Post Syndicated from Rapid7 original https://blog.rapid7.com/2022/03/04/russia-ukraine-cybersecurity-updates/
Cyberattacks are a distinct concern in the Russia-Ukraine conflict, with the potential to impact individuals and organizations far beyond the physical frontlines. With events unfolding rapidly, we want to provide a single channel by which we can communicate to the security community the major cyber-related developments from the conflict each day.
Each business day, we will update this blog at 5 pm EST with what we believe are the need-to-know updates in cybersecurity and threat intelligence relating to the Russia-Ukraine war. We hope this blog will make it easier for you to stay current with these events during an uncertain and quickly changing time.
March 3, 2022
Additional sanctions: The US Treasury Dept. announced another round of sanctions on Russian elites, as well as many organizations it characterized as outlets of disinformation and propaganda.
Public policy: The Russia-Ukraine conflict is adding momentum to cybersecurity regulatory actions. Most recently, that includes
- Incident reporting law: Citing the need to defend against potential retaliatory attacks from Russia, the US Senate passed a bill to require critical infrastructure owners and operators to report significant cybersecurity incidents to CISA, as well as ransomware payments. The US House is now considering fast-tracking this bill, which means it may become law quite soon.
- FCC inquiry on BGP security: “[E]specially in light of Russia’s escalating actions inside of Ukraine,” FCC seeks comment on vulnerabilities threatening the Border Gateway Protocol (BGP) that is central to the Internet’s global routing system.
CISA threat advisory: CISA recently reiterated that it has no specific, credible threat against the U.S. at this time. It continues to point to its Shields Up advisory for resources and updates related to the Russia-Ukraine conflict.
Threat Intelligence Update
- An Anonymous-affiliated hacking group claims to have hacked a branch Russian Military and Rosatom, the Russian State Atomic Energy Corporation.
The hacktivist group Anonymous and its affiliate have hacked and leaked access to the phone directory of the military prosecutor’s office of the southern military district of Russia, as well as documents from the Rosatom State Atomic Energy Corporation.
Available in Threat Library as: OpRussia 2022 (for Threat Command customers who want to learn more)
- A threat actor supporting Russia claims to have hacked and leaked sensitive information related to the Ukrainian military.
The threat actor “Lenovo” claims to have hacked a branch of the Ukrainian military and leaked confidential information related to its soldiers. The information was published on an underground Russian hacking forum.
Source: XSS forum (discovered by our threat hunters on the dark web)
- An Anonymous hacktivist associated group took down the popular Russian news website lenta.ru
As part of the OpRussia cyber-attack campaign, an Anonymous hacktivist group known as “El_patron_real” took down one of the most popular Russian news websites, lenta.ru. As of Thursday afternoon, March 3, the website is still down.
Available in Threat Library as: El_patron_real (for Threat Command customers who want to learn more)
Additional reading: