UK minister warns ‘Wagner-like’ cyber groups threatening UK critical national infrastructure

Emerging Russia-aligned cyber groups similar to private military contractors Wagner pose a threat to the UK’s critical national infrastructure (CNI), UK Minister Oliver Dowden noted in a speech at the CyberUK conference in Belfast. Dowden noted that the government, in conjunction with the National Cyber Security Centre, plans to set cyber-resilience targets for critical sectors to meet within two years. Additionally, private sector companies involved in critical infrastructure will be subject to resilience regulations.

It remains unclear how these groups are similar to the Wagner Group of mercenaries. The hacking groups, it was noted, are motivated by ideology rather than finances, are not directly controlled by the Kremlin and are, therefore, less likely to exercise the same restraint as nation state hackers.

UK cybersecurity chief warns of China’s technological rise as a security threat

The head of the National Cyber Security Centre (NCSC), Lindy Cameron, announced that China represents a significant and era-defining challenge for the West.

Cameron raised concerns about China’s increasing technological prowess and its impact on global politics and economics. ‘Bluntly, we cannot afford not to keep pace with China. Otherwise, we risk China becoming the predominant power in cyberspace’, she said. ‘China is not only pushing for parity with Western countries, it is aiming for global technological supremacy,’ Cameron continued.

She noted that China is using its cyber capabilities to conduct intelligence and surveillance campaigns. Similar remarks about China’s activities were made earlier in the week by the Dutch General Intelligence and Security Service’s director general Eric Akerboom.

This comes as Western countries grapple with how to respond to China’s growing influence and potential security risks.

European Commission proposes the Cyber Solidarity Act for EU-wide response to cyberattacks

The EU’s proposed draft Cyber Solidarity Act aims to enhance EU cross-border coordination for cyberattack prevention and response. Such legislation was suggested in response to an increased threat of significant cyberattacks following Russia’s invasion of Ukraine.

The Commission’s proposal suggests a public-private collaboration to respond to cyberattacks. However, some aspects, particularly intelligence sharing, have attracted debate and opposition from the EU member states.

The act proposes a European Cyber Shield, consisting of national and cross-border Security Operations Centers (SOCs), which will monitor and identify cyber threats using AI technology and alert authorities. The proposal aims to work alongside, rather than replace; the EU member states’ current cybersecurity operation centres.

The act will also establish a Cyber Emergency Mechanism to improve incident response capabilities and preparedness in the EU. This mechanism will include preparedness actions, such as testing entities in critical sectors for vulnerabilities, creating a new EU Cybersecurity Reserve of pre-contracted incident response services ready to intervene in case of a severe cybersecurity incident, and providing financial support for mutual assistance between the EU member states.

The proposed act will also establish a Cybersecurity Incident Review Mechanism to assess significant incidents and issue recommendations for improving the Union’s cyber posture.

The total budget for all actions under the EU Cyber Solidarity Act is EUR 1.1 billion.

The Commission has also presented a proposal for a Cybersecurity Skills Academy under its new cybersecurity package.

US CISA, FBI, NSA, UK NCSC and Cisco warn about attacks on routers by Russia-linked actors

The US Cybersecurity and Infrastructure Security Agency (CISA), the FBI, the NSA, the UK National Cyber Security Centre (NCSC), and technology firm Cisco released advisories highlighting attacks on routers believed to have been exploited by hackers group APT28.

APT28, allegedly linked to Russia’s General Staff Main Intelligence Directorate’s (GRU) targeted Cisco router vulnerabilities throughout 2021, attacking ‘a small number based in Europe, US government institutions and approximately 250 Ukrainian victims.’

APT28 exploited a vulnerability CVE-2017-6742 to access the Simple Network Management protocol (SNMP), which allows network administrators to monitor and configure network devices remotely. Poor configuration, such as using default settings, allowed APT28 to gain access to router information. For some of the targeted devices, APT28 deployed malware, which allowed them to obtain further device information and backdoor access.

Previously, the NCSC attributed attacks on the German parliament in 2015 and the Organization for the Prohibition of Chemical Weapons (OPCW) in April 2018 to APT28.

