There is a growing concern in the Western countries that Russian propaganda in the Ukraine war has been used Telegram and other new social media platforms intensively. While mainstream platforms, including Twitter and Facebook/Meta exercised intensive content moderation around the Ukraine war, new platforms have a more relaxed content moderation policy.
You can consult this article for more details about the challenge of what they frame as the use of ‘unmoderated platform’ in the Ukraine war. This is incorrect since all platforms, including Telegram, have some level of content moderation.
You can read more on this issue in the blog post published by Lawfare.
The Microsoft Threat Intelligence Center (MSTIC) has disrupted malicious phishing campaigns by Seaborgium, a Russian threat actor aligned closely with the Russian government. Microsoft claims to have disrupted the phishing operations with the help of Google’s Threat Analysis Group and the Proofpoint Threat Research Team.
Seaborgium primarily targets non-governmental organisations (NGOs), intergovernmental organisations (IGOs), think tanks, and defence and intelligence consulting firms in NATO countries. According to the Microsoft Threat Intelligence Center (MSTIC), ‘Such targeting has included the government sector of Ukraine in the months leading up to the invasion by Russia and organizations involved in supporting roles for the war in Ukraine.’
The Seaborgium group uses open-source intelligence, personal directories, and social media platforms like LinkedIn to surveil targeted individuals. Additionally, threat actors use trustworthy email providers to contact their target while posing as someone else. Following contact with the victim, the threat actor sends a malicious link to request the victim’s login details to steal data and credentials.
The government and local authorities, defence, finance, commercial organisations, and the energy sector, in that order, were the main targets of the 796 recorded cyberattacks. Information gathering, malicious code, infiltration attempts, and availability were important cyberattack strategies.
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned about widespread cyberattacks targeting telecommunications providers. The CERT-UA claims it had learned about the mass distribution of emails with the subject ‘LIST of links to interactive maps’ among Ukrainian media entities. The emails contain malicious attachments and may begin downloading CrescentImp malware if opened
The mayors of several European cities held meetings via video link with a person they thought was the mayor of Kyiv, Vitali Klitschko, only to find out they were deceived by a deepfake of Klitschko.
Questions arose whether the fake Klitschko was a deepfake. German investigative journalist Daniel Laufer found an earlier interview with Klitschko on YouTube that served as the digital source material for the scam. Had a deepfake been used, Laufer argues, the video frames would have been altered in ways that no longer matched the YouTube recording. Apparently this might have been an edited version, not a more-sophisticated deepfake.
Several public and private sector websites in Lithuania were temporarily down on Monday following a cyberattack reportedly carried out by a Russian-backed hacking group. The Lithuania National Cyber Security Centre (NKSC) warned of an ‘intense ongoing’ Distributed Denial of Service (DDoS) attack against the Secure National Data Transfer Network, as well as governmental institutions and private companies. Killnet, a pro-Russian group, claimed responsibility for at least some of the attacks, claiming it was in reprisal for Lithuania blocking the delivery of certain products to the Russian outpost of Kaliningrad.
Meanwhile, in Norway, a DDOS attack targeted a secure national data network, affecting several private and public institutions. According to Norwegian officials, Russian hackers were likely behind the cyberattack, although there was minimal damage, with ‘no sensitive information tak
Ozon claims to offer a range of items to Russian customers, including smartphones and their components. It also aims to prevent the appearance of counterfeit products on its platform by requesting suppliers confirm the products’ originality.
Since the start of the Ukraine war, Russian state-backed hackers have engaged in network infiltration and espionage operations against 128 businesses in 42 countries that are allied with Ukraine, Microsoft claimed in a new report.
While Russian hackers prioritised NATO governments, they have also launched attacks against think tanks, humanitarian organisations, IT companies, and critical infrastructure. Microsoft estimates that 29% of identified attacks were successful, with a quarter of those leading to data theft. Microsoft also asserts that Russia is conducting an information war to influence public opinion in favour of the conflict domestically and overseas.
‘The APT28’ (aka Fancy Bear) hacking group supported by Russia is believed to be responsible for a recent spike in phishing campaigns that are spread by email, warns The Ukrainian Computer Emergency Response Team (CERT-UA Team)
CERT-UA Team explained that emails warning of ‘unpaid taxes’ or ‘nuclear terrorism’ are intended to lure victims into opening the file contained in the email. They cautioned that opening the files might cause users to download the malicious software Cobalt Strike or CredoMap.
According to a Kommersant reporter in the courtroom, Meta’s lawyer argued that refusing to block access to content and labelling state-controlled media were not activities that meet the definition of extremism.
The court decision requires that whenever organisations or people publicly mention Meta, they need to disclose that Meta’s operations are illegal in Russia.
