Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Russia-Ukraine War. Show all posts
Russia-Ukraine War
GammaSteel Infostealer malware Russia Hackers Russia-Ukraine War

Russian Attackers Target military mission in Ukraine With Info-Stealing Malware

 

Gamaredon, a Russia-backed threat group renowned for distributing malware via phishing emails, recently appears to have utilised an infected portable drive to target a Ukrainian-based military mission of an undisclosed Western country.

The malware was an updated version of GammaSteel, a data-stealing tool, according to Symantec researchers who analyzed the recent attacks. The report stated that the campaign was active in February and March. 

However, the researchers did not describe the detachable drive. Following the infection, Gamaredon employed novel strategies to disguise its activities from both researchers and sufferers. Symantec says GammaSteel was deployed using a complicated, multi-stage attack chain. 

Gamaredon, also known as Shuckworm and BlueAlpha, has been active since at least 2013 and is thought to operate from the Russian-annexed Crimean Peninsula under the supervision of Russia's Federal Security Service (FSB). Since the start of the Russian invasion, the organisation has repeatedly targeted Ukraine. In 2023 alone, the country identified 277 cyber incidents linked to the group. 

While Gamaredon is primarily responsible for cyberespionage activities targeting Ukrainian security and defence services, it has also been tied to at least one catastrophic cyberattack on an unidentified information infrastructure institution. Symantec did not reveal the targeted organisation, the extent of the GammaSteel campaign, or the nature of data the hackers attempted to steal. 

Gamaredon, which has historically been regarded as less proficient than other Russian threat actors, seems to have become more sophisticated in the most recent episode. The gang appears to be constantly altering its code, leveraging reliable online services, and adding obfuscation layers. 

Earlier in March, cybersecurity researchers at Cisco Talos warned that Gamaredon was conducting an ongoing operation to install a surveillance tool on Ukrainian computers. As part of this attack, Gamaredon infected users with phishing emails carrying harmful files relating to Ukrainian troop movements. 

According to Recorded Future's Insikt Group, the group was observed in December employing Cloudflare Tunnels — a service that helps mask the true location of servers or infrastructure — to infect targets with proprietary GammaDrop malware while remaining undetected. Earlier last year, two FSB-affiliated hackers were convicted in absentia to 15 years in prison in Ukraine for cyberattacks on governmental institutions. The pair is reportedly linked to Gamaredon.
Read more »
Threat Landscape
Cyber Warfare Online Security Russia-Ukraine War Technology Threat Landscape

The Rise of Cyber Warfare and Its Global Implications

 

In Western society, the likelihood of cyberattacks is arguably higher now than it has ever been. The National Cyber Security Centre (NCSC) advised UK organisations to strengthen their cyber security when Russia launched its attack on Ukraine in early 2022. In a similar vein, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) issued warnings about increased risks to US companies. 

There is no doubt that during times of global transition and turmoil, cyber security becomes a battlefield in its own right, with both state and non-state actors increasingly turning to cyber-attacks to gain an advantage in combat. Furthermore, as technology advances and an increasing number of devices connect to the internet, the scope and sophistication of cyber-attacks has grown significantly. 

Cyber warfare can take numerous forms, such as breaking into enemy state computer systems, spreading malware, and executing denial-of-service assaults. If a cyber threat infiltrates the right systems, entire towns and cities may be shut off from information, services, and infrastructure that have become fundamental to our way of life, such as electricity, online banking systems, and the internet. 

The European Union Agency for Network and Information Security (ENISA) believes that cyber warfare poses a substantial and growing threat to vital infrastructure. Its research on the "Threat Landscape for Foreign Information Manipulation Interference (FIMI)" states that key infrastructure, such as electricity and healthcare, is especially vulnerable to cyber-attacks during times of conflict or political tension.

In addition, cyber-attacks can disrupt banking systems, inflicting immediate economic loss and affecting individuals. According to the report, residents were a secondary target in more than half of the incidents analysed. Cyber-attacks are especially effective at manipulating public perceptions through, at the most basic level, inconvenience, to the most serious level, which could result in the loss of life. 

