This post was originally made on 2 March 2022. It will be updated as the Russian Ukraine Conflict develops and will highlight the cyber security issues facing organisations and individuals at this time.
The National Cyber Security Centre (NCSC) is advising all UK organisations to review and improve their cyber security resilience during this period of conflict between Russia and Ukraine. Cyber weapons have been and are being used are these could spill over from the conflict region or be targeted against the UK if the political situation changes.
Original advisory posted on 2 March 2022 by the National Cyber Security Centre – the advice still applies and this post should be read.
Actions to take when the cyber threat is heightened – NCSC.GOV.UK
NCSC joins other international cybersecurity organisations in issuing fresh advice on the threats due to the Russia Ukraine Conflict 21 April 2022
Cyber security organisations around the world have issued joint advisories to organisations and individuals about the developing threats from the Russia Ukraine Conflict.
This is the latest advisory (in conjunction with the one above):
UK joins international partners to issue advice on latest… – NCSC.GOV.UK
New advice issued by the National Cyber Security Centre for the “long haul” with the Russia Ukraine conflict 5 July 2022
Today the National Cyber Security Centre (NCSC) has issued further advice on how we can deal with possible cyber security spread of the conflict.
NCSC urges organisations to prepare for the long haul on… – NCSC.GOV.UK
The advice is aimed at supporting UK businesses and organisations in keeping this heightened cyber security awareness effective over an extended period of time.
Maintaining a sustainable strengthened cyber security posture – NCSC.GOV.UK
Further Reading
The advice in the first three articles in this post is important.
Updated 2 May 2023
Information stealing malware is being deployed against Ukraine using s simple email phishing campaign.
Russia’s APT28 targets Ukraine with bogus Windows updates • The Register
Although Russian operatives are targeting Ukrainian Government Offices with these phishing emails – there is a real risk of the phishing campaign to switch to other countries that support Ukraine. This attack is well designed and the messages look official and authentic.
Updated 19 April 2023
The Ukraine Russia cyber conflict has apparently been quiet for several weeks, however as the spring is now here and sides speak of renewed offensives there are warnings about cyber threats to the UK infrastructure:
Russia-linked hackers a threat to UK infrastructure, warns minister – BBC News
You should read the article, then if you have not yet read them look at the posts at the top of this page issued by the National Cyber Security Centre and the UK Government and if you find yourself or your organisation lacking then take the necessary action… now. If you need help – get it.
Updated 23 February 2023
Google has published a useful article for anyone responsible for cyber security looking at how the conflict has changed the cyber security landscape.
Fog of war: how the Ukraine conflict transformed the cyber threat landscape (blog.google)
Updated 9 February 2023
President Zelensky visits the UK
With a ground war spring offensive expected in the conflict, the cyber war has a new information stealing malware attack that has been launched against Ukrainian organisations.
New info-stealing malware used against Ukraine organizations – The Record from Recorded Future News
It is not targeted outside the country but as the advice from the National Cyber Security Centre (NCSC), at the top of this article, explains, the nature of the internet means this malware can and will spread outside the target region – so everyone needs to improve their cyber security precautions.
This advice becomes even more important as President Zelensky visited the UK and spoke in Parliament yesterday making the UK a very visible ally of Ukraine, with the real possibility of UK organisations becoming targets of governmental or hacktivist cyber attacks.
Sunak says nothing off table as Zelensky asks for jets – BBC News
Updated 5 December 2022
Due to the changing “on the ground” military situation between Russia and Ukraine both Microsoft and Google have released reports looking at the possible developments in the “online conflict” this winter.
Preparing for a Russian cyber offensive against Ukraine this winter – Microsoft On the Issues
New ways we’re supporting Ukraine (blog.google)
This is the big picture you should be familiar with the small picture and this conflict could impact your organisation. The highlighted articles at the head of this report from the UK Government and the National Cyber Security Centre should be read and understood.
Updated 29 November 2022
A massive email phishing/ransomware attack has been launched against organisations in Ukraine by the pro-Russian Sandworm gang.
