Business Continuity Management / Disaster Recovery , Critical Infrastructure Security , Cybercrime

Russia-Ukraine Updates: Cybersecurity News Amid Conflict

ISMG's Editorial Team Monitors the Latest Cyber-Related Reports in Ukraine Crisis
Russia-Ukraine Updates: Cybersecurity News Amid Conflict

Russian President Vladimir Putin invaded Ukraine, launching kinetic attacks and malicious cyberattack campaigns against the former Soviet state. During these chaotic times, it is unclear how the invasion may affect the West. National security experts at the White House, the nation's operational cyber agency, CISA, and Britain's National Cyber Security Center, among others, are calling for network defenders to be vigilant and prepare for possible retaliatory nation-state attacks.

See Also: Gartner Guide for Digital Forensics and Incident Response

In this thread, Information Security Media Group's editorial team recaps all the cyber headlines that have intersected with Putin's invasion in Europe.

March 25, 2022

ISMG Editors: Russia-Ukraine War Cyber Escalation Fallout?

ISMG editors discussed important cybersecurity issues, including the White House warning about escalated cyberthreats from Russia and the impact of the Russia-Ukraine war on the healthcare sector.

March 24, 2022

Ukrainian IT Official: Russian Cyberattacks Have Continued

Ukrainian IT officials continued to call out alleged Russian cyberattacks. This comes as hacktivists took matters into their own hands in the digital underground, striking Russian media agencies, government ministries and more.

March 23, 2022

Reports: Russian IPs Scanning US Energy Firms, Others

U.S. President Joe Biden warned that intelligence is pointing toward potential Russian cyberattacks against the U.S., the FBI reportedly issued an urgent bulletin contending that Russian IP addresses have conducted network scanning activity on at least five U.S. energy firms.

March 18, 2022

Russia Says It's Seen 'Unprecedented' Level of Cyberattacks

Russia said it experienced a greater number of cyberattacks leveraged against its government websites than ever before as Anonymous, the hacking collective, battled in the cyber war on behalf of Ukraine.

HHS: Health Sector Should Prepare for Russia-Ukraine Threats

Federal authorities advised healthcare sector entities to take precautions, including enhancing their cybersecurity posture and being prepared to implement four- to six-week business continuity plans, as they continue to face potential cyber incidents related to the Russia-Ukraine war.

ISMG Editors: Russia's War Changes Ransomware Landscape

Four editors discussed important cybersecurity issues, including how Russia's invasion of Ukraine further complicates cybercrime ransomware payments, a former U.S. Treasury senior adviser's take on Biden's executive order on cryptocurrency, and important points regarding the upcoming identity theft executive order.

Russia May Have Caused Widespread Satellite Network Outage

A security alert, issued by the FBI and the Cybersecurity and Infrastructure Security Agency, also said that "successful intrusions into SATCOM networks could create risk in SATCOM network providers' customer environments."

March 17, 2022

ISMG Editors: Russia's War Changes Ransomware Landscape

In this installment of the editor's panel weekly updates, ISMG's editors discuss how Russia's war further complicates the optics of paying money to ransomware-wielding criminals, based in Russia or that have ties to Russia-based crime operations.

Russia May Have Caused Widespread Satellite Network Outage

One of the big surprises in Russia's war with Ukraine has been the apparent lack of sophisticated cyberattacks to prepare the battlefield or support the invasion, cybersecurity experts said.

March 16, 2022

Ukrainian Cyber Official Offers Update on 'IT Army'

War in Ukraine continued into its third week, and Russia closed in on major Ukrainian cities, upping its targeting of civilian infrastructure. In the U.S., cybersecurity officials urged a "Shields Up" approach - while the digital conflict has devolved deeply into the underground.

Sanctions Halt Rewards for Bug Hunters in Belarus, Russia

The U.S., Europe and other nations have imposed a comprehensive set of sanctions against Belarus and Russia in retaliation for the invasion of Ukraine. But sanctions aren't a perfect tool, and their effects can reach people who don’t have decision-making roles or influence and may very well oppose Russia's invasion. The situation is already proving frustrating for researchers, including one in Belarus who says he is opposed to the war and that bug bounties are his only source of income.