Risk to businesses 

War and military conflicts can foster a business environment susceptible to cyber-attacks, since enemies may seek to target firms or sectors deemed critical to a country's economy or infrastructure. They may also choose symbolic targets, like media outlets or high-profile businesses connected with a country. 

Furthermore, the use of cyber-attacks in war can produce a broad sense of instability and uncertainty, which can be exploited to exploit vulnerabilities in firms' cyber defences.

Cyber-attacks on a company's computer systems, networks, and servers can cause delays and shutdowns, resulting in direct loss of productivity and money. However, they can also harm reputation, prompt regulatory action (including the imposition of fines), and result in consumer loss. 

Prevention tips

To mitigate these risks, firms can take proactive actions to increase their cyber defences, such as self-critical auditing and third-party testing. Employees should also be trained to identify and respond to cyber risks. Furthermore, firms should conduct frequent security assessments to detect vulnerabilities and adopt mitigation techniques.
Read more »
Threat Landscape
Cyber Warfare Drone malware Russia-Ukraine War Threat Landscape

Russians Seize Malware-Infected Ukrainian Drones

 

Ukrainian forces are installing malware into their drones as a new tactic in their ongoing war with Russia. This development adds a cyber warfare layer to a battlefield that has already been impacted by drone technology, Forbes reported. 

Russian forces identified Ukrainian drones carrying malware, as evidenced by a video uploaded on social media. According to a Reddit thread that includes the video, this malware performs a variety of disruptive functions, including "burning out the USB port, preventing reflashing, or hijacking the repurposed FPV and revealing the operator location.” 

“This tactic highlights how Ukraine is leveraging its strong pre-war information technology sector to counter Russia’s advanced military technologies and strong defense industrial base,” states defense expert Vikram Mittal in his analysis. 

The malware serves several strategic objectives. It hinders Russian troops from analyzing seized Ukrainian drones to create countermeasures, prohibits them from repurposing captured technology, and may allow Ukrainian forces to track the whereabouts of Russian drone operators attempting to use captured devices.

“By embedding malware into their drones, Ukrainian developers have found a way to disrupt Russian counter-drone efforts without requiring additional physical resources, a critical advantage given Ukraine’s logistical constraints. This innovation could have broader implications for the war. If successful, Ukraine may begin integrating malware into other electronic systems to limit Russia’s ability to study or reuse them,” Mittal explains.

As drone warfare tactics continue to evolve, the report suggests that this trend would likely lead to a new technological competition between Russia and Ukraine. Ukraine's use of malware is expected to spark a new technological competition, similar to what is already happening with Ukrainian and Russian drone technology. 

In response, Russia is likely to deploy similar spyware on its drones and equipment, while both sides respond by establishing safety protocols and developing anti-virus software to combat the malware. In response, scientists on both sides will create increasingly powerful malware to circumvent these protections. This continuous cycle of assault and defence will add a new dimension to the fight for drone supremacy.
Read more »
Security Service of Ukraine(SBU)
Critical Infrastructure critical infrastructure cybersecurity Cyber Attacks Cybersecurity E-ticketing Online Services Russia-Ukraine War SBU Security Service of Ukraine(SBU)

Ukrzaliznytsia Cyberattack Disrupts Online Ticket Sales but Train Services Remain Unaffected

 

Ukraine’s national railway operator, Ukrzaliznytsia, has fallen victim to a large-scale cyberattack, severely disrupting its online ticket sales and forcing passengers to rely on physical ticket booths. The attack, which began on March 23, has caused significant delays, long queues, and overcrowding at train stations as people struggle to secure their travel arrangements. Despite the disruption to digital services, train schedules have remained unaffected, ensuring that rail transportation across the country continues without major interruptions.

In response to the attack, Ukrzaliznytsia has taken steps to mitigate the inconvenience by deploying additional staff at ticket offices to accommodate the surge in demand. However, the company acknowledged that waiting times remain long and urged passengers not to overcrowd sales points unnecessarily. To ensure that military personnel are not affected by the disruption, they have been granted the option to purchase tickets directly from train conductors. Meanwhile, civilians who had bought their tickets online before the cyberattack are advised to use the PDF copies sent to their email or arrive at the station early to seek assistance from railway officials. 

