Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Russia-Ukraine War. Show all posts
Russia-Ukraine War
Cyber Security Cybersecurity Agencies Cyberthreats International Cooperation Russia-Ukraine War

USAID Cybersecurity Aid to Ukraine Halted as Trump Administration Freezes Projects

 

Before and after Russia’s 2022 invasion, U.S.-funded initiatives played a crucial role in strengthening Ukraine’s cybersecurity. Many of these efforts, backed by the United States Agency for International Development (USAID), aimed to protect the country against cyber threats. 

However, progress has stalled since the Trump administration directed USAID and its contractors to halt operations. Meanwhile, Elon Musk’s DOGE undergoes restructuring, and unless legal action intervenes, the aid agency faces dismantlement. One of the most significant projects put on pause is the USAID Cybersecurity for Critical Infrastructure in Ukraine Activity, managed by Maryland-based DAI. In October, the initiative announced its collaboration with Ukraine’s Ministry of Foreign Affairs to secure diplomatic communications networks worldwide. 

At the time, Julie Koenen, USAID’s director in Ukraine, reaffirmed the agency’s commitment to maintaining essential government functions. Until January 17, the cybersecurity team remained active on social media, encouraging Ukrainian businesses to explore opportunities in the U.S. However, since Trump took office, its online presence has gone silent. Both USAID and DAI have not responded to inquiries regarding the program’s status. 

Former SSSCIP deputy head Victor Zhora, now a cybersecurity consultant, expressed concerns about funding uncertainty. Although he left his government position in 2023 amid a corruption probe—an allegation he denies—he remains hopeful that cybersecurity efforts will continue under another entity or a restructured version of USAID. He emphasized the program’s value in developing talent, training professionals, and advancing Ukraine’s cybersecurity infrastructure. 

Among its contributions, USAID had supplied over 5,000 Starlink devices for use across the country. Oleh Derevianko, founder of Ukraine’s Information Systems Security Partners, collaborated with USAID on various projects over the past five years. While he acknowledged inconsistencies in execution, he stressed the program’s overall benefit. USAID efforts focused on three key areas: legislative support, vulnerability assessments of critical infrastructure, and cybersecurity training programs.  

Looking ahead, even if Ukraine seeks international cybersecurity assistance, the absence of operational contractors could be a major obstacle. A source familiar with USAID’s funding model warned that if the freeze lasts beyond three months, many contractors will run out of funds. Since USAID-funded projects require contractors to cover expenses upfront and later invoice the government, delayed payments could cripple their financial stability. Additionally, banks may become reluctant to extend credit, further jeopardizing the sustainability of these projects.
Read more »
Threat Landscape
Global Airlines GPS Jamming GPS Spoofing Russia-Ukraine War Technology Threat Landscape

What is GPS Jamming, a Rising Concern for Global Aviation?

 

Estonia has accused neighbouring Russia of jamming GPS navigation equipment in airspace over the Baltic republics, echoing airline worries that they have been dealing with such interference for months. Estonian Foreign Minister Margus Tsahkna's accusation, for which he gave no evidence, came after Finnair's (FIA1S.HE) decision to suspend flights to Tartu in eastern Estonia for one month owing to GPS disruptions. The Kremlin did not immediately reply to calls for comment. There have been reports of an increase in GPS interference around the world, notably since last year, increasing concerns about a higher risk of mishaps if planes veer off course. 

What is GPS jamming and spoofing? 

GPS, or Global Positioning System, is a network of satellites and receiving devices used for positioning, navigation, and timing on Earth in anything from ships and planes to cars. GPS is one of the most essential navigation aids in aviation, having replaced costly ground devices that used radio beams to steer planes to landing. 

However, it is quite simple to block or distort GPS signals with store-bought tools, and the military has invested in technology capable of doing so. GPS jamming involves using a frequency transmitting device to obstruct or interfere with radio communications, typically by broadcasting signals from the ground that are stronger than satellite-based signals. 

Spoofing, which involves one country's military transmitting fake GPS signals to an enemy jet or drone to impede its ability to function, is frequently regarded as more disruptive and lethal than jamming.

Where does it occur? 