March 15, 2022

Senators Request Briefing on Infrastructure Cybersecurity

With the ground war worsening in Ukraine, the international community rallied behind the former Soviet state, and lawmakers in the U.S. sought guidance from the Department of Homeland Security on ways to continue fortifying U.S. cyber defense. The move comes as some cyber experts predict an ultimate escalation in Russia's malicious cyber activity targeting either Ukraine's infrastructure or NATO member networks.

Anonymous Reportedly Hacked Russian Energy Firm Rosneft

International hacking collective Anonymous on Monday hacked the German subsidiary of Russian energy company Rosneft, die Welt newspaper said, citing the country's cybersecurity watchdog, the Federal Office for Information Security.

Threat of Russia-Ukraine 'Spillover' Attacks on Healthcare

As the Russia-Ukraine war continues, healthcare sector entities in the U.S need to be prepared to deal with potential spillover cyber incidents, says Anahi Santiago, CISO of ChristianaCare, the largest healthcare delivery organization in the state of Delaware.

March 14, 2022

Top Cyber Officials Say Russians May Yet Escalate Cyberwar

As war in Ukraine rages and the Putin regime continues to drive toward major population centers in the former Soviet state, U.S. cybersecurity officials remain on high alert - questioning whether the Russians will elevate their cyberwar against their Western neighbor or against NATO member-states.

Russia's War Further Complicates Cybercrime Ransom Payments

What are the ethics of paying a ransom to a cybercrime syndicate that might be working as a proxy cyber force in support of the Russian government's war with Ukraine?

March 11, 2022

Anonymous Reportedly Hacks Russian Censorship Agency

International hacking collective Anonymous announced that it hacked the Russian censorship agency known as Roskomnadzor. The group released 364,000 files it said show intensified censorship around the perception of the Ukraine invasion, which began in late February.

US Congress Passes Cyber Incident Reporting Mandate

After months of political infighting, a landmark cybersecurity provision requiring critical infrastructure providers to report security incidents and ransom payments passed both chambers of Congress and now heads to President Joe Biden's desk.

Cybersecurity Picture Inside Russia Grows More Complicated

In response to widespread, ongoing disruptions, the Russian government allegedly weighed a move to disconnect the country from the internet and switch to its own "runet." While government officials denied any such plans, they announced the launch of a domestic, trusted TLS certificate authority to allow Russia to issue its own digital certificates, in the event that existing certificates get revoked.

March 10, 2022

Internet Experts Propose Blocking Culpable Russian Sites

In an open letter addressing a request by the Ukrainian government to the web governance entity the Internet Corporation for Assigned Names and Numbers, dozens of researchers, internet activists, politicians and academics voiced their disapproval, and called for precise, measured sanctions that could more effectively weaken Russian military and propaganda efforts.

March 9, 2022

Former US Cyber Official Warns of Russian War Repercussions

A former top U.S. cybersecurity official warned that the conflict in Ukraine will likely worsen before showing any signs of improvement, including potential cyber escalation with the U.S. and its NATO allies. Richard Clarke, former special adviser to the president of the U.S. on terrorism and cybersecurity, also urged security practitioners to ask hard questions if a system should fail.

March 7, 2022

White House Requests Billions in Tech Aid for Ukraine

As the ground war in Ukraine intensifies, U.S. and NATO officials looked to sharpen sanctions and rhetoric against Moscow, and cybersecurity proved a pivotal part of the discussion. The Biden administration requested $10 billion in emergency funds to address Russia's campaign, with sizeable pots for cybersecurity.

Ukraine Fighting First-Ever 'Hybrid War' - Cyber Official

Ukrainian cybersecurity official Viktor Zhora said his country is fighting the first-ever "hybrid war" that bridges both the physical and online realms.

March 4, 2022

ISMG Editors: Are Hacktivists the New Resistance Fighters?

Four editors at Information Security Media Group discuss important cybersecurity issues, including the accelerating invasion of Ukraine by Russia and its potential short- and long-term impact on the cybersecurity industry; whether hacktivists are the new resistance fighters and the dangers that might trigger; and how a data leak may help researchers track and fight the Conti ransomware gang and its affiliates.

