Ukraine prepares move of sensitive data out of country

Ukraine is preparing to relocate sensitive data and servers outside the country in case of an emergency, according to Victor Zhora, the deputy chief of Ukraine’s State Service of Special Communications and Information Protection. Zhora told Reuters that Ukrainians want to be ready for the possibility of a Russian attempt to seize sensitive government documents. 

Zhora emphasised that his department is preparing a contingency plan and that relocating the information technology data infrastructure abroad is only ‘plan B or C.’ Such a plan could only be activated after Ukrainian lawmakers approve regulatory changes, Zhora explained. Government agencies would also have to determine whether to keep their operations running inside the country or evacuate them on a case-by-case basis.

Russian govt: failures on websites of Russian state agencies due to hacking of integrated widget

The Russian Ministry of Digital Development, Communications and Mass Media claimed that it registered disruption in the operation of the federal agencies’ websites because the service (widget) of the monitoring system of state agencies had been hacked. The ministry said that: ‘After hacking the widget, hackers were able to publish incorrect content on the pages of the websites. The incident was promptly localised.’ The service was operational again in an hour.

Google: hackers linked to Russia, China, Belarus target Ukraine, Europe

According to Google’s Threat Analysis Group (TAG), a number of cyberattacks have been carried out by entities linked with Russia, Belarus, and China over the past two weeks, ranging from espionage to phishing campaigns.

TAG claims that the Russia-linked FancyBear hacking group (also known as APT28) has carried out multiple massive credential phishing attempts aimed at ukr.net users. The phishing emails were sent from different hacked accounts and contained links to attacker-controlled domains. The attackers used newly-created Blogspot domains as the initial landing pages, which then redirected targets to credential phishing pages.

Increased activity by Ghostwriter (also known as UNC1151), a hacking group previously linked with Belarus, was also observed by TAG. In recent weeks, the group has undertaken credential phishing attacks against Polish and Ukrainian government and military entities. TAG identified campaigns targeting webmail users from numerous providers.

Mustang Panda, alias Temp.Hex, a China-linked hacker group, targeted European entities with malware attachments with file names such as ‘Situation at the EU-Ukraine Borders.zip’. When opened, the zip file contains an executable with the same name that downloads multiple extra files that then load the final payload.
TAG noted that they are still observing DDoS attempts against various Ukrainian sites, including the Ministry of Foreign Affairs and the Ministry of Internal Affairs, as well as services such as Liveuamap, aimed at helping people find information.

Amazon halts product shipments and suspends web services sign ups in Russia and Belarus

Amazon has announced that it has suspended shipment of retail products to customers based in Russia and Belarus and will no longer be accepting new Amazon Web Services (AWS) customers based in those countries. Access to Prime Video for customers located in Russia will also be suspended. The company noted that Amazon and AWS do not have data centres, infrastructure, or offices in Russia. They also have a long-standing policy of not doing business with the Russian government.

Hacker group Anonymous hijacks more than 400 Russian cameras, lays text on feed reading ‘Putin is killing children’

The hacker group Anonymous showed a live feed from 100 breached public cameras in Russia to ‘counter Russia’s propaganda’ and to ‘open the eyes of Russian civilians’. Different lines of text appeared, such as ‘Putin is killing children,’ ‘352 Ukraine civilians dead,’ and ‘Russians lied to 200RF.com.’ Earlier on Monday, the group hacked Russian TV, including Russia 24, Channel One, and Moscow 24 channels, to show footage from invaded locations in Ukraine.

Resecurity: Hackers targeted US liquified natural gas producers mid-February

Hackers accessed more than 100 computers belonging to current and past personnel of 21 major US  liquefied natural gas providers and exporters in mid-February, research by cybersecurity company Resecurity showed. Hackers broke into the target computers directly in some cases while they purchased access to computers that had already been infected in other cases.

The motive of the cyber operation is unknown, and it is not clear whether the attack is connected to Russian military operation in Ukraine. Resecurity CEO Gene Yoo stated that ‘Recent tensions around Nord Stream 2, global market changes, as well as conflict in Ukraine are obvious catalysts.’ As of January 2022, the USA is the world’s top liquefied natural gas exporter.

Instagram will hide followers of private accounts in Russia and Ukraine, demotes post from Russian state-owned media

Meta, Instagram’s parent company, announced that Instagram will start hiding information about private accounts based in Russia and Ukraine to reduce the spread of misinformation. This will include information about people’s followers, who they are following, and people who are following each other. 

Instagram will also start labelling content from Russian state-owned media and making it harder to find by placing it lower in the Stories tray. Instagram will also warn users before they reshare content from Russian state-owned media accounts in their stories. If users reshare the content, Instagram will place it lower in the Stories tray.

Cloudflare and Akamai refuse to pull services out of Russia

Content delivery network providers Cloudflare and Akamai have confirmed that they will continue to operate in Russia. The companies argued that suspending their services would deprive Russians of access to information from the outside world. Regardless of its decision to stay in Russia, Akamai indicated that it will cease all sales activities in Russia and Belarus and end operations with state-owned clients.