Hackers accessed more than 100 computers belonging to current and past personnel of 21 major US liquefied natural gas providers and exporters in mid-February, research by cybersecurity company Resecurity showed. Hackers broke into the target computers directly in some cases while they purchased access to computers that had already been infected in other cases.
The motive of the cyber operation is unknown, and it is not clear whether the attack is connected to Russian military operation in Ukraine. Resecurity CEO Gene Yoo stated that ‘Recent tensions around Nord Stream 2, global market changes, as well as conflict in Ukraine are obvious catalysts.’ As of January 2022, the USA is the world’s top liquefied natural gas exporter.
Meta, Instagram’s parent company, announced that Instagram will start hiding information about private accounts based in Russia and Ukraine to reduce the spread of misinformation. This will include information about people’s followers, who they are following, and people who are following each other.
Instagram will also start labelling content from Russian state-owned media and making it harder to find by placing it lower in the Stories tray. Instagram will also warn users before they reshare content from Russian state-owned media accounts in their stories. If users reshare the content, Instagram will place it lower in the Stories tray.
Content delivery network providers Cloudflare and Akamai have confirmed that they will continue to operate in Russia. The companies argued that suspending their services would deprive Russians of access to information from the outside world. Regardless of its decision to stay in Russia, Akamai indicated that it will cease all sales activities in Russia and Belarus and end operations with state-owned clients.
Ukraine has been using donated cryptocurrencies to purchase military equipment and food, stated Deputy Minister of Digital Transformation Alex Bornyakov. A key reason that Ukraine has decided to receive cryptocurrencies is the speed with which transactions are performed, unlike the traditional banking system, which takes up to three days to transfer funds.
The Computer Emergency Response Team of Ukraine (CERT-UA) reported the spread of a new ransomware strain called ‘Somnia’, attributing the attacks to the Russian threat actor known as ‘From Russia with Love’ (FRwL), also known as ‘Z-Team’. The ransomware attacks targeted Ukrainian corporations’ employees, using their Telegram accounts to try and gain access to a corporate network.
As explained by CERT-UA, the group used fake sites that mimic the ‘Advanced IP Scanner’ software, which, if downloaded, infects the victim’s computer with the Vidar data-stealing malware that can capture Telegram session data, as well as take over the victim’s account.
Then, the threat actors used victims’ Telegram accounts to gain access to the corporate network. Once access to the target’s network was obtained, the hackers executed reconnaissance operations using tools like Netscan and deployed Cobalt Strike Beacons before exfiltrating data.
According to CERT-UA, the group had previously revealed that they created Somnia ransomware on Telegram and posted evidence of the attacks they made against Ukrainian targets.
Reports in China claimed that experts from tech giant Huawei have been in Russia in its effort to stabilise Russia’s internet network, which was subject to numerous cyberattacks by hacker groups.
Australian Minister for Defence Peter Dutton said that: ‘In fact, we’re seeing reports today that Huawei, a Chinese telecommunications company, is providing support to Russia to keep their internet up.’ According to a report which was later deleted from a Chinese news website, ‘Huawei would use its research centres to train 50,000 technical experts in Russia.’’
According to Kommersant and other outlets, the Ministry of Digital Development, Communications and Mass Media has required state-owned websites and services to transfer their domain names to .ru, to switch to the Russian domain name system servers located in Russia, as well as to abandon foreign web hosting services, and to ‘strengthen password policies’. These measures – to be implemented by 11 March – were described as being necessary to protect state internet resources from cyberattacks, as well as from the possibility of ‘disconnection from the outside’. The Ministry of Digital Development reportedly clarified that the measures are intended to protect the country’s information infrastructure, and are not meant to disconnect Russia from the global internet. On 6 March, Deputy Prime Minister Dmitry Chernyshenko instructed the Ministry of Digital Development to ‘prepare priority measures to protect the country’s information infrastructure’.
TikTok has announced that it would cease live streaming and video uploads to its Russian platform. The corporation added that it needed to consider the implications of new media regulations. Netflix has announced that it would temporarily suspend sales and distribution of its streaming video service in Russia. It is unknown what will happen to current subscriber accounts.
Major global financial services like Visa, American Express, and MasterCard have confirmed in separate statements that they will cease business in Russia. Clients will be able to use their cards for purchases within Russia until their expiration dates. However, clients will be unable to use their Russian cards abroad or to make international payments online. Furthermore, Visa, Mastercard, and American Express cards issued outside of the country will no longer be accepted in Russia.
Several Russian banks have already stated that they will start issuing cards that use the Chinese UnionPay system in conjunction with Russia’s Mir payment network.
The hacker group Anonymous claimed that it had hacked Russian search giant Yandex.ru. The stolen data of 150 thousand users, with email addresses and passwords, including verified accounts, was made publicly available on the internet.