The Computer Emergency Response Team of Ukraine (CERT-UA) reported the spread of a new ransomware strain called ‘Somnia’, attributing the attacks to the Russian threat actor known as ‘From Russia with Love’ (FRwL), also known as ‘Z-Team’. The ransomware attacks targeted Ukrainian corporations’ employees, using their Telegram accounts to try and gain access to a corporate network.
As explained by CERT-UA, the group used fake sites that mimic the ‘Advanced IP Scanner’ software, which, if downloaded, infects the victim’s computer with the Vidar data-stealing malware that can capture Telegram session data, as well as take over the victim’s account.
Then, the threat actors used victims’ Telegram accounts to gain access to the corporate network. Once access to the target’s network was obtained, the hackers executed reconnaissance operations using tools like Netscan and deployed Cobalt Strike Beacons before exfiltrating data.
According to CERT-UA, the group had previously revealed that they created Somnia ransomware on Telegram and posted evidence of the attacks they made against Ukrainian targets.
Reports in China claimed that experts from tech giant Huawei have been in Russia in its effort to stabilise Russia’s internet network, which was subject to numerous cyberattacks by hacker groups.
Australian Minister for Defence Peter Dutton said that: ‘In fact, we’re seeing reports today that Huawei, a Chinese telecommunications company, is providing support to Russia to keep their internet up.’ According to a report which was later deleted from a Chinese news website, ‘Huawei would use its research centres to train 50,000 technical experts in Russia.’’
According to Kommersant and other outlets, the Ministry of Digital Development, Communications and Mass Media has required state-owned websites and services to transfer their domain names to .ru, to switch to the Russian domain name system servers located in Russia, as well as to abandon foreign web hosting services, and to ‘strengthen password policies’. These measures – to be implemented by 11 March – were described as being necessary to protect state internet resources from cyberattacks, as well as from the possibility of ‘disconnection from the outside’. The Ministry of Digital Development reportedly clarified that the measures are intended to protect the country’s information infrastructure, and are not meant to disconnect Russia from the global internet. On 6 March, Deputy Prime Minister Dmitry Chernyshenko instructed the Ministry of Digital Development to ‘prepare priority measures to protect the country’s information infrastructure’.
TikTok has announced that it would cease live streaming and video uploads to its Russian platform. The corporation added that it needed to consider the implications of new media regulations. Netflix has announced that it would temporarily suspend sales and distribution of its streaming video service in Russia. It is unknown what will happen to current subscriber accounts.
Major global financial services like Visa, American Express, and MasterCard have confirmed in separate statements that they will cease business in Russia. Clients will be able to use their cards for purchases within Russia until their expiration dates. However, clients will be unable to use their Russian cards abroad or to make international payments online. Furthermore, Visa, Mastercard, and American Express cards issued outside of the country will no longer be accepted in Russia.
Several Russian banks have already stated that they will start issuing cards that use the Chinese UnionPay system in conjunction with Russia’s Mir payment network.
The hacker group Anonymous claimed that it had hacked Russian search giant Yandex.ru. The stolen data of 150 thousand users, with email addresses and passwords, including verified accounts, was made publicly available on the internet.
Russia’s largest BitTorrent tracker, RuTracker, has been removed from Roskomnadzor’s list of banned websites. The torrent tracker was banned in 2015 by a decision of the Moscow City Court, but has been unblocked in response to bans on the suspension of the release of Hollywood films in Russian distribution. Kremlin Press Secretary Dmitry Peskov did not rule out the possibility of approving the use of pirated software in response to sanctions.
The Russian Ministry of Digital Development, Communications, and Mass Media issued a statement that it does not support the idea of abolishing liability for the use of unlicensed software. The ministry supports the use of Russian software instead, as it corresponds to the plan for developing the IT sector and the presidential decree No. 83.
According to the Russian media, there has been a recent debate on whether it is acceptable to use unlicensed software in reaction to EU and US sanctions. Earlier, a European Parliament decision called on the EU and its member states to cancel the software licences for military and civilian equipment used in Russia and Belarus.
The State Service of Special Communication and Information Protection of Ukraine (SSSCIP) claimed that ‘Russian hackers keep on attacking Ukrainian information resources nonstop’. According to the agency, distributed denial of service (DDoS) attacks launched since the beginning of Russia’s operation in Ukraine were primarily targeted at the information resources of Verkhovna Rada (the Ukrainian parliament), the cabinet, the presidency, the defence ministry, and the ministry of internal affairs. The SSSCIP also tweeted about the consequences of such attacks, noting that ‘The only thing the occupants managed to do was to substitute the front pages at the sites of some local authorities.’
Cogent Communications, which is estimated to carry 1/4 of the global Internet traffic, terminated access to major Russian internet service providers.
In justification, CEO Schaeffer said that “I can’t pick good Russian traffic from bad. It’s just a big pipe.”
This move will affect streaming services such as Netflix as Cognet Communication is specialised in providing high volume Internet traffic.
More information is available here.