The German Federal Office for Information Security (BSI) warned users to avoid using Kaspersky software and instead consider alternatives.
The BSI agency cautioned that the ‘Russian IT manufacturer can carry out offensive operations itself, be forced to attack target systems against its will, or be spied on without its knowledge as a victim of a cyber operation, or be misused as a tool for attacks against its own customers.’
The agency added that trust in the reliability and self-protection of a manufacturer as well as its authentic ability to act is crucial for the safe use of such systems. If there are doubts about the reliability of the manufacturer, virus protection software poses a particular risk for the IT infrastructure.
In response, Kaspersky stated that it is a ‘private global cybersecurity company’ with no ties to the Russian government. Kaspersky added that the BSI’s warning was politically motivated and that it was in contact with the BSI to clarify the issue.
Ukraine’s Computer Emergency Response Team (CERT-UA) warned that threat actors are using fake Windows antivirus updates to install Cobalt Strike and other malware in Ukraine. The phishing emails, which impersonate Ukrainian government agencies, propose a way to increase network security and advise recipients to download the BitdefenderWindowsUpdatePackage.exe., falsely dubbed a ‘critical security update’.
When executed, the malware downloads and installs a Cobalt Strike beacon. The malware also downloads a Go downloader (dropper.exe), which then decodes and executes a secondary file (java-sdk.exe). This secondary file modifies the registry of the infected system to establish persistence and downloads two additional payloads, the GraphSteel backdoor (microsoft-cortana.exe) and the GrimPlant backdoor (oracle-java.exe).
CERT-UA associates the malicious activity with the UAC-0056 group, also known as ‘Lorec53’, a sophisticated Russian-speaking threat group, with medium confidence.
Experts at ESET Research Labs discovered a new data wiper, named CaddyWiper, that was used in cyberattacks targeting Ukrainian organisations. According to the experts, the new wiper malware affects users by erasing user data and partition information from any drives attached to a machine that has been compromised. CaddyWiper, unlike previous viruses used against Ukraine, does not share any significant code similarity with HermeticWiper, IsaacWiper or any other known malware.
CaddyWiper avoids destroying data on domain controllers. Experts at ESET Research Labs concluded that it was ‘likely a way for the attackers to keep their access inside the organisation while still disturbing operations’.
Ukraine began using Clearview AI’s facial recognition services for free on March 12, claimed the company’s chief executive Hoan Ton-That in a letter seen by Reuters. Clearview AI claims to have a searchable database of 10 billion faces gathered from the internet, including over two billion images from the Russian social media platform Vkontakte.
Ton-That outlined a number of scenarios in which the technology could be useful in the letter, including: identifying infiltrators by matching their photo or ID card, identifying the dead without the use of fingerprints, combating misinformation, and family reunification by identifying people without paperwork.
Facebook owner Meta Platforms said it is tightening its content moderation policy for Ukraine to prohibit calls for the death of a head of state, according to Reuters. Following previous reports that Meta was temporarily allowing posts on Facebook and Instagram calling for the death of the Russian or Belarusian president, President of Meta Global Affairs Nick Clegg explained that the company will ‘make it explicitly clear in the guidance that it is never to be interpreted as condoning violence against Russians in general’.
The demand for tools to bypass Russia’s restriction of Meta Platforms’ social media platforms Facebook and Instagram has skyrocketed, a monitoring firm Top10VPN reported. According to their data, On the eve of the Instagram ban, demand for Virtual Private Networks (VPNs) that encrypt data and hide the user’s location spiked 2,088% higher than the average daily demand in mid-February.
The Ukrainian President called on US software firms Microsoft Corp and Oracle Corp, as well as German business software group SAP to stop providing services for their products in Russia. ‘Stop supporting your products in Russia, stop the war!’ Volodymyr Zelenskiy wrote on Twitter.
The Anonymous collective has reportedly attacked the German affiliate of the Russian oil company Rosneft and stolen 20 terabytes of data. A senior security official told DER SPIEGEL that the attackers penetrated deep into the systems and could have caused the control functions to crash. Rosneft has filed a criminal complaint with the Berlin State Criminal Police Office and reported the incident to the BSI, as it is obliged to do as a critical infrastructure company.
The US Embassy in Moscow has been handed a note over Meta Platforms conduct, informing that Russia will start a criminal case against Meta Platforms over Meta’s temporary change in policy, allowing Facebook and Instagram users to call for violence against Russian soldiers.
The US National Security Agency, the French government cybersecurity organisation ANSSI, and Ukrainian intelligence are reportedly investigating a cyberattack that disrupted broadband satellite internet access provided by the US telecoms firm Viasat on 24 February, the first day of the Russian invasion.
Viasat said that the disruption for European and Ukrainian customers was triggered by a ‘deliberate, isolated and external cyber event’ but has yet to provide a detailed, public explanation of what happened. Viasat’s spokesperson informed that ‘the network is stabilised and we are restoring service and activating terminals as quickly as possible.’