Ukrzaliznytsia confirmed the cyberattack in an official statement across multiple communication platforms, apologizing for the inconvenience caused to passengers. The company emphasized that, despite the challenges, train operations were running smoothly and schedules had not been impacted. Officials noted that prior experience with cyberattacks had helped strengthen the railway’s response mechanisms, allowing it to implement backup protocols that ensured continuity of service. 

However, online ticket sales remain unavailable as efforts continue to restore affected systems. Describing the attack as highly systematic and multi-layered, Ukrzaliznytsia stated that it was working closely with cybersecurity specialists from Ukraine’s Security Service (SBU) and the Government Computer Emergency Response Team (CERT-UA) to identify vulnerabilities and strengthen its defenses. While the company did not specify the origin of the attack, cyber threats targeting Ukrainian infrastructure have been a persistent issue since the start of Russia’s full-scale invasion. Both state agencies and private companies have faced frequent cyber incidents, highlighting the growing challenges in securing critical infrastructure. 

Despite the cyberattack, Ukrzaliznytsia remains committed to maintaining uninterrupted rail service. The company reassured passengers that its backup systems were in place to handle such incidents, ensuring that transportation across Ukraine and beyond continues without disruption. However, no specific timeline has been given for when online ticketing services will be fully restored, leaving passengers to rely on in-person ticket purchases for the foreseeable future.
Read more »
Russia-Ukraine War
Cyber Security Cybersecurity Agencies Cyberthreats International Cooperation Russia-Ukraine War

USAID Cybersecurity Aid to Ukraine Halted as Trump Administration Freezes Projects

 

Before and after Russia’s 2022 invasion, U.S.-funded initiatives played a crucial role in strengthening Ukraine’s cybersecurity. Many of these efforts, backed by the United States Agency for International Development (USAID), aimed to protect the country against cyber threats. 

However, progress has stalled since the Trump administration directed USAID and its contractors to halt operations. Meanwhile, Elon Musk’s DOGE undergoes restructuring, and unless legal action intervenes, the aid agency faces dismantlement. One of the most significant projects put on pause is the USAID Cybersecurity for Critical Infrastructure in Ukraine Activity, managed by Maryland-based DAI. In October, the initiative announced its collaboration with Ukraine’s Ministry of Foreign Affairs to secure diplomatic communications networks worldwide. 

At the time, Julie Koenen, USAID’s director in Ukraine, reaffirmed the agency’s commitment to maintaining essential government functions. Until January 17, the cybersecurity team remained active on social media, encouraging Ukrainian businesses to explore opportunities in the U.S. However, since Trump took office, its online presence has gone silent. Both USAID and DAI have not responded to inquiries regarding the program’s status. 

Former SSSCIP deputy head Victor Zhora, now a cybersecurity consultant, expressed concerns about funding uncertainty. Although he left his government position in 2023 amid a corruption probe—an allegation he denies—he remains hopeful that cybersecurity efforts will continue under another entity or a restructured version of USAID. He emphasized the program’s value in developing talent, training professionals, and advancing Ukraine’s cybersecurity infrastructure. 

Among its contributions, USAID had supplied over 5,000 Starlink devices for use across the country. Oleh Derevianko, founder of Ukraine’s Information Systems Security Partners, collaborated with USAID on various projects over the past five years. While he acknowledged inconsistencies in execution, he stressed the program’s overall benefit. USAID efforts focused on three key areas: legislative support, vulnerability assessments of critical infrastructure, and cybersecurity training programs.  

