Articles

Russia-linked cyberattacks on Ukraine: A timeline

Cyber incidents are playing a central role in the Russia-Ukraine conflict. Here’s how events are unfolding along with unanswered questions.

It’s been almost six weeks since Russian troops entered Ukraine and the large-scale “cyberwar” expected to accompany the invasion has not yet materialized. Observers and experts have offered many theories about why Russia hasn’t launched a destructive cyberattack on Ukraine yet despite its full capability to do so.

The reasons range from Russia saving its most dangerous cyberattack until the bitter end to the Kremlin’s fear of a devastating Western response. The most intriguing explanation for why Russia hasn’t seemingly unleashed its cyber arsenal is because we’re already in the middle of what Thomas Rid, professor of strategic studies at Johns Hopkins University’s School of Advanced International Studies, calls a secret cyberwar.

The digital cyberwar is playing out in the shadows, Rid argues, with the more apparent cyberattacks taking place to divert attention from the incidents that we’re not supposed to see. Cyberwar has been playing tricks on us, he argues, emerging in the form of seemingly random attacks and then slipping away into the future.

This article appeared in CSO Online. To read the rest of the article please visit here.

Image by opsa from Pixabay

 

 

 

Articles

Cyberwar’s global players—it’s not always Russia or China

Research reveals that countries such as Belarus, India, and Colombia are responsible for significant cyberattacks.

Over the past year, a string of high-profile cyberattacks coming from Russia and China has galvanized the United States and its western allies into taking swift action to counter the escalating incidents. Consequently, the SolarWinds spyware infiltration, the Microsoft Exchange hack, and ransomware attacks launched by criminal gangs harbored by the Kremlin dominate headlines and drive nation-state cybersecurity responses.

However, it’s not always Russia or China who are dangerous adversaries in the digital realm. Smaller threat groups from India, Iran, Belarus, Latin America, and Israel can hold their own when it comes to disruptive hacking or espionage operations. In addition, alleged “hacktivist” groups and threat actors of indeterminate origin engage in malign activities for often mysterious purposes.

Indian hackers pose as legitimate firms

Reuters journalists Chris Bing and Raphael Satter recapped at the recent Cyberwarcon event their ongoing investigation of a loose collective of Indian hackers that blur the lines between reputation management firms and outright hacking-for-hire services. Working for outfits such as Appin Security Labs and BellTrox, these hackers target lawyers, activists, executives, investors, pharmaceutical companies, energy firms, asset management companies, offshore banking entities, and high net worth individuals.

This article appeared in CSO Online. To read the rest of the article please visit here.

Image by Pete Linforth from Pixabay

Articles

A new era of cyber warfare: Russia’s Sandworm shows…

lead centered=”no”In-depth research on Russia’s Sandworm hacking group shows broad capabilities and scope to disrupt anything from critical infrastructure to political campaigns in any part of the world./lead

Speakers at this year’s CyberwarCon conference dissected a new era of cyber warfare, as nation-state actors turn to a host of new advanced persistent threat (APT) strategies, tools and tactics to attack adversaries and spy on domestic dissidents and rivals. The highest profile example of this new era of nation-state digital warfare is a Russian military intelligence group called Sandworm, a mysterious hacking initiative about which little has been known until recently. The group has nevertheless launched some of the most destructive cyberattacks in history.

Wired journalist Andy Greenberg has just released a high-profile book about the group, which he said at the conference is an account of the first full-blown cyberwar led by these Russian attackers. He kicked off the event with a deep dive into Sandworm, providing an overview of the mostly human experiences of the group’s malicious efforts.

Sandworm first emerged in early 2014 with an attack on the Ukrainian electric grid that “was a kind of actual cyberwar in progress,” Greenberg said. The grid operators in Ukraine watched helplessly as “phantom mouse attacks” appeared on their screens while Sandworm locked them out of their systems, turned off the back up power to their control rooms, and then turned off electricity to a quarter-million Ukrainian civilians, the first ever blackout triggered by hackers.

This article appeared in CSO Online. To read the rest of the article please visit here.