Sandworm gang launches Monster ransomware attacks on Ukraine • The Register
There is no mention of paying a ransom or getting a decryption key for RansomBoggs – a heavily “Monsters Inc.” themed malicious attack.
Do you, your clients, associates or suppliers do business with organisations in Ukraine? You should be on your guard as infected emails may end up being sent outside the region – so spreading the problem.
Updated 24 November 2022
On Wednesday the European Parliament passed a resolution that concluded that Russia is a state sponsor of terrorism.
Shortly after that the Parliament websites and services experienced a distributed denial of service (DDoS) cyber-attack:
EU Parliament Putin things back together after cyber attack • The Register
The threat of Russian sponsored cyber-attacks has not gone away.
Updated 14 November 2022
There are reports of a new encryption ransomware strain called Somnia being used against Ukrainian targets by Russian hacktivists.
Ukraine says Russian hacktivists use new Somnia ransomware (bleepingcomputer.com)
Have you read the advice above from the UK Government and the National Cyber Security Centre? You need to as the nature of international business and the internet means that this new ransomware is likely to spread outside Ukraine and you could be collateral damage.
At least check that your back-up is encryption ransomware resilient.
Updated 11 October 2022
Pro-Russian hackers have been disrupting US airports with DDoS attacks:
US airports’ sites taken down in DDoS attacks by pro-Russian hackers (bleepingcomputer.com)
Have a look at the advice above from the UK government and the National Cyber Security Centre on how you can prepare your organisation to deal with such disruption.
Updated 29 September 2022
The National Cyber Security Centre, (NCSC), Chief Executive, Lindy Cameron, has spoken about the Russian cyber activity associated with the invasion of Ukraine at the Chatham House Security and Defence Conference.
Updated 18 August 2022
Data wiping malware has been deployed continuously during the the Ukraine Russia conflict – research is now showing that it is reaching targets in other regions:
Use of data wipers expanding beyond Ukraine to 24 countries – The Record by Recorded Future
Updated 16 August 2022
Russia is using an attack vector most businesses rely on – Microsoft Word.
Russian hackers target Ukraine with default Word template hijacker (bleepingcomputer.com)
Update 29 July 2022
The US Cybersecurity and Infrastructure Security Agency has agreed to work more closely with Ukrainian cybersecurity agencies, on shared cyber security priorities:
Update 21 July 2022
The US Government’s Cyber Command has publicly shared technical information about a range of malware in operation in Ukraine – including 20 not documented before.
Cyber Command shares bevy of new malware used against Ukraine – The Record by Recorded Future
CNMF Discloses Malware in Ukraine | CISA
Update 20 July 2022
The European Union (EU) has issued a warning about the measurably increase in the volume of Russian cyber-attacks associated with the Russia Ukraine conflict and how these attacks can easily spill over to non-combatants. Nations that actively support Ukraine, with whatever resources, are likely to be “at risk” of this spill over.
EU warns of Russian cyberattack spillover, escalation risks (bleepingcomputer.com)
There has been an increase in pro-Russian DDoS attacks EU members and organisations.
There are reports that the same organisation that was responsible for the 2020, SolarWinds attack, Russia’s SVR, have been running a hacking campaign against NATO members. The attacks include spear phishing emails, that included an agenda relating to a meeting with an ambassador.
Russian hackers have been targeting pro-Ukraine activists with Android malware:
Continued cyber activity in Eastern Europe observed by TAG (blog.google)
Because of the spread of refugees throughout Europe and beyond, the activists, downloading the malware to their smartphones, need not necessarily be in Ukraine, leading to a spread of the cyber-conflict outside the region.
Update 11 July 2022
There is evidence emerging that Russian cyber gangs – both freelance and state sponsored – are spreading their attacks to countries who are support Ukraine in conflict:
Russian ‘Hacktivists’ Are Causing Trouble Far Beyond Ukraine | WIRED UK
Russian hackers declare war on 10 countries after failed Eurovision DDoS attack | IT PRO
Update 29 June 2022
There have been reports of alleged Russian state sponsored hacking activity outside the Ukraine region:
Norway accuses pro-Russian hackers of launching wave of DDoS attacks – The Record by Recorded Future
This may be an indication of the cyber activity spreading to regions that are supporting Ukraine.
