Microsoft: Russian state-backed hackers targeted Ukrainian allies

Since the start of the Ukraine war, Russian state-backed hackers have engaged in network infiltration and espionage operations against 128 businesses in 42 countries that are allied with Ukraine, Microsoft claimed in a new report.

While Russian hackers prioritised NATO governments, they have also launched attacks against think tanks, humanitarian organisations, IT companies, and critical infrastructure. Microsoft estimates that 29% of identified attacks were successful, with a quarter of those leading to data theft. Microsoft also asserts that Russia is conducting an information war to influence public opinion in favour of the conflict domestically and overseas.

Ukrainians targeted with Cobalt Strike, CredoMap malware

‘The APT28’ (aka Fancy Bear) hacking group supported by Russia is believed to be responsible for a recent spike in phishing campaigns that are spread by email, warns The Ukrainian Computer Emergency Response Team (CERT-UA Team)

CERT-UA Team explained that emails warning of ‘unpaid taxes’ or ‘nuclear terrorism’ are intended to lure victims into opening the file contained in the email. They cautioned that opening the files might cause users to download the malicious software Cobalt Strike or CredoMap.

Meta loses appeal in Russian court over ‘extremist activity’ label

Meta Platforms, Inc. lost an appeal in a Moscow court after being found guilty of ‘extremist activity’ in Russia in March.

According to a Kommersant reporter in the courtroom, Meta’s lawyer argued that refusing to block access to content and labelling state-controlled media were not activities that meet the definition of extremism.

The court decision requires that whenever organisations or people publicly mention Meta, they need to disclose that Meta’s operations are illegal in Russia.

USA, UK, EU dismantle Russian hacking botnet

A joint law enforcement operation involving the USA, the EU countries, and the UK has dismantled the infrastructure of a Russia-linked botnet known as RSOCKS stated the US Department of Justice (DoJ).

The RSOCKS botnet has compromised millions of computers and devices worldwide, including IoT equipment like routers and smart garage openers.

According to the DoJ, RSOCKS customers paid between US$30 and US$200 per day to channel malicious internet activity through hacked computers to mask or hide the source of the traffic.

Wikipedia appeals Russian order to remove Ukraine war information

Wikipedia’s owner, the Wikimedia Foundation, has filed an appeal against a Moscow court decision which demanded that Wikipedia remove content related to the Ukraine war. Previously, Wikimedia was fined 5 million rubles (US$88,000) in a court decision for failing to remove the content in question. Wikimedia argues that people have a right to know the facts of the war and that removing information is a violation of human rights to knowledge access and free expression.

Wikimedia stated that, while its website is accessible within Russia, the country has no authority over Wikipedia, which it describes as a global resource available in 300 languages. The Moscow court argued that the disinformation posted on Wikipedia represented a threat to Russian public order and that the foundation in fact operates in Russia.

So far, the foundation has refused to comply with Russia’s demands to delete the articles in question.

Russia’s Ministry of Foreign Affairs: West risks ‘direct military clash’ over cyberattacks

Russia warned that the West’s cyberattacks against Russian infrastructure could lead to direct military confrontation.

In a statement, the Russian Ministry of Foreign Affairs said that ‘The militarization of the information space by the West, and attempts to turn it into an arena of interstate confrontation, have greatly increased the threat of a direct military clash with unpredictable consequences.’

The statement added that Washington was ‘deliberately lowering the threshold for the combat use’ of cyberweapons.

The statement also attributes cyberattacks on Russian infrastructure and governmental institutions to the USA and Ukraine and warns: ‘Rest assured, Russia will not leave aggressive actions unanswered.’

The warning came after Russia’s housing ministry website was hacked over the weekend and its traffic redirected to a ‘Glory to Ukraine’ sign.

Will the EU ban providing cloud services to Russia?

The EU is considering a ban on providing cloud computing services to Russia as part of a new round of sanctions, an EU official told Reuters.

Although the EU announced in a public press release that the sixth sanctions package would include a restriction on the provision of cloud services, cloud technologies were not included in the final decision. As later explained by the press officer for the EU Council, the reference to the ban on cloud services in the first statement was ‘a fabric error’.

The cloud service restriction was not recommended by the European Commission, according to an EU official familiar with sanctions decisions. Nonetheless, such a prospect was not ruled out.

Russia unveils internet traffic backup plan

Russia is prepared to face eventual internet disconnection by Europe, stated Maksut Shadayev, Minister of Digital Development, Communications and Mass Media. The plan is for Russian internet providers to redirect traffic through international exchange points in Asia, and Rostelecom has the necessary capabilities, Shadayev explained. Traffic exchange points in Europe are still open for Russian internet providers.