US Officials Push Collaboration, AML Controls for Crypto

High-ranking U.S. officials said that while it would be nearly impossible for Russia to "flip the switch" and convert to cryptocurrency to stabilize its sanctioned economy, they caution that Russian elites and entities might try to skirt the measures by transferring and obfuscating funds across the blockchain.

Russia Lists 17,576 IPs Used in DDoS Attacks

Russia's National Coordination Center for Computer Incidents published a list of 17,576 IP addresses and 166 domains that it says are targeting the country's information resources via distributed denial-of-service attacks.

March 3, 2022

US Senators Express Concern Over Russian Use of Crypto

Key financial members of the U.S. Senate sent a letter to Treasury Secretary Janet Yellen regarding potential sanctions evasions and the department's ability to police crypto assets, as adversarial countries have previously leveraged them to fund weapons programs and infuse their economies with needed cash flows.

9 Essentials for Global CISOs During Russia's Ukraine War

How can CISOs be prepared as nation-state and other activity remains a threat in light of Ukraine's invasion? Here are nine ways to consider bolstering network defenses.

Phishers Target European Nations Aiding Ukrainians

A fresh phishing campaign, aimed at victimizing those donating aid to Ukraine, was carried out - most likely - by nation-state actors, according to cybersecurity researchers.

Conti Gang Members Fretted Over Putin's Ukraine Invasion

A Wisconsin-based consultancy that analyzes cybercrime activity, Hold Security, released an excerpt of a private chat between two Russian Conti members. In the chat, the two express misgivings about the war in Ukraine due to its violence. One participant bad-mouthed Russian President Vladimir Putin and said he had lost his mind.

Russia-Ukraine Cryptocurrency Scams Detected by Researchers

Mikhail Sytnik, security expert for threat analysis firm Kaspersky, tells ISMG that cryptocurrency-related phishing scams continue to grow in 2022. More than 460,000 phishing attempts were made in 2021 and with an increased interest in digital assets, Sytnik says there will not be a shortage of cryptocurrency-related scams.

March 2, 2022

US Senate Passes Incident Reporting, FISMA Update Bill

The U.S. Senate passed a landmark cybersecurity package that bundles three substantial measures - mandatory 72-hour incident reporting for critical infrastructure, an update to federal IT security strategy, and authorization for the governmentwide program standardizing security assessment, authorization and monitoring for cloud services.

Personal Data of 120,000 Russian Soldiers Published Online

Ukrainian online newspaper Pravda published details on 120,000 Russian soldiers, citing Ukraine's Center for Defense Strategies as the source. But chatter seen by Information Security Media Group on Telegram suggests that the source of the dataset is the hacker group ENIGMA.

March 1, 2022

Feds Warn Health Sector of Russia-Ukraine Conflict Threats

Federal authorities cautioned that while they are unware of specific cyberthreats to the U.S. healthcare and public health sector related to Russia's attack on Ukraine, entities in those sectors should stay proactive and vigilant to at least three main potential threat groups and two wiper malware variants.

US Officials Tracking Russian Cyberattack Escalation Risk

Amid the Russia-Ukraine crisis, cybersecurity officials in the U.S. and European Union expressed surprise over Russia's lack of pervasive cyber strikes and warned that cyberattacks could follow as Russia's economy reels from sanctions.

Feb. 28, 2022

Anonymous Extends Its Russian Cyberwar to State-Run Media

International hacktivist collective Anonymous reported by way of social media that it successfully hacked websites connected to the Russian government, state media and banks as Russia experienced partially sanctions from SWIFT, the international messaging system used by banks around the world.

Update: Cyber Hacktivists Target Belarus for Supporting Russia

Belarus has renounced its nonnuclear status and began moving the Kremlin's nuclear weapons into the country for the first time since it gave up nuclear weapons at the fall of the Soviet Union. This action sparked a heavy backlash from several cyber hacktivist groups, who started disrupting Belarus' railway services and banking systems.

Ukrainian Researcher Leaks Conti Ransomware Gang Data

Researchers released more than a year's worth of data on Conti, a Russian ransomware gang known for its attack on the Health Service Executive of Ireland. The leak is being called a "must read" for security experts.

