{"id":1799,"date":"2022-04-20T13:11:50","date_gmt":"2022-04-20T18:11:50","guid":{"rendered":"https:\/\/ardent-security.com\/?p=1799"},"modified":"2022-04-20T13:26:29","modified_gmt":"2022-04-20T18:26:29","slug":"ukraine-russian-towards-a-first-world-cyberwar","status":"publish","type":"post","link":"https:\/\/ardent-security.com\/en\/ukraine-russian-towards-a-first-world-cyberwar\/","title":{"rendered":"Ukraine Russian: towards a first world cyberwar"},"content":{"rendered":"

Cyberattacks in Ukraine: Could It Lead to a First World Cyberwar?<\/h2>\n

When the US needed a place to test its Cold War atomic weapons, it used an isolated atoll named \u201cBikini\u201d in the Marshall Islands of the Pacific. The 25 mile long ring-shaped coral atoll witnessed more than 20 tests from 1946 into the 1960s. Today several foreign actors could be using the war in Ukraine as a test site for their cyber warfare techniques, tactics and procedures (TTPs). Cyberattacks can quickly cross borders, so it\u2019s critical that governments and corporations have the proper defenses in place for these evolving threats. \u00a0<\/em><\/p>\n

Ukraine\u2019s infrastructure is similar to Western Europe, Canada and the US and though its cyber defenses are more limited than that of the Five Eyes (FVEY) intelligence alliance<\/a> (Australia, Canada, New Zealand, UK and US). This makes it an attractive target for countries such as Iran, N. Korea and China to test their own cyber capabilities.<\/p>\n

What form have the cyberattacks in Ukraine taken so far? The first attacks seemed pro-Russian. They took down government websites with the message<\/a> \u201cBe afraid and expect the worse.\u201d This useful advice was then followed by false claims<\/a> that \u201cAll your personal data has been sent to a public network. All data on your computer is destroyed and cannot be recovered.\u201d though the country\u2019s State Bureau of Investigations – similar to US FBI – denied<\/a> that any data was actually stolen. At one point Ukraine\u2019s deputy secretary of their National Security and Defense Council attributed<\/a> the attacks to a hacker group linked to the Belarusian intelligence service.<\/p>\n

In mid-January Microsoft reported<\/a> wiper malware disguised as ransomware (tracked as DEV-0586<\/em>) on several Ukrainian governmental agencies and organizations systems. Activation of the wiper malware would have killed the systems. Had it been placed in anticipation of the Russian invasion, like land mines waiting to be remotely activated?<\/p>\n

The US Dept. of Homeland Security (DHS) shortly thereafter issued an intelligence bulletin<\/a> to critical US infrastructure operators and state and local governments warning of a possible Russian counter cyberattack if Moscow believed the US or NATO response to a potential invasion of Ukraine \u201cthreatened [Russia\u2019s] long-term national security.\u201d<\/p>\n

February brought a distributed denial of service<\/a> (DDOS) attack on the Ukrainian defense ministry, military sites and two banks. There was evidence of Russian penetration of their military, energy and other critical networks to collect information needed to support the imminent invasion.<\/p>\n

\"\"<\/p>\n

In late February, researchers from ESET and Symantec reported new malware called HermeticWiper<\/em><\/a> spreading across Ukraine, Lithuania and Latvia. The Canadian Centre for Cyber Security issued its Alert<\/a> regarding this malware on February 23rd<\/sup> referencing the following articles:<\/p>\n