Russia’s FSB said Pentagon, NATO states behind massive cyberattacks from Ukraine against Russia

The Pentagon and NATO countries are behind massive cyberattacks from Ukrainian territory against the Russian critical infrastructure, the press office of Russia’s Federal Security Service (FSB) claimed.

Over 5,000 hacker attacks on Russian critical infrastructure have been recorded since the beginning of 2022, the press office said in a statement. ‘The analysis of revealed computer threats has helped obtain data evidencing that the United States and NATO countries used Ukrainian territory for carrying out massive computer attacks on civilian infrastructure facilities in Russia,’ the security agency stated. The FSB further claimed that Washington wants to portray only Ukraine as the ‘author” of these cyberattacks. However, FSB stressed that the Pentagon is directly involved in developing these cyberattacks in consultation with international and national hacker groups such as Anonymous, Silence, Ghost Clan from the United States, RedHack from Turkey, GNG from Georgia, and Squad 303 from Poland.

Suspected Fancy Bear leader allegedly hacked by a pro-Ukrainian group

Ukrainian hacktivist group Kiber Sprotyv (Cyber Resistance) claimed to have breached the email of Sergey Alexandrovich Morgachev, who is believed to be the leader of the Russian state-sponsored hacker group Fancy Bear, also known as APT28.

Kiber Sprotyv uncovered Morgachev’s personal data, his home address, car plates, the location of the Russian hackers’ secretive office, and associates of Morgachev. They shared the data with InformNapalm volunteer intelligence community.

Morgachev serves as a Lieutenant Colonel of the Russian Main Intelligence Directorate of the General Staff of the Russian Army (GRU). In 2018, he was named in a US indictment charging Russian nationals with attempting to hack the Democratic National Committee (DNC) ahead of the 2016 US presidential election.

Yurii Shchyhol warns of a new ongoing World Cyber War

Yurii Shchyhol, the head of the Ukrainian State Service of Special Communications and Information Protection, warns there might be an ongoing World Cyber War since the start of Russia’s invasion. Russian cyberespionage and cyberattacks since 24 February weren’t targeted only at Ukraine. Their intervention has been recorded in 42 countries across six continents, mostly from NATO and countries which supported Ukraine during this period.

Shchyhol has stated for Politico that the world has been awakened and that countries are more willing to intensely cooperate with each other on these issues. He also advised: ‘But what we need are not further sanctions and further efforts to curb cyberattacks, we also need for global security companies to leave the market of the Russian Federation. Only then can we ensure the victory will be ours, especially in cyberspace.’

In this interview, it was said that there is strong assistance from the U.S. Cyber Command and the National Security Agency as all of Russia’s attacks are ‘an ongoing, continuous war, including the war in cyberspace.’ What Shchyhol also warns us is that despite the two-month stagnation of Russian cyber attacks, what they’re doing is just a part of their tactic in order to collect resources for another attack – which will likely be on a global level.

Italian police thwart Eurovision cyberattack by pro-Russian hacker groups

Italian police thwarted hacker attacks by pro-Russian hacker groups Killnet and Legion during the 10 May semi-final and 14 May final of the Eurovision Song Contest (ESC) in Turin, Italy. Russia was excluded from the competition due to what it calls its special military operation in Ukraine, while Ukraine went on to win the contest.

Killnet denied the attack on ESC, but then declared cyberwar on 10 countries in the same Telegram post. In a separate video, the group stated that these 10 countries are ‘the US, the UK, Germany, Italy, Latvia, Romania, Lithuania, Estonia, Poland, and Ukraine.’

OEWG agrees on modalities of stakeholder participation

The OEWG reached agreement to apply modalities for the participation of stakeholders as proposed by the Chair on 20 April, through a silent procedure. NGOs both with and without ECOSOC status should inform the OEWG Secretariat of their interest to participate. However, states can object to the participation of NGOs without consultative status with ECOSOC. The approved NGOs will be invited to participate as observers in the formal sessions, make oral statements during a dedicated stakeholder session, and submit written inputs to be posted on the OEWG’s website. The modalities will be read out at the OEWG’s third substantive session for the formal record.