The websites of several Russian arbitration courts in Moscow and different Russian regions were hacked in an apparent protest over Russia’s actions in Ukraine. Hackers placed banners with radical sentiments, including some concerning Ukraine, on the websites. The messages contained insults addressed towards the Russian Federation’s president and the Russian people. The perpetrators are still unknown.
Ukraine conflict
Slack starts to disconnect Russian accounts
Slack messenger began disconnecting Russian users from the platform, in accordance with international sanctions imposed on Russia, as well as the policies of its parent company, Salesforce.
Several businesses have been disconnected from their accounts with no prior notification or possibility to retrieve their data. It was also reported that Slack is not deleting data transferred by Russian clients, but that the impacted businesses would be unable to access it until the sanctions are lifted or the company’s policies change.
Canada bans RT
Canada’s telecommunications regulator has formally removed the Russian television network RT and RT France from the Canadian airwaves. The Canadian agency argued that the RT program violated government policy and undermined democracy.
‘RT’s programming is not consistent with the standards against which Canadian services are measured nor the policy objectives set out in the Broadcasting Act,’ the agency stated.
Sony and Qualcomm stopped selling products in Russia
Qualcomm announced that it has ceased selling its products to Russian entities to comply with US sanctions imposed on Russia. Nate Tibbits, the company’s senior vice president of government affairs, confirmed the company’s decision in a tweet in response to Ukrainian Vice Prime Minister Mykhailo Fedorov.
Sony’s PlayStation division has also ceased sales of all consoles and software in Russia, and the PlayStation Store is no longer accessible there.
Deepfake of Zelenskyy tells Ukrainian troops to ‘surrender’
A fake video that appeared to show Ukrainian President Volodymyr Zelenskyy asking Ukrainian troops to lay down their weapons emerged on social media, in what could be the first weaponised use of deep fakes during an armed conflict. The national television station Ukraine 24 confirmed that hackers were able to spread the fake Zelensky message over live television on the scrolling-text news crawl known as ‘the ticker’, and that the video appeared briefly on the news station’s website.
Zelensky himself promptly debunked the claims in a real video, calling it a provocation.
Officials at Facebook, YouTube, and Twitter said the video was removed from their platforms for violating policies.
Experts have expressed concern about the video’s continued use (of various fake videos) for propaganda purposes, not just in Ukraine, but globally.
Anonymous hacks Rosatom website
The Anonymous hacker group claimed credit for hacking the website of Rosatom. Rosatom State Nuclear Energy Corporation is a Russian state corporation headquartered in Moscow that specialises in nuclear energy, nuclear non-energy goods, and high-tech products.
Anonymous changed the site’s interface. They also claimed to have obtained access to terabytes of data, which they intend to release to the public. The leaks are still unconfirmed.
Germany warns against Russian anti-virus software Kaspersky over hacking concerns
The German Federal Office for Information Security (BSI) warned users to avoid using Kaspersky software and instead consider alternatives.
The BSI agency cautioned that the ‘Russian IT manufacturer can carry out offensive operations itself, be forced to attack target systems against its will, or be spied on without its knowledge as a victim of a cyber operation, or be misused as a tool for attacks against its own customers.’
The agency added that trust in the reliability and self-protection of a manufacturer as well as its authentic ability to act is crucial for the safe use of such systems. If there are doubts about the reliability of the manufacturer, virus protection software poses a particular risk for the IT infrastructure.
In response, Kaspersky stated that it is a ‘private global cybersecurity company’ with no ties to the Russian government. Kaspersky added that the BSI’s warning was politically motivated and that it was in contact with the BSI to clarify the issue.
Fake antivirus updates used to deploy malware in Ukraine
Ukraine’s Computer Emergency Response Team (CERT-UA) warned that threat actors are using fake Windows antivirus updates to install Cobalt Strike and other malware in Ukraine. The phishing emails, which impersonate Ukrainian government agencies, propose a way to increase network security and advise recipients to download the BitdefenderWindowsUpdatePackage.exe., falsely dubbed a ‘critical security update’.
When executed, the malware downloads and installs a Cobalt Strike beacon. The malware also downloads a Go downloader (dropper.exe), which then decodes and executes a secondary file (java-sdk.exe). This secondary file modifies the registry of the infected system to establish persistence and downloads two additional payloads, the GraphSteel backdoor (microsoft-cortana.exe) and the GrimPlant backdoor (oracle-java.exe).
CERT-UA associates the malicious activity with the UAC-0056 group, also known as ‘Lorec53’, a sophisticated Russian-speaking threat group, with medium confidence.
New CaddyWiper data wiping malware hits Ukrainian networks
Experts at ESET Research Labs discovered a new data wiper, named CaddyWiper, that was used in cyberattacks targeting Ukrainian organisations. According to the experts, the new wiper malware affects users by erasing user data and partition information from any drives attached to a machine that has been compromised. CaddyWiper, unlike previous viruses used against Ukraine, does not share any significant code similarity with HermeticWiper, IsaacWiper or any other known malware.
CaddyWiper avoids destroying data on domain controllers. Experts at ESET Research Labs concluded that it was ‘likely a way for the attackers to keep their access inside the organisation while still disturbing operations’.
Ukraine begins using Clearview AI’s facial recognition services
Ukraine began using Clearview AI’s facial recognition services for free on March 12, claimed the company’s chief executive Hoan Ton-That in a letter seen by Reuters. Clearview AI claims to have a searchable database of 10 billion faces gathered from the internet, including over two billion images from the Russian social media platform Vkontakte.
Ton-That outlined a number of scenarios in which the technology could be useful in the letter, including: identifying infiltrators by matching their photo or ID card, identifying the dead without the use of fingerprints, combating misinformation, and family reunification by identifying people without paperwork.