In recent weeks, several Eastern European states have been targeted by cyberattacks attributed to Russia. Targets were hit primarily by disruptive denial of service campaigns on networks in Moldova, Slovenia, Bulgaria, Estonia, and Albania.
However, the attack on Montenegro’s digital infrastructure proved to be the most devastating, which had several targets, including water supply systems, electrical systems, transportation services, and online governmental services. According to government officials, cyberattacks continue to target the information system of Montenegrin institutions, although no long-term effects are expected.
A Russian threat actor, dubbed the Cuba Ransomware Group, claimed responsibility for the attacks and stated it obtained ‘financial documents, correspondence with bank employees, account movements, balance sheets, tax documents’ from Montenegro’s parliament on 19 August, Reuters reported.
Venafi, the inventor and leading provider of machine identity management, announced new research findings that evaluate the security impact of the increasing number of nation state attacks and recent shifts in geopolitics.
According to the report, 66% of firms have changed their cybersecurity plans in direct response to the war between Russia and Ukraine, and 64% of respondents believe their company has been the target of nation state hacking.
The study was conducted in July 2022, with 1,101 security decision makers interviewed across the United States, United Kingdom, France, Germany, Belgium, Netherlands, Luxembourg, and Australia.
Other key findings from the research include:
82% believe geopolitics and cybersecurity are intrinsically linked
77% believe we are in a perpetual state of cyberwar
More than two-thirds (68%) have had more conversations with their board and senior management in response to the Russia – Ukraine conflict
63% doubt they would ever know if their organisation was hacked by a nation state.
There is a growing concern in the Western countries that Russian propaganda in the Ukraine war has been used Telegram and other new social media platforms intensively. While mainstream platforms, including Twitter and Facebook/Meta exercised intensive content moderation around the Ukraine war, new platforms have a more relaxed content moderation policy.
You can consult this article for more details about the challenge of what they frame as the use of ‘unmoderated platform’ in the Ukraine war. This is incorrect since all platforms, including Telegram, have some level of content moderation.
You can read more on this issue in the blog post published by Lawfare.
The Microsoft Threat Intelligence Center (MSTIC) has disrupted malicious phishing campaigns by Seaborgium, a Russian threat actor aligned closely with the Russian government. Microsoft claims to have disrupted the phishing operations with the help of Google’s Threat Analysis Group and the Proofpoint Threat Research Team.
Seaborgium primarily targets non-governmental organisations (NGOs), intergovernmental organisations (IGOs), think tanks, and defence and intelligence consulting firms in NATO countries. According to the Microsoft Threat Intelligence Center (MSTIC), ‘Such targeting has included the government sector of Ukraine in the months leading up to the invasion by Russia and organizations involved in supporting roles for the war in Ukraine.’
The Seaborgium group uses open-source intelligence, personal directories, and social media platforms like LinkedIn to surveil targeted individuals. Additionally, threat actors use trustworthy email providers to contact their target while posing as someone else. Following contact with the victim, the threat actor sends a malicious link to request the victim’s login details to steal data and credentials.
The government and local authorities, defence, finance, commercial organisations, and the energy sector, in that order, were the main targets of the 796 recorded cyberattacks. Information gathering, malicious code, infiltration attempts, and availability were important cyberattack strategies.
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned about widespread cyberattacks targeting telecommunications providers. The CERT-UA claims it had learned about the mass distribution of emails with the subject ‘LIST of links to interactive maps’ among Ukrainian media entities. The emails contain malicious attachments and may begin downloading CrescentImp malware if opened
The mayors of several European cities held meetings via video link with a person they thought was the mayor of Kyiv, Vitali Klitschko, only to find out they were deceived by a deepfake of Klitschko.
Questions arose whether the fake Klitschko was a deepfake. German investigative journalist Daniel Laufer found an earlier interview with Klitschko on YouTube that served as the digital source material for the scam. Had a deepfake been used, Laufer argues, the video frames would have been altered in ways that no longer matched the YouTube recording. Apparently this might have been an edited version, not a more-sophisticated deepfake.
Several public and private sector websites in Lithuania were temporarily down on Monday following a cyberattack reportedly carried out by a Russian-backed hacking group. The Lithuania National Cyber Security Centre (NKSC) warned of an ‘intense ongoing’ Distributed Denial of Service (DDoS) attack against the Secure National Data Transfer Network, as well as governmental institutions and private companies. Killnet, a pro-Russian group, claimed responsibility for at least some of the attacks, claiming it was in reprisal for Lithuania blocking the delivery of certain products to the Russian outpost of Kaliningrad.
Meanwhile, in Norway, a DDOS attack targeted a secure national data network, affecting several private and public institutions. According to Norwegian officials, Russian hackers were likely behind the cyberattack, although there was minimal damage, with ‘no sensitive information tak
Ozon claims to offer a range of items to Russian customers, including smartphones and their components. It also aims to prevent the appearance of counterfeit products on its platform by requesting suppliers confirm the products’ originality.
Since the start of the Ukraine war, Russian state-backed hackers have engaged in network infiltration and espionage operations against 128 businesses in 42 countries that are allied with Ukraine, Microsoft claimed in a new report.
While Russian hackers prioritised NATO governments, they have also launched attacks against think tanks, humanitarian organisations, IT companies, and critical infrastructure. Microsoft estimates that 29% of identified attacks were successful, with a quarter of those leading to data theft. Microsoft also asserts that Russia is conducting an information war to influence public opinion in favour of the conflict domestically and overseas.