Looking ahead, even if Ukraine seeks international cybersecurity assistance, the absence of operational contractors could be a major obstacle. A source familiar with USAID’s funding model warned that if the freeze lasts beyond three months, many contractors will run out of funds. Since USAID-funded projects require contractors to cover expenses upfront and later invoice the government, delayed payments could cripple their financial stability. Additionally, banks may become reluctant to extend credit, further jeopardizing the sustainability of these projects.
Read more »
Threat Landscape
Global Airlines GPS Jamming GPS Spoofing Russia-Ukraine War Technology Threat Landscape

What is GPS Jamming, a Rising Concern for Global Aviation?

 

Estonia has accused neighbouring Russia of jamming GPS navigation equipment in airspace over the Baltic republics, echoing airline worries that they have been dealing with such interference for months. Estonian Foreign Minister Margus Tsahkna's accusation, for which he gave no evidence, came after Finnair's (FIA1S.HE) decision to suspend flights to Tartu in eastern Estonia for one month owing to GPS disruptions. The Kremlin did not immediately reply to calls for comment. There have been reports of an increase in GPS interference around the world, notably since last year, increasing concerns about a higher risk of mishaps if planes veer off course. 

What is GPS jamming and spoofing? 

GPS, or Global Positioning System, is a network of satellites and receiving devices used for positioning, navigation, and timing on Earth in anything from ships and planes to cars. GPS is one of the most essential navigation aids in aviation, having replaced costly ground devices that used radio beams to steer planes to landing. 

However, it is quite simple to block or distort GPS signals with store-bought tools, and the military has invested in technology capable of doing so. GPS jamming involves using a frequency transmitting device to obstruct or interfere with radio communications, typically by broadcasting signals from the ground that are stronger than satellite-based signals. 

Spoofing, which involves one country's military transmitting fake GPS signals to an enemy jet or drone to impede its ability to function, is frequently regarded as more disruptive and lethal than jamming.

Where does it occur? 

Last year in December, aviation advisory group OPSGROUP reported an increase in spoofing affecting private and commercial jets across the Middle East, including Iraq, Iran, Israel, and the Black Sea. It tends to hit areas near battle zones since the technology is employed to send suicide drones off track. Baltic countries have been reporting the issue for years, especially since the conflict in Ukraine began in 2022. 

Jamming around the Baltic Sea has gotten worse during the last six months, according to Finnair pilot and Finnish Pilots Association Safety and Security Committee chair Lauri Soini. GPS jamming is currently occurring in a region ranging from Poland to the Baltic nations to the Swedish and Finnish coasts, affecting lower altitudes as well as maritime traffic, Soini added. 

Airlines issue 

Most modern airliners use an array of sensors and sources to detect their position, in addition to GPS, so they can fly even if there is interference. However, according to pilots and industry analysts, airlines continue to rely heavily on GPS.

If jamming or spoofing occurs, GPS may have to be turned off and cannot be reset for the remainder of the flight. This might cause tension and delays during takeoff and landing because certain operations require GPS to perform. Some private jets rely solely on GPS navigation. 

However, AirBaltic safety manager and flight pilot Janis Kristops stated that the Tartu incident with Finnair was unusual. If GPS fails, most big airports have a range of other navigation systems accessible, he noted. 

And, given the various nature of jamming and spoofing devices, it is impossible for the aircraft industry to devise a comprehensive technological solution to limit the risk. Instead, officials intend to teach pilots to detect jamming and spoofing sooner.
Read more »
Telecom Giant
Cyber Attacks Russia-Ukraine War Russian Hackers SBU Telecom Giant

Prior to Cyber Attack, Russian Attackers Spent Months Inside the Ukraine Telecoms Giant

 

Kyivstar experienced a large-scale malfunction in December 2023, resulting in the outage of mobile communications and the internet for about 24 million users for several days. 

How? Russian hackers broke into the Ukrainian telecommunications giant's system in May 2023. Ilya Vityuk, the chief of the Security Service of Ukraine's (SBU) cyber security department, told Reuters that the attack's aim was to inflict a psychological blow on the public and gather intelligence information. 

“This attack is a big message, a big warning, not only to Ukraine, but for the whole Western world to understand that no one is actually untouchable,” stated Vityuk. He said that hundreds of virtual servers and PCs were among the "almost everything" that the attack destroyed. 