Ukraine Assembles IT Army to Perform DDoS on Russia

The Ukrainian Ministry of Defense, with the support of Ukraine's vice prime minister and minister of digital transformation Mykhailo Fedorov, reportedly issued a call for Ukrainian hackers to safeguard its networks and potentially tap into Russian infrastructure. Elon Musk also provided internet services to Ukraine by way of Starlink satellites.

Feb. 27, 2022

Feds Advise 'Shields Up' as Russian Cyberattack Defense

The U.S. Cybersecurity and Infrastructure Security Agency and the FBI issued a joint advisory pointing to Russian state-sponsored activity using WhisperGate and HermeticWiper malware to target Ukrainian organizations. The agency has also updated the Shields Up webpage to include recommendations for corporate leaders and actions to protect critical assets.

Feb. 26, 2022

Belarusian Spear-Phishing Campaign Targets Ukraine Military

A nation-backed group called UNC1151 aka Ghostwriter launched a malicious spear-phishing campaign aimed at members of the Ukrainian military. Meanwhile, the Ukrainian Ministry of Defense reportedly issued a call for Ukrainian hackers to safeguard its networks and potentially tap into Russian infrastructure.

Feb. 25, 2022

Ukraine Invasion: What if US Strikes Back Against Russia?

Sam Curry, CSO for Cybereason, discussed the potential fallout as Russia-Ukraine tensions heighten and how security leaders can prepare in this video interview.

Ukraine Reportedly Calls for Volunteer Cyberwarriors

The Ukraine's Ministry of Defense allegedly issued a notice to recruit hackers to launch cyberattacks on Russia's critical infrastructure. Hacktivist group, Anonymous, is also reportedly leveraging attacks against Russia.

Wiper Malware Attacks Have Not Escaped Ukrainian Networks

Focusing on doomsday scenarios related to the Russia-Ukraine crisis will not help security teams, but running through emergency incident response preparation plans can. Wiper malware attacks, in terms of the Russia-Ukraine conflict, stayed contained in the Ukraine.

Sound Off: How Can Banks Prepare for Russia-Ukraine Crisis?

In the new video series "Sound Off," which explored a single question in depth, David Pollino, former CISO of PNC Bank, discusses how financial institutions should - and must - strengthen their incident response plans. Pollino, in this short video, provides specific examples of how security teams protecting bank networks can mitigate the risks of potential cyberattacks leveraged by nation-states.

Feb. 24, 2022

New Malware in Russia-Linked Sandworm's Portfolio

A new form of malware named Cyclops Blink and developed by Russian threat actor Sandworm aka Voodoo Bear was detected. U.K National Cyber Security Center and CISA issued joint advisory statements warning of Cyclops Blink, which has been active since June 2019 and attacks small home office routers and network devices.

White House Denies Mulling Cyber Strikes on Russia

U.S. officials, in an effort to disrupt Russia's web services, electric grid and other critical infrastructure, reportedly presented President Joe Biden with several offensive cyber options. But White House press secretary Jen Psaki has denied these reports. Threat analysts also discussed how cyberattacks could extend beyond Ukraine into other areas of Eastern Europe.

Russia-Ukraine War: Threats Facing the Healthcare Sector

In light of recent events in Ukraine, healthcare security experts warned of potential cyber threats the U.S. could face, including malware, disinformation and phishing campaigns to launch retaliatory attacks. CISOs, researchers and other security experts weighed in on the risks.

Feb. 23, 2022

Cyberattack Hits Ukrainian Government, Banking Websites

Ukraine's government and banking websites suffered a distributed denial-of-service outage that lasted for several hours - less than a week after the Ministry of Defense site fell in a similar attack. Global cybersecurity agencies warned organizations to enable multifactor authentication and be on high alert for other malicious activity.

Report: Ukrainian Government Prepared to Wipe Servers

As the Russia-Ukraine conflict escalated, the Ukrainian government looked to the possibility of wiping servers to protect sensitive data. Cybersecurity experts also weighed in on the possibility of a spike in ransomware and other cyberattacks as Russia's cyber warfare tactics heated up.

Proof of Concept: Is the New Age of Cyber War Here?