Last year in December, aviation advisory group OPSGROUP reported an increase in spoofing affecting private and commercial jets across the Middle East, including Iraq, Iran, Israel, and the Black Sea. It tends to hit areas near battle zones since the technology is employed to send suicide drones off track. Baltic countries have been reporting the issue for years, especially since the conflict in Ukraine began in 2022. 

Jamming around the Baltic Sea has gotten worse during the last six months, according to Finnair pilot and Finnish Pilots Association Safety and Security Committee chair Lauri Soini. GPS jamming is currently occurring in a region ranging from Poland to the Baltic nations to the Swedish and Finnish coasts, affecting lower altitudes as well as maritime traffic, Soini added. 

Airlines issue 

Most modern airliners use an array of sensors and sources to detect their position, in addition to GPS, so they can fly even if there is interference. However, according to pilots and industry analysts, airlines continue to rely heavily on GPS.

If jamming or spoofing occurs, GPS may have to be turned off and cannot be reset for the remainder of the flight. This might cause tension and delays during takeoff and landing because certain operations require GPS to perform. Some private jets rely solely on GPS navigation. 

However, AirBaltic safety manager and flight pilot Janis Kristops stated that the Tartu incident with Finnair was unusual. If GPS fails, most big airports have a range of other navigation systems accessible, he noted. 

And, given the various nature of jamming and spoofing devices, it is impossible for the aircraft industry to devise a comprehensive technological solution to limit the risk. Instead, officials intend to teach pilots to detect jamming and spoofing sooner.
Read more »
Telecom Giant
Cyber Attacks Russia-Ukraine War Russian Hackers SBU Telecom Giant

Prior to Cyber Attack, Russian Attackers Spent Months Inside the Ukraine Telecoms Giant

 

Kyivstar experienced a large-scale malfunction in December 2023, resulting in the outage of mobile communications and the internet for about 24 million users for several days. 

How? Russian hackers broke into the Ukrainian telecommunications giant's system in May 2023. Ilya Vityuk, the chief of the Security Service of Ukraine's (SBU) cyber security department, told Reuters that the attack's aim was to inflict a psychological blow on the public and gather intelligence information. 

“This attack is a big message, a big warning, not only to Ukraine, but for the whole Western world to understand that no one is actually untouchable,” stated Vityuk. He said that hundreds of virtual servers and PCs were among the "almost everything" that the attack destroyed. 

Reuters writes this is most likely the first instance of a catastrophic cyberattack that destroyed a telecoms operator's core. This happened despite Kyivstar's significant investment in cyber security. The SBU discovered that hackers attempted to break into Kyivstar in March or earlier. 

“Now we can say [with certainty] that they were in the system at least since May 2023,” Vityuk added. “I cannot say right now, from when they had... full access: probably at least since November.” 

He leaves open the possibility that during the attack, Russian hackers may have located phones, intercepted SMS conversations, stolen personal information, and possibly stolen Telegram accounts. 

Kyivstar disputes the SBU's assessment of potential breaches, claiming that customer data was not exposed. The SBU further revealed that attempts continued to launch additional cyber attacks to inflict greater harm even after the provider's operations were resumed. 

The damage of the provider's system makes it difficult to investigate the situation at this time. However, the SBU thinks that a gang of Sandworm hackers, a cyberwarfare unit of Russian military intelligence, may have been responsible for the attack. 

According to Vityuk, SBU investigators are still trying to figure out how Kyivstar was hacked and what kind of tools or software might have been used to get inside the system. They also indicated that it might have been phishing, insider help, or something else entirely. 

Vityuk claims that because the Ukrainian Armed Forces (AFU) employ "different algorithms and protocols" and do not depend on consumer-level communication carriers, the cyberattack had no effect on them. 

Fortunately, this incident didn't have a significant impact on us in terms of missile and drone detection, he concluded. The SBU issues a warning, stating that there's a chance that Russian hackers might try to attack Ukrainian cell operators again.
Read more »
surveillance
DTEK Kyiv Privacy Russia-Ukraine War Russian intelligence Security Service of Ukraine(SBU) surveillance

Russia Hacks Surveillance Cameras to Monitor Attacks in Kyiv


During Tuesday's intense missile and drone strikes on Ukraine's capital, Kyiv, which left over 250,000 people without internet or electricity amid dropping winter temperatures, Russian military intelligence broke into surveillance cameras to spy on Ukrainian air defenses and Kyiv's vital infrastructure.

