15.03.2022

Analytical Digest, March 2022

STOP PUTIN! STOP WAR!

Russia’s invasion of Ukraine has elicited a unified response from NATO, the EU and the UN, with member nations imposing severe sanctions on russia as punishment. Considering that some of the most severe third-party cyberattacks – such as SolarWinds, Colonial Pipeline and JBS Foods – have been traced to russia, the Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) have warned businesses and governments to stay vigilant against potential ransomware attacks originating from russia in retaliation for imposing these sanctions.

COINBASE

The crypto exchange Coinbase blocks over 25,000 addresses related to russian individuals and entities due to illicit activity, noting that it was already blocking those addresses prior to the Ukrainian invasion.

Although Coinbase noted its ongoing commitment to counter illegal dealings on its cryptocurrency exchange platform, it stopped short of banning russian activity completely in the wake of the country’s military invasion of Ukraine.

THREAT ANALYSIS GROUP

Google’s Threat Analysis Group (TAG) has observed activity from nation-state threat actors over the last two weeks as the russian invasion of Ukraine causes a refugee crisis on the European continent.

Google has issued hundreds of warnings over the last year to Ukrainian users letting them know they were targeted by government-backed hacking, largely coming from russia.

RURANSOM

New RURansom wiper which is seeking russian targets was identified. The latest version is showing a conscious effort to target only russian-based computers.

NUCLEAR POWER PLANT GOT HACKED

The Beloyarsk Nuclear Power Plant in Zarechny, Sverdlovsk Oblast, russia has been hacked by cyber operators at the Main Intelligence Department of the Ministry of Defense of Ukraine (GURMO). The hackers breached the plant’s business network and exfiltrated a large amount of data including contracts, architectural diagrams, alarm system configurations, set-up instructions for control system parts, etc.

ROSKOMNADZOR GOT HACKED

One of the branches of Roskomnadzor, the russian federal agency responsible for censorship of russian media got hacked.

Over 360,000 files from the Roskomnadzor network, totaling 526.9 GB were listed online.
According to the timestamps, some of the files are as recent as March 5, 2022.

THE RISE OF AMOUNT CYBER ATTACKS ON UKRAINE

Russia’s Invasion of Ukraine has led to increased Cyber Risk.

The increase in malicious activity is the latest chapter in an ongoing series of cyberattacks against Ukrainian government and civilian systems.

RAIDFORUMS

On February 25, 2022, RaidForums – a popular illicit online community, known for sharing or selling leaked or breached material, has been seized by the FBI.

Notorious cybercrime experts recommend the following forums as a potential successors or alternatives of RaidForums: Exploit, XSS or LeakForum.

In the weeks leading up to its apparent seizure, Raid Forums saw an increasing amount of anti-russian sentiment, and anti-russian offerings in the form of potentially exploitive data, in the lead up to—and following—russia’s invasion of Ukraine on February 24.

Notable developments before and after russia invasion of Ukraine are listed here.

GC3 keeps working together with companies, law enforcement agencies and academia to neutralize cyber crime.

GLOBAL CYBER COOPERATIVE CENTER (GC3) – integration platform intended to develop productive cooperation between global and local creators of safe cyberspace.

Analytical Digest, March 2022