The Pentagon and NATO countries are behind massive cyberattacks from Ukrainian territory against the Russian critical infrastructure, the press office of Russia’s Federal Security Service (FSB) claimed.
Over 5,000 hacker attacks on Russian critical infrastructure have been recorded since the beginning of 2022, the press office said in a statement. ‘The analysis of revealed computer threats has helped obtain data evidencing that the United States and NATO countries used Ukrainian territory for carrying out massive computer attacks on civilian infrastructure facilities in Russia,’ the security agency stated. The FSB further claimed that Washington wants to portray only Ukraine as the ‘author” of these cyberattacks. However, FSB stressed that the Pentagon is directly involved in developing these cyberattacks in consultation with international and national hacker groups such as Anonymous, Silence, Ghost Clan from the United States, RedHack from Turkey, GNG from Georgia, and Squad 303 from Poland.
Russian hackers have increased their activities against Ukraine’s civil infrastructure websites, especially government agencies and local authorities sites, since the start of 2023, according to Ukraine’s computer emergency response team (CERT-UA). These sites are particularly vulnerable due to the lack of adequate cyber protections. CERT-UA has processed over 300 cyber incidents and attacks during January-February 2023, almost half as much as in the corresponding period last year. On average, Russian hackers target Ukraine with more than ten cyberattacks every day.
Furthermore, CERT-UA stated it had observed an increase in espionage attacks, emphasising maintaining constant access to organizations. Malware distributed by Russian hackers focuses mainly on data collection and remote access to users’ devices. CERT-UA warns that these attacks are potentially aimed at obtaining information that can give an advantage in a conventional war against Ukraine, including data on mobilization and Western weapons logistics.
Belarus’ once booming tech industry is facing a dire situation as Western sanctions take their toll. The IT sector, which had been a significant contributor to the country’s economy and had attracted investments from international firms, is now struggling to survive. As a result of the sanctions imposed on Belarus for its support of Russia have severely impacted the industry. Leaving many businesses struggling to survive and causing a brain drain, with one in five IT specialists leaving the country in the 2022 migration wave. This is a significant increase from the previous migration wave after the 2020 presidential election when one in ten IT specialists left the country. In response to the migration wave, one survey found that 80% of Belarusian IT companies have launched full or partial relocation schemes.
As the situation continues to unfold, many in the industry fear that Belarus’ IT sector may be on the brink of collapse.
In a bid to strengthen their trade partnerships, Ukraine and the United Kingdom have signed a digital trade agreement. The signing of this agreement is a significant development for Ukraine, as they become only the second country in the world to enter into such a partnership with the UK, following Singapore.
The digital trade deal supplements the Political, Free Trade, and Strategic Partnership Agreement signed by the two nations and will become effective after all interstate procedures are completed.
As per reports by Ukrainian media, the latest agreement aims to prevent any possible trade barriers from arising in the future while guaranteeing Ukrainian IT companies continued and unrestricted access to markets, which is vital to their growth and expansion.
Lithuania’s Radio and Television Commission has ordered internet providers to block access to IP addresses used to watch Russian TV channels, which European Union sanctions have targeted. The decision was made on 8 March after discussions with internet provider representatives and following confirmation of their technical ability to comply. Lithuania banned the rebroadcasting and online dissemination of TV and radio channels owned or financed by Russia and Belarus following amendments to the law on public information in 2022.
Private US company Chainalysis is a leading company in collecting and analyzing data used on cryptocurrency blockchains. In its annual report on cryptocurrency-related crime, they point out that illicit cryptocurrency volumes reach all-time highs amid a surge in sanctions and hacking.
‘Overall, the share of all cryptocurrency activity associated with illicit activity has risen for the first time since 2019, from 0.12% in 2021 to 0.24% in 2022.’ The company assesses that an equivalent of $20.6B is used for illicit activities.
A big part of that sum comes from the offenses related to the economic sanctions on Russia. This shows that a strict regime of sanctions is efficiently imposed on cryptocurrency exchanges, by the US department of the treasury, and international financial institutions. The report describes methods that are used for money laundering and fund transfers. As a key takeaway, Chainalisys points out that the impact of crypto sanctions depends on the jurisdiction and technical constraints.
Ransomware crypto payments
The report shows a decline in ransomware from 2021. Chainalisys claims that ransomware victims increasingly refuse to pay the ransom money hence pushing the criminals out of this scheme. The report is stating that “meaningful disruptions against ransomware actor groups are driving lower than expected successful extortion attempts” In 2021, the US Office of Foreign Assets Control (OFAC) issued an advisory document about the risk of ‘sanction crimes’ that can rise from ransomware payments. OFAC advises all US companies to report ransomware to the FBI prior to any action. This is also considered to be one of the factors for the drop in ransomware payments. In addition, ransomware lifespan is significantly shorter. From 470 days in 2019, it is down to 70 days in 2022.
Money laundering
The report is stating a rise in money laundering activities from $14.2B in 2021 to $23.8B in 2022. The report is stating ‘underground money laundering services’ are a growing concern. Such groups use private channels on messaging apps to set and organise private transactions that are hard to track.
Cryptocurrency scams
Cryptocurrency scams and the use of cryptocurrency on darknet markets are on the decline compared to previous years.
Since the beginning of the Russian invasion on 24 February, the Institute of Mass Information (IMI) and Reporters Without Borders (RSF) have documented the violent crimes and mistreatment of journalists and media organizations in Ukraine. Cyberattacks, hacks, social media threats, and attacks against media pages on social media have all been used in the information war. Throughout the past year, at least 42 cyber crimes have been reported. Hackers associated with the GRU, the Russian military intelligence organization, were blamed for the most recent cyberattack, which targeted the website of the Ukrainian news agency Ukrinform.
Pro-Russia hacking group Killnet has been targeting hospitals in Europe and the USA in retaliation for western support for Ukraine. The Netherlands National Cybersecurity Centre (NCSC) reported that the attacks impacted several hospitals in the country, but their impact was minimal. The Dutch cyber watchdog also said all the threats had been successfully mitigated.
The US Department of Health and Human Services (HHS) also reported that Killnet had targeted US hospitals and is actively threatening the health and public health sector. The HHS noted that these attacks do not cause significant harm but can create service disruptions that may last several hours or days.
Hospitals in other European countries, including the UK, Germany, and Poland, have also been targeted.
CSIRT Italia, the Italian Computer Security Incident Response Team, has identified an increase in Distributed Denial of Service (DDoS) against the information infrastructure of key Italian critical infrastructure. Attacks seem to be launched by a group of Russian hackers but have not breached the integrity and confidentiality of information so far.
The Computer Emergency Response Team of Ukraine (CERT-UA) reported the spread of a new ransomware strain called ‘Somnia’, attributing the attacks to the Russian threat actor known as ‘From Russia with Love’ (FRwL), also known as ‘Z-Team’. The ransomware attacks targeted Ukrainian corporations’ employees, using their Telegram accounts to try and gain access to a corporate network.
As explained by CERT-UA, the group used fake sites that mimic the ‘Advanced IP Scanner’ software, which, if downloaded, infects the victim’s computer with the Vidar data-stealing malware that can capture Telegram session data, as well as take over the victim’s account.
Then, the threat actors used victims’ Telegram accounts to gain access to the corporate network. Once access to the target’s network was obtained, the hackers executed reconnaissance operations using tools like Netscan and deployed Cobalt Strike Beacons before exfiltrating data.
According to CERT-UA, the group had previously revealed that they created Somnia ransomware on Telegram and posted evidence of the attacks they made against Ukrainian targets.