Security Service of Ukraine informed that it responded to the hack by blocking and dismantling the suspected camera. 

The agency further advised online users to cease transmitting and watching security camera feeds online, as Russian military intelligence is utilizing the "collected data for preparing and adjusting strikes on Kyiv."

Russia has been attacking Kyiv and Kharkiv since New Year’s holiday weekend, resulting in five casualties and over 130 injured. On Tuesday, around 100 missiles were fired on the two cities. 

These attacks were monitored by the Russian intelligence by hacking into the online surveillance cameras that are privately-owned. "According to SBU cyber specialists, one of the devices was located on the balcony of an apartment building and was used by a local condominium to monitor the surrounding area," the SBU reported.

Hackers secretly recorded all visual data inside the surveillance camera's viewing range by gaining remote access to the device and altering its viewing angle. According to the SBU, Russian intelligence then viewed the feed on YouTube to assist the military in tracking the airstrikes and informing soldiers about their targets.

The hacked surveillance camera used for monitoring the parking lot of other residential complex in Kyiv helped hackers to surveille the surrounding areas, which comprised vital infrastructure facilities.

Internet and Power Supply Affected

The energy company DTEK said that Russian missiles had damaged power grid equipment and overhead lines in Kyiv and the surrounding region, causing blackouts that affected nearly 260,000 Kyiv residents. Russian missiles, drones, and bombers also struck Ukrainian internet and power supply services.

DTEK tweeted, "Critical infrastructure, industrial, civilian and military facilities were attacked. The main focus of the attack was the capital of Ukraine[…]DTEK's power engineers are quickly restoring power after the attack."

As of Wednesday, DTEK Executive Director Dmytro Sakharuk announced that all 260,000 residents in Kyiv and an additional 185,000 residents in the surrounding districts had their power restored. "We are now continuing to repair networks after yesterday's shelling, because some consumers had to be connected via backup circuits."  

Read more »
WinRAR
Aerospace APT29 CVE vulnerability Data Breach Foreign policy Russia-Ukraine War Russian Hacker Software Bug supply chain security Ukraine WinRAR

APT29 Strikes: WinRAR Exploits in Embassy Cyber Attacks

During the latest wave of cyberattacks, foreign embassies have been the target of a malicious group known as APT29. They have employed a highly complex attack method that takes advantage of weaknesses in WinRAR, a widely used file compression software. There have been shockwaves throughout the cybersecurity world due to this worrisome disclosure, leading to immediate action to strengthen digital defenses.

According to reports from cybersecurity experts, APT29 has ingeniously employed the NGROK feature in conjunction with a WinRAR exploit to infiltrate embassy networks. The NGROK service, designed for secure tunneling to localhost, has been repurposed by hackers to conceal their malicious activities, making detection and attribution a formidable challenge.

WinRAR, a widely used application for compressing and decompressing files, has been targeted due to a specific vulnerability, identified as CVE-2023-38831. This flaw allows the attackers to execute arbitrary code on the targeted systems, giving them unfettered access to sensitive information stored within embassy networks.

The attacks, initially discovered by cybersecurity researchers, have been corroborated by the Ukrainian National Security and Defense Council (RNBO). Their November report outlines the APT29 campaigns, shedding light on the extent of the damage inflicted by these cyber intruders.

The fact that foreign embassies are specifically being targeted by this onslaught is very disturbing. Because these organizations handle so much private, political, and diplomatic data, they are often the focus of state-sponsored cyber espionage. The attackers' capacity to take advantage of flaws in popular software, such as WinRAR, emphasizes the necessity of constant watchfulness and timely software updates to reduce any threats.

Cybersecurity professionals advise companies, particularly those in delicate industries like diplomacy, to conduct extensive security assessments, quickly fix holes, and strengthen their defenses against ever-evolving cyber attacks in reaction to these disclosures. The APT29 attacks highlight the significance of a multi-pronged cybersecurity strategy that incorporates advanced threat detection methods, personnel awareness training, and strong software security procedures.

International cybersecurity organizations must work together as governments struggle with the ever-changing world of cyber threats. The APT29 attacks are a sobering reminder that the digital sphere has turned into a combat zone and that, in order to preserve diplomatic relations and maintain national interests, defense against such threats necessitates a united front.