Reuters writes this is most likely the first instance of a catastrophic cyberattack that destroyed a telecoms operator's core. This happened despite Kyivstar's significant investment in cyber security. The SBU discovered that hackers attempted to break into Kyivstar in March or earlier. 

“Now we can say [with certainty] that they were in the system at least since May 2023,” Vityuk added. “I cannot say right now, from when they had... full access: probably at least since November.” 

He leaves open the possibility that during the attack, Russian hackers may have located phones, intercepted SMS conversations, stolen personal information, and possibly stolen Telegram accounts. 

Kyivstar disputes the SBU's assessment of potential breaches, claiming that customer data was not exposed. The SBU further revealed that attempts continued to launch additional cyber attacks to inflict greater harm even after the provider's operations were resumed. 

The damage of the provider's system makes it difficult to investigate the situation at this time. However, the SBU thinks that a gang of Sandworm hackers, a cyberwarfare unit of Russian military intelligence, may have been responsible for the attack. 

According to Vityuk, SBU investigators are still trying to figure out how Kyivstar was hacked and what kind of tools or software might have been used to get inside the system. They also indicated that it might have been phishing, insider help, or something else entirely. 

Vityuk claims that because the Ukrainian Armed Forces (AFU) employ "different algorithms and protocols" and do not depend on consumer-level communication carriers, the cyberattack had no effect on them. 

Fortunately, this incident didn't have a significant impact on us in terms of missile and drone detection, he concluded. The SBU issues a warning, stating that there's a chance that Russian hackers might try to attack Ukrainian cell operators again.
Read more »
surveillance
DTEK Kyiv Privacy Russia-Ukraine War Russian intelligence Security Service of Ukraine(SBU) surveillance

Russia Hacks Surveillance Cameras to Monitor Attacks in Kyiv


During Tuesday's intense missile and drone strikes on Ukraine's capital, Kyiv, which left over 250,000 people without internet or electricity amid dropping winter temperatures, Russian military intelligence broke into surveillance cameras to spy on Ukrainian air defenses and Kyiv's vital infrastructure.

Security Service of Ukraine informed that it responded to the hack by blocking and dismantling the suspected camera. 

The agency further advised online users to cease transmitting and watching security camera feeds online, as Russian military intelligence is utilizing the "collected data for preparing and adjusting strikes on Kyiv."

Russia has been attacking Kyiv and Kharkiv since New Year’s holiday weekend, resulting in five casualties and over 130 injured. On Tuesday, around 100 missiles were fired on the two cities. 

These attacks were monitored by the Russian intelligence by hacking into the online surveillance cameras that are privately-owned. "According to SBU cyber specialists, one of the devices was located on the balcony of an apartment building and was used by a local condominium to monitor the surrounding area," the SBU reported.

Hackers secretly recorded all visual data inside the surveillance camera's viewing range by gaining remote access to the device and altering its viewing angle. According to the SBU, Russian intelligence then viewed the feed on YouTube to assist the military in tracking the airstrikes and informing soldiers about their targets.

The hacked surveillance camera used for monitoring the parking lot of other residential complex in Kyiv helped hackers to surveille the surrounding areas, which comprised vital infrastructure facilities.

Internet and Power Supply Affected

The energy company DTEK said that Russian missiles had damaged power grid equipment and overhead lines in Kyiv and the surrounding region, causing blackouts that affected nearly 260,000 Kyiv residents. Russian missiles, drones, and bombers also struck Ukrainian internet and power supply services.

DTEK tweeted, "Critical infrastructure, industrial, civilian and military facilities were attacked. The main focus of the attack was the capital of Ukraine[…]DTEK's power engineers are quickly restoring power after the attack."

As of Wednesday, DTEK Executive Director Dmytro Sakharuk announced that all 260,000 residents in Kyiv and an additional 185,000 residents in the surrounding districts had their power restored. "We are now continuing to repair networks after yesterday's shelling, because some consumers had to be connected via backup circuits."  

Read more »
Subscribe to: Posts (Atom)