Share news article

Share on facebook
Share on twitter
Share on linkedin
Share on email

CISA Sounds Alarm on Cybersecurity Threats Amid Russia's Invasion Anniversary

Feb 24, 2023Ravie LakshmananCyber War / Cybersecurity

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is urging organizations and individuals to increase their cyber vigilance, as Russia’s military invasion of Ukraine officially enters one year.

“CISA assesses that the United States and European nations may experience disruptive and defacement attacks against websites in an attempt to sow chaos and societal discord on February 24, 2023, the anniversary of Russia’s 2022 invasion of Ukraine,” the agency said.

To that end, CISA is recommending that organizations implement cybersecurity best practices, increase preparedness, and take proactive steps to reduce the likelihood and impact of distributed denial-of-service (DDoS) attacks.

The advisory comes as the Computer Emergency Response Team of Ukraine (CERT-UA) revealed that Russian nation-state hackers breached government websites and planted backdoors as far back as December 2021.

CERT-UA attributed the activity to a threat actor it tracks as UAC-0056, which is also known under the monikers DEV-0586, Ember Bear, Nodaria, TA471, and UNC2589.

The attacks entail the use of web shells as well as a number of custom backdoors like CredPump, HoaxApe, and HoaxPen, adding to the group’s arsenal of tools like WhisperGate, SaintBot, OutSteel, GraphSteel, GrimPlant, and more recently, Graphiron.

The agency, in a related advisory, also disclosed a phishing campaign bearing RAR archives that lead to the deployment of the Remos remote control and surveillance software. It’s been linked to a threat actor known as UAC-0050 (and UAC-0096).

The findings come as Fortinet reported a 53% increase in destructive wiper attacks from Q3 to Q4 2022, primarily fueled by Russia’s state-sponsored hackers employing an unprecedented variety of data-destroying malware at Ukraine.

“These new strains are increasingly being picked up by cybercriminal groups and used throughout the growing cybercrime-as-a-service (CaaS) network,” the security vendor said.

“Cybercriminals are also now developing their own wiper malware which is being used readily across CaaS organizations, meaning that the threat of wiper malware is more widespread than ever and all organizations are a potential target, not just those based in Ukraine or surrounding countries.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Related News

New Backdoor Attack Uses Russian-Ukrainian Conflict Phishing Emails

New Backdoor Attack Uses Russian-Ukrainian Conflict Phishing Emails

The primary targets of this phishing campaign are located in the Ukrainian regions of Crimea, Donetsk, and Lugansk, which were…
CyberSecure Announces Strategic Alliance

CyberSecure Announces Strategic Alliance

BETHESDA, Md., March 24, 2023 /PRNewswire/ — Cybersecure IPS and LockDown Inc. jointly announce that they have entered a strategic alliance to…
Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest

Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest

Researchers from France-based pen-testing firm Synacktiv demonstrated two separate exploits against the Tesla Model 3 this week at the Pwn2Own…