In ISMG's new series "Proof of Concept," guests discussed the probability of a cyber incident resulting in a kinetic response. This came as tensions between Ukraine and Russia rose sharply.

Russia's Invasion of Ukraine Triggers Resiliency Reminders

As Russia began its invasion of Ukraine, security experts reminded network defenders to stay prepared for any contingency. Britain's NCSC called for Western security agencies to bolster online defenses.

Feb. 22, 2022

EU Activates Cyber Rapid Response Team Amid Ukraine Crisis

The U.S. confirmed that the distributed denial-of-service attack on Ukraine's Ministry of Defense had been launched by Russia's Main Intelligence Directorate, aka GRU. In the wake of the escalating conflict, the European Union activated its group of cyber military experts to safeguard Ukrainian networks.

As Russia Invades Ukraine, Cyber Escalation Threat Looms

World leaders moved to sanction Russia for its aggression, and Ukraine remained on high alert in the face of potential cyberattacks. Ukraine's Computer Emergency Response Team issued an alert urging security teams to report suspicious activity to the government.

Feb. 21, 2022

Cybersecurity Readiness Advised as Russian Threats Loom

Russian President Vladimir Putin delivered alarming remarks from the Kremlin, further legitimizing U.S. President Joe Biden's fears that invasion of Ukraine was imminent. Financial institutions, the state of New York and others advised on cybersecurity readiness in case Russia retaliated against the West.

Feb. 15, 2022

Report: Cyberattack Hits Ukrainian Defense Ministry, Banks

Ukraine's defense ministry, as well as two banks, Privatbank and Oschadbank, were reportedly hit by a cyberattack. The defense ministry's website, which supports the Armed Forces of Ukraine, went dark.

Feb. 14, 2022

CISA Warns Orgs to Prep for Potential Russian Cyberattacks

After Russia amassed some 100,000 troops along the borders of Ukraine, the U.S. Cybersecurity and Infrastructure Security Agency released its "Shields Up" warning, designed to advise network defenders on how to protect against nation-state attacks.

Feb. 9, 2022

Report: European Central Bank Warns Against Russian Hacking

The European Central Bank warned against Russian cyberattacks on European banks, conducting numerous cyber war games in order to test the resiliency against a Russian cyber offensive. At one time, the banking system had focused predominantly on pandemic-related scams, but it then turned its attention to the possibility of Russia initiating direct cyberattacks on financial institutions.

Jan. 24, 2022

Report: DHS Fears Russian Cyberattack If US Acts on Ukraine

The DHS cautioned that Russian cyberattacks in retaliation of U.S. support of Ukraine could be on the horizon.

Jan. 21, 2022

Ukraine Cyber Attacks: A Case of Hacktivism?

ISMG's Anna Delaney and Mathew Schwartz analyzed cyberattacks aimed at Ukraine's government agencies. Seventy government agencies were targeted in an attempt to deface them.

Dec. 24, 2021

Cyber Activity Surges as Russia Masses on Ukraine's Border

Russia moved 175,000 soldiers to the Ukrainian border after President Vladimir Putin criticized Ukraine's intention to join NATO. Cybersecurity experts, who noticed an increase in Russian intelligence operations, warned this could be a precursor to invasion.


About the Author

Dan Gunderman

Dan Gunderman

Former News Desk Staff Writer

As staff writer on the news desk at Information Security Media Group, Gunderman covered governmental/geopolitical cybersecurity updates from across the globe. Previously, he was the editor of Cyber Security Hub, or CSHub.com, covering enterprise security news and strategy for CISOs, CIOs and top decision-makers. He also formerly was a reporter for the New York Daily News, where he covered breaking news, politics, technology and more. Gunderman has also written and edited for such news publications as NorthJersey.com, Patch.com and CheatSheet.com.

Devon Warren-Kachelein

Devon Warren-Kachelein

Former Staff Writer, ISMG

Warren-Kachelein began her information security journey as a multimedia journalist for SecureWorld, a Portland, Oregon-based cybersecurity events and media group. There she covered topics ranging from government policy to nation-states, as well as topics related to diversity and security awareness. She began her career reporting news for a Southern California-based paper called The Log and also contributed to tech media company Digital Trends.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.