Business Continuity Management / Disaster Recovery , Critical Infrastructure Security , Cybercrime
Anonymous Extends Its Russian Cyberwar to State-Run MediaDevelopments Follow Partial Exclusion of Russia from SWIFT Banking System
As Russia continues its invasion of Ukraine, Western governments and certain hacktivists remain steadfast in their opposition. The international hacktivist collective Anonymous says on social media that it has successfully hacked websites connected to the Russian government, state media and banks.
See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm
The decentralized collective has apparently hit the government website for Chechnya, a Russian republic. Its leader, Ramzan Kadyrov, is an ally of Russian President Vladimir Putin and has vowed military support for Russia. At the time of writing, the Chechen site remained down.
According to Anonymous-controlled social media accounts, Russian state-run media, including Tass, Izvestia, Fontaka, RBC and Kommersant, have also fallen victim
In place of regular messaging on the sites, the collective left the following antiwar messages, according to social media posts: "Dear citizens. We urge you to stop this madness, do not send your sons and husbands to certain death. Putin makes us lie and puts us in danger. We were isolated from the whole world, they stopped buying oil and gas. In a few years we will live like in North Korea. What is it for us? To put Putin in the textbooks? This is not our war, let's stop it!"
The messaging feeds into reported dissent within Russia, as at the time of writing, the Russian government had arrested some 5,000 antiwar protesters, according to CBS News.
It is all reportedly a part of the campaign the decentralized group - characterized by the Guy Fawkes-based character in the graphic novel "V for Vendetta" - has branded with the hashtag #OpCyberBullyPutin, or #OpRussia and #OpKremlin. The group took a similar approach in its data leak efforts against the Islamic State group.
Anonymous has also reportedly leaked over 200GB of emails from the Belarusian weapons manufacturer Tetraedr to the journalism collective DDoSecrets.
In parallel efforts, Ukrainian Vice Prime Minister Mykhailo Fedorov confirmed on Saturday that the nation is quickly assembling an "IT army" to combat Russian advances, according to Reuters. The news service reported last week that the cyber unit will be charged with safeguarding Ukrainian infrastructure and initiating cyberespionage efforts.
Fedorov took to social media over the weekend to call on Big Tech to cut off Russia from its services and asked large crypto exchanges to block Russian wallet addresses.
Ukrainian Cyberattacks Surge
Quantifying an uptick in cyber activity in Ukraine, Israeli firm Check Point said related attacks on Ukrainian government sites and its military increased by 196% in the first three days of the conflict.
And as the situation on the ground has worsened, social media giants have considered or implemented stricter moderation policies over Russian disinformation efforts.
Meta, the parent company of Facebook, says in a blog post that it has taken down a network run by users in Russia and Ukraine and is targeting the latter. Meta Head of Security Policy Nathaniel Gleicher and Director of Threat Disruption David Agranovich say the network violated its policy against "coordinated inauthentic behavior."
Meta's security team says users created fake personae and claimed to be based in Kyiv - posing as news editors, a former aviation engineer and an author of a scientific publication on the science of mapping water.
They claim there are similarities to a takedown in April 2020 that was connected to individuals in Russia, the disputed Donbas region in Ukraine and two now-sanctioned media organizations in Crimea.
Meta also says it has tracked an increase in activity from the Belarus-linked APT NC1151 - aka Ghostwriter - targeting Ukrainian military and public figures in wide-scale spear-phishing campaigns (see: Belarusian Spear-Phishing Campaign Targets Ukraine Military).
Meta says it detected attempts to target Facebook users to in turn post YouTube videos depicting Ukrainian forces as "weak" and "surrendering."
Gleicher and Agranovich recommend related users stay vigilant against new friend requests and suspicious links from unknown senders, and they urge users to implement two-factor authentication for all online accounts. They say that new account measures now include a one-step profile lockdown, a temporary removal of the ability to view and search "friends lists," and additional notifications about privacy and account security.
Ceasefire Talks and 'SWIFT' Action
Monday's developments came as delegations from both Russia and Ukraine met in Belarus to discuss a potential cease-fire.
According to CNN, Ukrainian President Volodymyr Zelenskyy's adviser Mikhaylo Podolyak told reporters that the first round of negotiations had officially wrapped and had been centered around a potential cease-fire. The parties, he said, are returning to their respective capitals "for consultations."
U.S. President Joe Biden continues to seek de-escalation after the Russians readied their deterrence forces on Sunday - including a nuclear arms cadre.
The White House says it will not send U.S. troops to create a "no-fly" zone in Ukraine, calling the move escalatory since it would involve potential aerial takedowns.
Nonetheless, the U.S. and its allies have gradually issued strict sanctions against Moscow - including a partial exclusion from SWIFT, the international payments messaging system that boasts a membership of some 11,000 financial institutions worldwide, including central banks for the U.S., U.K. and EU.
The financial exclusion will only apply to some Russian banks, officials from the U.S., U.K. and EU stated. U.S. leaders say the move will hamper Russia's ability to fund the war. It could however, lean on its own SPFS system that currently carries out 20% of its domestic transfers, CNN reports.
As James A. Lewis, senior vice president and director of the Strategic Technologies Program at the think tank Center for Strategic and International Studies, told ISMG last week, the SWIFT exclusion remained a "tempting" option - but it may also push the Russians closer to China's system, the Cross-Border Interbank Payment System, aka CIPS.
Awaken Sleeping Giants?
The rapid developments align with further warnings from the cybersecurity community about escalated cyberattacks on U.S. and western infrastructure. CISA over the weekend updated and emphasized its "Shields Up" advisory to U.S. organizations (see: Feds Advise 'Shields Up' as Russian Cyberattack Defense).
But, Chris Anthony, a former threat operations chief for the U.S. Department of Defense, says that while Western infrastructure may be vulnerable, any targeted cyberattacks could no doubt "wake up sleeping giants."
Anthony, founder and CEO of the firm TeamWorx Security, says NATO "recognizes that cyberwarfare is the new battlefield and collaboration and coordination between countries is key to coming out on top."
Casey Ellis, founder and CTO at the security firm Bugcrowd, says: "Russia will likely avoid provoking the U.S. [in cyberspace] until it's tactically or strategically advantageous for them to do so, which we all hope we can avoid."
In the longer term, cyberattacks on Ukraine "most likely won't redefine or reshape cyberwarfare," says John Bambenek, principal threat hunter at the firm Netenrich. Instead, "we will just see cyberwarfare continue to be used to directly aid military objectives."