Read more »
Threat Landscape
Cyber Security Kyiv Russia-Ukraine War Russian Navy Starlink Threat Landscape

Elon Musk Claims he Withheld Starlink to Deny Attack on Russian Navy Fleet

 

Elon Musk claimed that he turned down a proposal from the Ukrainian government to turn on his Starlink satellite network near Sevastopol, the port city of Crimea, last year in order to support an assault on the Russian navy there, citing his concern over being implicated in a "major" act of war. 

The billionaire businessman made the comment on his social media platform X after CNN highlighted an excerpt from a recent biography of Musk that claims he ordered the Starlink network turn off near the Crimean coast last year in order to thwart the Ukrainian covert operation. 

Musk wrote on the social media platform X, formerly known as Twitter, that he had to turn down a last-minute request from Ukraine "to activate Starlink all the way to Sevastopol." Both he and the excerpt omitted to include the request's date.

"The obvious intent being to sink most of the Russian fleet at anchor," Musk states. "If I had agreed to their request, then SpaceX would be explicitly complicit in a major act of war and conflict escalation." 

Since its full-scale invasion of Ukraine in 2022, Russia, which seized the strategically vital Crimea peninsula in 2014, has used the Black Sea Fleet, which is based in Sevastopol, to blockade Ukrainian ports. The Russian fleet launches cruise missiles against Ukrainian civilian sites, and Kiev has carried out marine drone attacks on Russian vessels. 

According to CNN, the latest biography of Elon Musk by Walter Isaacson, "Elon Musk," which will be published by Simon & Schuster next week, claims that when Ukrainian submarine drones carrying explosives last year approached the Russian fleet, they "lost connectivity and washed ashore harmlessly." 

It said Musk's decision, which left Ukrainian authorities pleading with him to activate the satellites, was motivated by a fear that Russia might respond to a Ukrainian invasion with nuclear weapons.

Musk's fears of a "mini-Pearl Harbour" were based on contacts with senior Russian officials and his fears of a "mini-Pearl Harbour." 

The first time the Ukrainian navy has extended its reach thus far from its borders was in August when a Ukrainian naval drone attacked the Russian Black Sea navy station in Novorossiysk, gravely damaging a Russian cruiser. 

Since the start of the war in 2022, SpaceX has been providing Ukrainians and the country's military with Starlink internet service, a rapidly increasing network of over 4,000 satellites in low Earth orbit, through private donations and a separate contract with a U.S. foreign aid agency. In June, the Pentagon announced that SpaceX's Starlink had been awarded a Department of Defence contract to purchase satellite services for Ukraine. 

Commenting on the reports on Ukrainian national television, Vadym Skybytskyi, an officer in the Ukrainian Defence Ministry's Intelligence Directorate GUR, did not explicitly address whether Musk had denied Ukraine's request. But he added it was vital to investigate and "appoint a specific group to examine what happened."
Read more »
Russian Ransomware
Cyber Security Data Leak Phishing Attacks Russia-Ukraine War Russian Hackers Russian Ransomware

Russian Cyber-Attacks and the Looming Threat of WW3

Russian cyberattacks have been on the rise alarmingly over the past few years, raising concerns among specialists about the possible repercussions. The threat that these cyberattacks will start a worldwide battle, commonly referred to as World War III, looms menacingly as tensions between Russia and its surrounding nations, particularly Ukraine, continue to simmer.

An alarm has been raised by the persistent nature of these Russian cyberattacks. Government officials and cybersecurity experts have frequently sounded the alarm and urged countries to strengthen their digital defenses. These assaults are a new kind of warfare that has the potential to develop into a major global disaster since they target vital infrastructure, governmental organizations, and private businesses.

Ukraine's vulnerability to sophisticated cyberattacks is one of the main worries. The majority of these digital offensives have targeted the nation, which has been in conflict with Russia over territorial concerns. Numerous high-profile cyberattacks against Ukraine have been linked to Russian hackers, including data leaks and devastating power outages. In addition to causing regional instability, these attacks attract other people.

The situation is exacerbated by Russia's evolving cyber capabilities. Russian state-sponsored hacking groups are constantly evolving and improving their tactics, making it increasingly challenging for cybersecurity experts to defend against them. These groups often operate with the support and protection of the Russian government, further complicating the issue.

