Russian cyber attacks during the 2017 Ukrainian-Ukrainian hybrid war: NotPetya and the Kremlin’s woes
The destruction exemplifies how indiscriminate bombing remains the Kremlin’s preferred tactic eight months into its war on Ukraine. Moscow’s vaunted hacking capabilities, meanwhile, continue to play a peripheral, rather than central, role in the Kremlin’s efforts to dismantle Ukrainian critical infrastructure.
Ukrainian officials tell CNN that they also deserve credit for their improved cyber defenses. TheUkrainian government claimed in April that it had disrupted a hacking attempt on power substations by a group of Russian military hackers.
Effectively combining cyber and kinetic operations “requires a high degree of integrated planning and execution,” argued a US military official who focuses on cyber defense. “The Russians can’t even pull that sh*t off between their aviation, artillery and ground assault forces.”
Cyber operations aimed at industrial plants can take many months to plan, and after the explosion in early October of a bridge linking Crimea to Russia, Putin was “trying to go for a big, showy public response to the attack on the bridge,” the senior US official said.
Ukrainian cybersecurity officials have been trying to protect their networks from Russian spy agencies and criminals while avoiding shelling.
Four officials from the State Service of Special Communications and Information Protection were killed by missile attacks in October, according to the agency. During another sad month of war, four officials who didn’t have responsibilities for cybersecurity lost their job and weighed on the other officials.
“I don’t think Russia would measure the success in cyberspace by a single attack,” the Western official said, rather “by their cumulative effect” of trying to wear the Ukrainians down.
In 2017, as Russia’s hybrid war in eastern Ukraine continued, Russia’s military intelligence agency unleashed destructive malware known as NotPetya that wiped computer systems at companies across Ukraine before spreading around the world, according to the Justice Department and private investigators. The incident cost the global economy billions of dollars, disrupting shipping giant Maersk and other firms.
An operations involved injecting malicious code and infiltrating Ukrainian software, which was used to weaponize it.
“All of that was just as astonishingly effective as the end product was,” said Olney, who has had a team in Ukraine responding to cyber incidents for years. “It takes a lot of time and you can’t just conjure up things.”
Source: https://www.cnn.com/2022/11/05/politics/russia-cyber-attacks-missiles-ukraine-blackouts/index.html
Russian hackers aren’t going anywhere: Cyberattacks against power utilities in the American southeast are not going to stop there, nor is Russia going away
The Ukrainian official who is an officer at SSSCIP called for sanctions to be tightened against Russia for its use of software tools that could be used to hack into computers.
“We should not discard the probability that [Russian government hacking] groups are working right now on some high-complexity attacks that we will observe later on,” Zhora told CNN. It is not likely that all Russian military hackers are away from work in the near future.
Tanel Sepp, Estonia’s ambassador-at-large for cyber affairs, told CNN that it’s possible the Russians could turn to a “new wave” of stepped up cyberattacks as their battlefield struggles continue.
Sepp said that the main goal was to isolate Russia on the international stage as much as possible, saying that the former Soviet state has not communicated with Russia on cybersecurity issues in months.
The threat of cyberattacks on power grids is something that WIRED has written about many times. But lately, the most significant attacks on electrical systems have demonstrated that hacking is hardly necessary when physical destruction and sabotage are an option: Just as Russia’s invasion force in Ukraine has systematically destroyed electrical infrastructure to cause vast blackouts across the country, a mysterious and continuing series of physical attacks have hit power utilities in the American southeast—and in one case, have caused an extended outage for tens of thousands of people.
No damage seems to have occurred in the South Carolina case, and in the earlier incidents in Washington, the utilities involved described the cases as “vandalism.” The attackers cut through a perimeter fence and damaged equipment, causing a brief power outage in one case. There were several incidences of intrusions at Duke Energy’s substations in Florida. Federal law enforcement is investigating the cases.
The Met Opera: Cyberattack on an Israeli-Made Diamond Industry Software Suite to Hack a Wizer Software Suite in March of 2019
The Chinese hacker group APT41 has been accused of carrying out a lot of cyberespionacht. The group that was linked in the 2020 US indictment to the company called Chengdu 404 was accused of being a for-profit thieves and of even doing business with the Chinese Ministry of State Security. The Secret Service believes that state sponsored hackers stole $20 million from US Covid relief funds, according to NBC News. About half of the stolen funds were reportedly recovered. But a hacker group on the Chinese government payroll stealing from US federal coffers represents a far more brazen form red-line crossing than even APT41’s previous exploits.
The Met Opera announced earlier this week that it was hit with an ongoing cyberattack that took down its website and online ticketing system. It is expected that the Met Opera will sell $200,000 in tickets in a day. The loss of money from the disruption may hurt one of New York’s major cultural institutions. As of Friday afternoon, the website remained offline, and its administrators had moved ticket sales to a new site. The New York Times, in its reporting on the attack, pointed out that the Met Opera had been critical of Russia’s war in Ukraine—going so far as to part ways with its Russian soprano singer—but there’s still no real explanation of the attack.
Cybersecurity firm ESET this week pinned responsibility for a campaign of data-destroying malware attacks targeting the diamond industry on a hacker group it calls Agrius, which has been previously linked to the Iranian government. The attackers hijacked the software updates of an Israeli-made diamond industry software suite to deploy the wiper malware, which ESET calls Fantasy, in March of this year. Among the targets it hit were a mining operation in South Africa and a jewelry store in Hong Kong. Iranian cyberattacks on Israeli targets are nothing new, but the researchers at ESET don’t speculate on the attack’s motivation.