HomeTechnologyCybersecurityGoogle Reveals Russian Cyber Attacks on Ukraine

Google Reveals Russian Cyber Attacks on Ukraine

Published on


Russia’s cyber attacks on Ukraine increased by 250% in 2022 compared to two years before, according to a new joint analysis from Google’s Threat Analysis Group (TAG) and Mandiant.

The targeting, which corresponded with and has since lasted following the country’s military invasion of Ukraine in February 2022, was primarily directed against the Ukrainian government and military entities, as well as key infrastructure, utilities, public services, and the media sectors.

According to Mandiant, the first four months of 2022 saw “more harmful cyber attacks in Ukraine than in the preceding eight years, with intrusions spiking around the start of the invasion.”

WhisperGate, HermeticWiper, IsaacWiper, CaddyWiper, Industroyer2, and SDelete, among other wiper strains, have been used against Ukrainian networks, indicating a willingness on the part of Russian threat actors to forego sustained access.

Throughout the same time span, phishing assaults against NATO countries increased by 300%. These activities were spearheaded by PUSHCHA (aka Ghostwriter or UNC1151), a Belarusian government-backed organisation affiliated with Russia.

“Russian government-backed attackers have engaged in an aggressive, multi-pronged campaign to obtain a significant battlefield advantage in cyberspace,” TAG’s Shane Huntley said.

FROZENBARENTS (aka Sandworm or Voodoo Bear), FROZENLAKE (aka APT28 or Fancy Bear), COLDRIVER (aka Callisto Group), FROZEENVISTA (aka DEV-0586 or UNC2589), and SUMMIT are some of the primary participants involved in the initiatives (aka Turla or Venomous Bear).

Aside from the increased intensity and frequency of operations, the invasion has been accompanied by the Kremlin engaging in covert and overt information operations aimed at undermining the Ukrainian government, fracturing international support for Ukraine, and maintaining domestic support for Russia.

“GRU-sponsored actors have utilised their access to steal sensitive material and disseminate it to the public to support a narrative, or to conduct harmful cyber assaults or information operations campaigns,” the tech behemoth stated.

With the war splintering hacking groups over political allegiances, and in some cases, forcing them to close shop, the trend alludes to a “significant shift in the Eastern European cybercriminal ecosystem” that blurs the lines between financially driven individuals and state-sponsored attackers.

This is demonstrated by the fact that UAC-0098, a threat actor known for delivering the IcedID malware, has been seen repurposing its techniques to attack Ukraine as part of a series of ransomware operations.

Several UAC-0098 members have been identified as previous members of the now-defunct Conti cybercrime gang. TrickBot, which was integrated into the Conti operation previous to its suspension last year, has also resorted to systematically targeting Ukraine.

The prolonged conflict has prompted Chinese government-backed attackers such as CURIOUS GORGE (aka UNC3742) and BASIN (aka Mustang Panda) to shift their focus to Ukrainian and Western European targets for intelligence gathering.

“It is apparent that cyber will continue to play an important role in future armed conflict, augmenting traditional forms of combat,” Huntley added.

The discovery comes as the Computer Emergency Response Team of Ukraine (CERT-UA) issued a warning about phishing emails posing as essential security updates but containing executables that lead to the install of remote desktop control malware on vulnerable PCs.

The operation was linked to a threat actor known as UAC-0096, which was earlier spotted using the similar tactic in the weeks preceding up to the battle in late January 2022.

“A year after launching its full-scale invasion of Ukraine, Russia remains unsuccessful in bringing Ukraine under its control as it battles to overcome months of accumulating strategic and tactical errors,” cybersecurity firm Recorded Future stated in a study released this month.

“Despite Russia’s conventional military defeats and its failure to substantively advance its agenda through cyber operations,” it stated, while also emphasising its “burgeoning military collaboration with Iran and North Korea.”

Info source – The Hacker News

Latest articles

Malaysia Average Salary Insights: Fresh Graduates and Inflation

In Malaysia, determining the average salary for fresh graduates has become an increasingly pressing...

Just For Thought: Current Social Media Problem

The rise of social media has undoubtedly revolutionized the way we connect with others...

The Negative Impact of Social Media on Geopolitical Movements

The emergence of social media has revolutionized communication worldwide, facilitating the spread of information,...

China’s Investment In Sarawak And Its Implications

China's investment in Sarawak has raised concerns among many locals and environmentalists. The influx...

More like this

Eight Wartime Rules For “Civilian Hackers” And Four State Obligations To Restrain Them

As digital technology changes how militaries conduct war, a concerning trend has emerged in...

The hackers’ new method of demanding ransom payments

Software developer Veeam has found that cybercriminals are getting more ingenious with their ransomware...

China bans Micron chips from being used in important facilities, citing “national security” risks

China has stopped selling some Micron goods after opening an investigation into the American...