While the term World War III may conjure images of a large-scale military conflict, it's essential to recognize that modern warfare has evolved. Cyber-attacks have become a potent tool in international disputes, capable of causing significant damage without traditional military engagement. The interconnectedness of our world means that a cyber-attack can have far-reaching consequences, affecting not only the target nation but also its allies and even neutral parties.

Nations must make significant investments in cybersecurity measures to reduce the prospect of World War III provoked by these unrelenting Russian cyberattacks. This involves enhancing information exchange and international cooperation, protecting vital infrastructure, and creating cutting-edge cybersecurity tools. Additionally, it is important to employ diplomacy to address the underlying reasons behind the hostilities between Russia and its neighbors while fostering communication and dispute resolution.

The persistent Russian cyberattacks pose a serious threat to world security and have sparked worries about the possibility of a third world war starting. Nations must work proactively to protect themselves from these attacks and look for peaceful ways to settle the underlying problems. The world must adjust to the blurring of the lines between peace and conflict in this digital age.

Read more »
ThreatCloud AI
Check Point Cyber Attacks Cyber space Hacktivism Russia-Ukraine War ThreatCloud AI

'Cyber Battlefield' Map Shows Attacks Being Played in Real Time


A live map is all set to monitor cyberattacks around the globe as the conflict in Ukraine fuels a 'significant surge' in hostile activity.

Apparently, the technology utilizes intelligence gathered from a high-end AI-powered system – ThreatCloud AI.

The maps shows countries and companies that are particularly targeted with cyber incidents like malware attacks, phishing or exploitation.

How are Cyber Activities Impacted by the War According to a US-Israeli cyber security firm, Check Point, cyber activities have increased at an alarming rate in the past 17 months, reason being the Ukraine war.

Over the previous six months, the UK was attacked 854 times on average every week. As of May 2023, ransomware attacks have a negative effect on one out of every 77 organizations in the country.

According to Muhammad Yahya Patel, lead security engineer and evangelist for Check Point, “The threat landscape has continued to evolve in sync with the digital world as we are more connected to the internet than ever before. This has led to multi-vector cyberattacks and well thought out campaigns by criminals who want to cause maximum damage to organizations[…]Sometimes they use advanced tools and methods, while other times it’s a simple method like getting someone to click a link in an email."

Moreover, the UK has been suffering an online conflict as a group of hackers, have targeted prominent British organizations, frequently with links to the Kremlin that are either verified or rumored.

“Hacktivism has played a much bigger role globally with several state-sponsored groups and cyber criminals actively fighting a war in cyberspace[…]We had the Ukrainian government taking an unprecedented step by using a Telegram channel to call for international volunteers to help fight the cyber war by joining the “IT Army of Ukraine,” Patel said.

In regards to the Russia based group Killnet, Patel says, ”This is a properly established group with organizational structure and hierarchy. As an organised operation this group have been carrying out disruptive attacks to gain more attention and have recently targeted NATO.”

ThreadCloud AI

The ThreatCloud AI system continuously scans the environment and develops defenses against the numerous and diverse kinds of assaults. The creators provide customers with what they call a "comprehensive prevention-first architecture," which is appropriate for various devices, networks, and systems.

This live ‘battleground’ was presented at the Midland Fraud Forum’s annual conference in Birmingham last week as a segment informing audience regarding the various threats and methods to prevent them.

The multinational company based in Tel Aviv found that the ransomware operators have become more ruthless with their tactics to profit from victims.

One of the recent cases was when the University of Manchester suffered a cyber attack last month, where allegedly the students’ confidential data was compromised. In response, the university claimed that a ‘small proportion of data’ was copied and that ‘it had written directly to those individuals who may have been affected.’

Looking at the current scenarios, universities in the UK seems to have found themselves in the frontline of the ever developing threat landscape at a level greater than any other country.

In regards to this, Patel comments, ”The attacks against the education and research sector are highly concerning because this is higher than what we are seeing globally in this industry[…]It raises questions about what the UK is doing specifically for this sector to help it have a better cyber security baseline as I like to call it.”  

Read more »
Subscribe to: Posts (Atom)