Update 22 June 2022
This report from Bleeping Computers outline the current malware being directed at Ukraine – primarily attacking the Follina vulnerability in Microsoft Word. Make sure you have your systems patched, if this malware spreads.
Russian govt hackers hit Ukraine with Cobalt Strike, CredoMap malware (bleepingcomputer.com)
Update 10 June 2022
Both Russia and now China are stating that there will be consequences for any nation that supported the Ukraine in it’s cyber responses during the conflict:
Russia, China, oppose US cyber support of Ukraine • The Register
Update 1 June 2022
The FBI considers the spread of Russian data wiping malware, outside the conflict zone to be a serious threat:
Update 20 May 2022
Cyber gangs have been cited as helping primarily Russia, but there is also support for Ukraine, throughout this conflict. It is now being reported that support for Russia’s position is spreading to state sponsored groups outside the two conflict nations:
Iran, China-linked gangs join Putin’s disinformation war • The Register
Any spread of the use of cyber weapons outside the region, to threat actors that have their agendas, in addition to supporting Russia in the conflict, is an increase in the threat to ordinary organisations every where, large or small, who could be collateral damage.
Update 12 May 2022
So far there has been no widespread transfer of the Russian Ukraine cyber conflict outside their borders, only a trickle. But that does not mean it cannot happen:
Ukraine war: Don’t underestimate Russia cyber-threat, warns US – BBC News
Update 11 May 2022
Report on the spread of the cyber conflict outside Russia and Ukraine.
Update 5 May 2022
This executive order by President Putin is authorising actions against states and organisation that have implemented sanctions against Russia. This could be the start of the malware that has been used so far in the conflict spreading to the wider world.
Putin threatens supply chains with counter-sanction order • The Register
Update 4 May 2022
This is an excellent report by the Google Threat Analysis Group (TAG). A bit techie, but it does contain up to date information on the major threats and threat actors associated with the Russia Ukraine conflict.
Update on cyber activity in Eastern Europe (blog.google)
Update 30 May 2022
Cyber threat from Ukraine Russia conflict is growing as the invasion progresses.
Data-wiper malware strains surge amid Ukraine invasion • The Register
Update 28 May 2022
Microsoft has released a comprehensive report investigating a range of hacking and cyber-attacks associated with the Ukraine Russia conflict.
An overview of Russia’s cyberattack activity in Ukraine (microsoft.com)
Update 11 April 2022
There appears to have been action taken by Russian hackers against Finnish government websites, following the Ukrainian President Volodymyr Zelenskyy speaking to Finland’s members of parliament.
DoS attacks hit Finnish websites during Zelenskyy address • The Register
We should all be on high alert, as Boris Johnson visited Ukraine over the weekend:
Ukraine war: Johnson and Zelensky tour near-empty streets in Kyiv – BBC News
Update 31 March 2022
Just because the feared extended cyber attacks have not happened yet, it does not mean we should relax. Here is a new term for you “long tail retaliation”:
Expect a Russian cyber response to sanctions • The Register
Update 24 March 2022
NCSC supports White House call for increased cyber… – NCSC.GOV.UK
Update 23 March 2022
U.K. echoes Biden warning on Russian cyberattacks – The Record by Recorded Future
White House Warns of Possible Russian Cyberattacks – Schneier on Security
Update 22 March 2022
Warnings from the United States that there is evolving evidence of an increased Russian cyber threat as the Ukraine Russia conflict continues:
Biden: Russia ‘exploring’ US cyber-attacks – BBC News
White House warns of possible Russian cyberstrike on US critical infrastructure | Ars Technica
Updated information 16 March 2022
Updated information 14 March 2022
Updated information 8 March 2022
Cyber Security Services from Octagon Technology and Smart Thinking Solutions
Cyber Services at Smart Thinking Solutions
Cyber Security at Octagon Technology
You have missed this class but contact us, we have a waiting list and once there is enough interest we will be running the Master again.