September 24, 2024 at 02:33PM
Russia’s use of evolving malware to support its military efforts in Ukraine continues, with a 90 percent increase in incidents involving malware infections. The tactics include impersonating others and using messaging apps to deliver malware. Russia is also targeting energy infrastructure organizations with destructive cyberattacks, including supply chain attacks, in a bid to stay under the radar.
From the meeting notes, key takeaways include:
1. Russia’s ongoing use of malware to support its military efforts in Ukraine, with a 90 percent increase in incidents involving malware infections according to Ukraine’s State Service of Special Communications and Information Protection (SSSCIP).
2. The tactics used by Russian cyberespionage outfit UAC-0184 to target military personnel, including utilizing messaging apps like Signal to steal sensitive documents.
3. The variety of message lures used by the cyber attackers, including requests for information, deceptive intimidation tactics, promises of rewards, and fake information about transfer to another unit.
4. The use of popular malware strains such as Smokeloader in phishing campaigns and the appearance of ransomware in some cases.
5. Russia’s renewal of interest in disruptive cyberattacks, including a destructive attack on Viasat using the WhisperGate wiper malware.
6. Evidence of supply chain attacks by Russia, targeting energy infrastructure organizations in Ukraine, with the compromise of three supply chains simultaneously.
7. The use of specialized software containing backdoors and vulnerabilities for lateral movement and escalation of cyberattacks against critical infrastructure organizations.
8. Russia’s efforts to maintain a low profile and persistent access in key systems relied on by the military, targeting areas critical to the success and support of their military operations.
9. Despite an increase in overall attacks, the incidents investigated by Ukraine have primarily been categorized as low severity, with a decrease in ‘critical’ and ‘high’ severity incidents.
10. The ongoing threat of cyberattacks targeting military personnel and government bodies, emphasizing the importance of raising awareness of fundamental cyber hygiene practices and current cyber threats.
These clear takeaways provide a comprehensive understanding of the current cyber landscape in the context of the Ukraine-Russia conflict and present valuable insights for further strategic discussions and actions.