Hackers temporarily shut down dozens of government websites in Ukraine on Friday, causing no major damage but rising tensions as Russia gathered troops along the Ukrainian border. Separately, in a rare gesture to the US in a time of cold ties, Russia said it has arrested members of a major ransomware gang that targets US entities.
The events, although seemingly unrelated, came during a frenzied period of activity, as the US publicly accused Moscow of preparing another invasion of Ukraine and making excuses to do so. He underscored how cyber security remains an important concern – that growing hostility risks not only real violence but also damaging digital attacks that could hit Ukraine or even the US.
The White House said Friday that President Joe Biden had been briefed about the disruptions, which targeted nearly 70 websites of national and regional government bodies, but did not indicate who might be responsible.
But without any allegation of responsibility, doubts were cast on Russia, with a history of cyberattacks plaguing Ukraine. Ukraine’s security service, the SBU, said preliminary results of an investigation indicated the involvement of “hacker groups linked to Russia’s intelligence services”. The SBU said the perpetrators “hacked the infrastructure of a commercial company that had access, with administrator privileges, to the websites affected by the attack.”
The White House said it was still assessing the impact of the distortions, but described it as “limited” so far. Meanwhile, a senior administration official said the White House welcomed news of the arrests of alleged ransomware gang members in Russia, with Moscow saying an operation was carried out at the request of US officials.
The official, who briefed reporters on condition of anonymity, said one of those arrested was linked to a Colonial pipeline hack that resulted in gas shortages in parts of the US last year. According to the official, the arrests are believed by the White House to be unrelated to Russia-Ukraine tensions.
Russia’s previous cyber operations against Ukraine have included the hacking of its power grid before the 2014 national elections and in 2015 and 2016. In 2017, Russia uncovered one of the most damaging cyber attacks on record with the NotPetya virus, which targeted Ukrainian businesses and caused more than $10 billion (about Rs 74387 crore) in damages globally. Moscow has previously denied involvement in cyberattacks against Ukraine.
Ukrainian cyber security professionals have been bolstering critical infrastructure security ever since, with more than $40 million (about Rs 296.625) in aid from the US State Department. NATO Secretary-General Jens Stoltenberg said on Friday that the coalition would continue to provide “strong political and practical support” to Ukraine in light of the cyber attack.
Experts say Russian President Vladimir Putin could use cyberattacks to destabilize Ukraine and other former Soviet countries that want to join NATO without committing troops. Tensions between Ukraine and Russia are high, with Moscow having an estimated 100,000 troops along its extensive border with Ukraine.
“If you’re trying to use it as a platform and a deterrent to stop people from moving forward with the idea of NATO or other things, cyber is right,” said Tim, a cybersecurity instructor at the SANS Institute. Conway told the AP last week.
Ole Derevyanko, a leading private sector expert and founder of the ISSP cybersecurity firm, said the main question for website malformations is whether they are the work of Russian freelancers or part of a larger state-backed operation.
A message posted by the hackers in Russian, Ukrainian and Polish claimed that personal data of Ukrainians was placed online and destroyed. It told Ukrainians to “fear and expect the worst”. In response, the Polish government noted that Russia has a long history of disinformation campaigns and that the message was flawed in Polish and was clearly not from a native speaker.
Researchers at Eurasia Group, a global risk think tank, said Ukraine’s distortion “does not point to an imminent escalation of hostilities by Russia” — they rank lower on the ladder of cyber options. He said Friday’s attack was “the equivalent of trolling, sending the message that Ukraine could see worse in the days to come.”
The derailment came after a year in which cyber security became a top concern as a Russian-led cyber espionage campaign targeted US government agencies and ransomware attacks launched by Russia-based criminal gangs.
On Friday, Russia’s Federal Security Service, or FSB, announced the detention of members of the Revil ransomware gang. The group was targeting Kasia, the software firm behind last year’s Fourth of July weekend supply-chain attack that paralyzed more than 1,000 businesses and public organizations globally.
The FSB claimed to have dismantled the gang, but Reville was effectively disbanded in July. Cyber security experts say its members largely migrated to other ransomware syndicates. He expressed doubts on Friday whether the arrests would significantly impact ransomware gangs, whose activities have been moderated last year after high-profile attacks on critical US infrastructure, including the Colonial Pipeline.
The FSB said it raided the homes of 14 members of the group and seized more than $426 million (about Rs 41.66 crore), including cryptocurrencies, as well as computers, crypto wallets and 20 elite cars “from money obtained through criminal means.” were bought.” All those detained have been charged with “illegal circulation of means of payment,” a criminal offense punishable by up to six years in prison. The suspects were not named.
According to the FSB, the operation was carried out at the request of American officials, who identified the leader of the group. It is the first significant public action by Russian officials since Biden warned Putin last summer that he needed to crack down on ransomware gangs.
Experts said it was too early to know whether the arrests are a sign of a larger Kremlin crackdown on ransomware perpetrators — or if they may just be a piecemeal attempt to appease the White House.
Bill Siegel, CEO of ransomware response firm Covware, “follow-through on punishment will send the strongest signal one way or another, if it has really changed how tolerant Russia will be to cybercriminals.” Said in an email.
Yelisie Boguslavsky, research director for Advanced Intelligence, said those arrested are low-level associates — not people who ran the ransomware-as-a-Service, which breached in July. He said that Reville had apparently also disbanded some allies, so he had enemies in the underground, he said.
Attorney General Merrick Garland announced charges against two hackers linked to the gang in November, saying that Reville’s attacks paralyzed thousands of computers around the world and led to at least $200 million (about Rs 1487.73 crore) in ransom payments. ) paid.
Such attacks attracted significant attention from law enforcement officials around the world. Hours before the US announced its arrest, European law enforcement officials revealed the results of a month-long, 17-nation operation that led to the arrest of seven hackers linked to Reville and another ransomware family.
The AP reported last year that US officials, meanwhile, shared a small number of names of suspected ransomware operators with Russian officials.
Brett Callow, ransomware analyst at cybersecurity firm Emsisoft, said that whatever Russia’s motives, the arrest “will certainly send a shock wave through the cybercrime community. Former associates and business associates of the gang will always be concerned about the implications.” “
Get the latest from the Consumer Electronics Show at Gadgets 360, our CES 2022 Hub.
,