We’ve reported before that US authorities have been warning against imminent cyberattacks from Russia. This time, it’s the cybersecurity authorities from the Five Eyes – Australia, Canada, New Zealand, the UK, plus the USA – who are warning of the risk that cyberattacks are being planned against critical infrastructures in Ukraine and beyond.
The warning comes in a joint cybersecurity advisory, which refers to US intelligence that the Russian government may be exploring options for potential cyberattacks.
The advisory also notes that cybercrime groups that have recently publicly pledged support for the Russian government ‘have threatened to conduct cyber operations in retaliation for perceived cyber offensives against the Russian government or the Russian people.’ The same threat exists for countries and organisations helping Ukraine.
The Starlink global internet satellite system plans to open an office in Ukraine, Ukrainian Deputy Prime Minister and Digital Transformation Minister Mykhailo Fedorov revealed. Fedorov ordered that the necessary procedures for certifying, measuring, and providing frequencies be completed as soon as possible.
‘It is almost impossible to imagine Ukraine now without Starlink’s modern technology. And this technology will become even more accessible for Ukrainians. Starlink has started work to open its office in Ukraine,’ Fedorov said on his Telegram channel.
Over 10,000 Starlink stations help Ukraine maintain the operation of critical energy and telecommunications facilities and other things, the minister noted.
Human Rights Watch’s website has been blocked in Russia over an article about Russia’s operation in Ukraine.
Russia’s telecoms watchdog, Roskomnadzor, has restricted access to a single page of the Human Rights Watch website on a demand from the prosecutor general’s office dated 12 April. However, the entire website has been rendered inaccessible.
The Computer Emergency Response Team of Ukraine (CERT-UA) reported the spread of phishing emails that infect computers with Cobalt Strike Beacon malware.
The campaign targets Ukrainian state organisations by sending phishing emails which call for the deblocking of Azovstal, one of the largest steel plants in Ukraine. The emails contain a document dubbed ‘Urgent!,’ and if opened, it compromises the computer with the malware.
It is estimated that 70,000 Russian tech workers fled Russia since the beginning of the Ukraine conflict. Another 70,000–100.000 workers will likely leave Russia over the next few months.
Sanctions against Russia have affected software outsourcing to Russian programmers. Many of them reacted quickly by moving to Turkey, Armenia, and other countries that do not require visas.
The Russian economy could be adversely affected by this exodus, as the tech field is important for diversifying Russia’s energy-dominated economy.
Switzerland has decided to follow the latest trade and financial sanctions imposed by the European Union on Russia.
As previously reported, the EU’s fifth package of sanctions against Russia targeted crypto wallets, banks, currencies, and trusts. New financial measures include a ban on ‘providing high-value crypto-asset services to Russia’ with the goal of closing potential loopholes that could allow Russians to move money abroad.
Since Russia invaded Ukraine, large amounts of information regarding the Russian state and its operations have become public. Hundreds of gigabytes of files and millions of emails have been made public. In addition to the leaked data published by various hacktivist groups, Ukraine’s intelligence services have been active in publishing data concerning information about Russian military institutions and their servicemen deployed in Ukraine.
The group Distributed Denial of Secrets claims to have published more than 700 gigabytes of data from the Russian government and more than 3 million Russian emails and documents. DDoSecrets also has published more than 360,000 files from Roskomnadzor, the Russian media regulator; 62,000 emails from an investment firm owned by a sanctioned Russian individual; 900,000 emails from VGTRK, a state-owned broadcaster; 230,000 emails from the Russian Ministry of Culture; and 250,000 emails from the Ministry of Education.
A data list published by Ukraine’s intelligence services allegedly contains the personal information of 1,600 Russian troops who served in Ukraine’s city of Bucha. Another list reportedly contains the names and contact details of 620 Russian spies registered to work at the Moscow office of the FSB, the country’s central security agency.
While this data may be a valuable resource for researchers spanning from journalists to those tasked with investigating war crimes, doxing – publishing private or identifying information about a particular individual on the internet – is among the most destructive internet behaviours. Expert explained.
China has been accused of hacking Ukraine’s networks days before the Russian invasion.
According to intelligence memos obtained by the British daily The Times, Chinese hackers reportedly carried out cyberattacks on Ukrainian institutions and nuclear facilities in the run-up to Russia’s invasion. Thousands of hacking attempts were made against more than 600 websites, including the Ukrainian Ministry of Defence and other agencies.
According to a source from the Security Service of Ukraine (SBU), cyberattacks began before the Winter Olympics had ended, and peaked on 23 February, the day before the Russian invasion, with the Chinese government coordinating the attacks.
The SBU, on the other hand, denied providing The Times with any information about the alleged attacks. ‘The SBU has nothing to do with the Times’ findings. The Ukrainian Security Service does not currently have such information, and no investigation is underway,’ according to The Guardian.
In response to the latest EU sanctions, Ericsson has decided to suspend its operations in Russia.
‘In late February, Ericsson suspended all deliveries to customers in Russia. In the light of recent events and European Union sanctions, the company will now suspend its affected business with customers in Russia indefinitely. Ericsson is engaging with customers and partners regarding the indefinite suspension of the affected business.’ Ericsson’s statement said.
A company spokesman confirmed that Facebook and Instagram owner Meta Platforms briefly limited hashtags linked to civilian deaths in Bucha, outside Kyiv in northern Ukraine.
Meta Spokesman Andy Stone said automated systems that scan for violent imagery on Facebook and Instagram were responsible for blocking hashtags, including #bucha and #buchamassacre. Stone tweeted:
This happened automatically because of the graphic content people posted using these hashtags. When we were made aware of the issue yesterday, we acted quickly to unblock the hashtags.
Facebook and Instagram allow the posting of graphic and violent content when shared to raise awareness of possible human rights abuses, but are delete if the content is explicit or glorifies suffering.
