as ransomware, evidence suggests it was destructive in nature rather than financially motivated. The malware, dubbed “WhisperGate,” is a Master Boot Record (MBR) wiper malware and is believed to have been active since October 2021.

February 15, 2022

 

A large DDoS attack targets Ukrainian government and financial organizations. The distributed denial of service attack temporarily crashed multiple websites and was later attributed to the Russian Military Intelligence Group (GRU) by the U.S. and U.K. based on overlapping technical indicators. 

February 24, 2022

 

Russia invades Ukraine. Despite repeated denials in preceding months, Russian troops launched a full-scale assault into Eastern Ukraine while bombarding cities across the country with missile attacks.

 

Download gTIC Advisory 

February 25, 2022

 

Ransomware groups announce their support of Russia. Outfits including Conti, RedBandit and CoomingProject announced preparations to attack any country threatening action against Russia during its ongoing military invasion.

 

Download gTIC Advisory 

April 12, 2022

 

A malware attack on a major Ukrainian power grid is thwarted. CERT-UA, with the assistance of ESET, revealed an attempted deployment of Industroyer 2, a malware likely associated with the Sandworm threat actor group that’s designed to manipulate electrical utility equipment.

 

Learn More

Optiv’s Proactive Approach to Russian Cyber Threats

Researching

 

  • Following proven news sources and strategic security partners for updates and recommendations
  • Reviewing threat intel providers for relevant alerts

 

 

Hardening the “Perimeter”

 

  • Analyzing third-party risk management reports on our public-facing posture to identify any items that need to be addressed  
  • Scanning for any critical/high/medium vulnerabilities and other pressing issues 
  • Ensuring geo-blocking is properly in place wherever possible 

Communicating

 

  • Reaching out to potential high-target clients proactively

     
  • Sending emails to employees to be on high alert for social engineering, phishing, fake news and fraudulent humanitarian aid attempts 

Strengthening Internal Controls

 

  • Increasing level of diligence around event monitoring 
  • Reviewing security controls on high-value assets to ensure proper functioning 
  • Ingesting and hunting for IOCs as they become available

Evaluating Supply Chain

 

  • Identifying any strategic partners with connectivity into our environment who may have higher risks due to operations in Ukraine

Speak to an Expert