As Russian forces take military action in Ukraine, cybersecurity companies are reporting various cyber attacks targeting organizations within Ukraine, such as government agencies and critical infrastructure companies, and organizations outside of the country that provide services to Ukraine. Additionally, the U.S. government has warned organizations to prepare for any cyber incidents that may have consequences for critical infrastructure in the U.S. (link: https://www.cisa.gov/shields-up).
Members of the Cyber Threat Alliance stand ready to respond and collaborate on any and all cyber incidents related to this activity. CTA members are providing advice to their customers on how to prepare via their blogs and providing technical analyses of the malware used in these attacks and DDoS attacks targeting websites. CTA members are also sharing pre-release blog posts with CTA’s Early Sharing program to ensure that industry response efforts are aligned with the most up-to-date understanding of this threat.
Throughout this event, CTA will use this blog to provide links to CTA member posts regarding cyber incidents in Ukraine and how their customers can be prepared. As new materials and insights are made available, we will update this blog post.
Avast
- Crypto Scams Taking Advantage of Ukraine Conflict | Avast
- Avast ThreatLabs Warns Against DDOS Attacks For Ukraine
- TrickBot backend source code leaked (avast.com)
- Help for Ukraine: Free decryptor for HermeticRansom ransomware – Avast Threat Labs
- In times of war, hacktivism is not the answer
- Avast’s response to the war in Ukraine
- Pre-war spike in phishing attacks targeting infrastructure in Ukraine
- Cyber threats and the Ukraine conflict
- Staying safe online in wartime
- Pro-Russian hackers are targeting infrastructure inside Ukraine and allied countries
- Pro-Russian Group Targeting Ukraine Supporters with DDoS Attacks
Check Point
- Staying Safe in Times of Cyber Uncertainty – Check Point Software
- US ransomware attacks after Russian sanctions – CyberTalk
- Cyber Attack Trends In The Midst Of Warfare – Check Point Software
- How the Eastern Europe Conflict Has Polarized Cyberspace – Check Point Software
- Telegram becomes a digital forefront in the Conflict – Check Point Software
- Fake News of Cyber Attacks Fast-Spreads, as Conflict between Russia and Ukraine Escalates
- February 2022’s Most Wanted Malware: Emotet Remains Number One While Trickbot Slips Even Further Down the Index
- Check Point Research Leaks of Conti Ransomware Group
- Cyber Attacks on Government Organizations beyond Ukraine Surge by 21%
- Crypto fundraising for Ukraine found on the Darknet, used by cyber criminals for fraud
- Resurgence of Increased Cyber Attacks on both Russia and Ukraine, a month into the war
- Weaponized cybercrime: What organizations can learn from the conflict in Ukraine
- Bad Rabbit – A New Ransomware Outbreak Targeting Ukraine and Russia
Cisco
- Cisco Talos Threat Intelligence Group Newsletters
- Cisco Talos Intelligence Group – Comprehensive Threat Intelligence: Current executive guidance for ongoing cyberattacks in Ukraine
- Cisco Talos Intelligence Group – Comprehensive Threat Intelligence: Threat Advisory: HermeticWiper
- Cisco Talos Intelligence Group – Comprehensive Threat Intelligence: Threat Advisory: Cyclops Blink
- Cisco Talos Intelligence Group – Comprehensive Threat Intelligence: Crowd-sourced attacks present new risk of crisis escalation
- Cisco Talos Intelligence Group – Comprehensive Threat Intelligence: Cisco stands on guard with our customers in Ukraine
- Cisco Talos Intelligence Group- Comprehensive Threat Intelligence: Threat Advisory: Cybercriminals compromise users with malware disguised as pro-Ukraine cyber tools
- Cisco Talos Intelligence Group- Comprehensive Threat Intelligence: Threat Advisory: Opportunistic cyber criminals take advantage of Ukraine invasion
- Cisco Talos Intelligence Group- Comprehensive Threat Intelligence: Beers with Talos Ep #118: Reflecting on the current situation in Ukraine
- Cisco Talos Intelligence Group- Comprehensive Threat Intelligence: Threat Advisory: CaddyWiper
- Cisco Talos Intelligence Group- Comprehensive Threat Intelligence: Mustang Panda deploys a new wave of malware targeting Europe
- Attackers target Ukraine using GoMet backdoor
- Cisco Talos Intelligence Group- Comprehensive Threat Intelligence: Threat Source Newsletter (July 28, 2022)- What constitutes an “entry level” job in cybersecurity?
- Ukraine war spotlights agriculture sector’s vulnerability to cyber attack
- Gamaredon APT targets Ukraine government agencies in new campaign
- Ukraine Topic Summary Report: Cisco Talos Year in Review 2022
Fortinet
- Ukraine Crisis Cyber-Readiness Checklist (fortinet.com)
- The Art of War (and Patch Management) | Fortinet Blog
- Nobelium Returns to the Political World Stage | FortiGuard Labs (fortinet.com)
- HermeticWiper Malware | FortiGuard
- Another Wiper Malware Targeted Enterprises in Ukraine #Doublezero | FortiGuard
- Chaos Ransomware Variant Sides with Russia
- Ukraine Targeted by Dark Crystal RAT (DCRat)
- Ukrainian Military – Themed Excel File Delivers Multi-Stage Cobalt Strike Loader
McAfee
Netscout
Palo Alto Networks
- Russia Ukraine Crisis: How to Protect Against the Cyber Impact (paloaltonetworks.com)
- Gamaredon (Primitive Bear) Russian APT Group Actively Targeting Ukraine (paloaltonetworks.com)
- Brief on Russia/Ukraine Cyber Conflict: CVE-2021-32648, WhisperGate (paloaltonetworks.com)
- OutSteel, SaintBot Delivered by Spear Phishing Attacks Targeting Ukraine (paloaltonetworks.com)
- Hermeticwiper Unit42 (paloaltonetworks.com)
- Protect Against the Cyber Impact of Russia-Ukraine Crisis – Palo Alto Networks
- Russia-Ukraine Cyber Activity Makes Security Best Practices Imperative (paloaltonetworks.com)
- Russia’s Trident Ursa (aka Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine
Rapid7
- Prudent Cybersecurity Preparation for the Potential Russia-Ukraine Conflict | Rapid7 Blog
- Russia/Ukraine Conflict: What Is Rapid7 Doing to Protect My Organization? | Rapid7 Blog
- Russia-Ukraine Cybersecurity: Staying Secure in a Global Cyber Conflict | Rapid7 Blog
- Conti Ransomware Group Internal Chats Leaked Over Russia-Ukraine Conflict | Rapid7 Blog
- The Top 5 Russian Cyber Threat Actors to Watch | Rapid7 Blog
- Russia-Ukraine Cybersecurity Updates | Rapid7 Blog
- Graph Analysis of the Conti Ransomware Group Internal Chats
- The Digital Citizen’s Guide to Navigating Cyber Conflict
Reversing Labs
- Wiper Malware Targeting Ukraine: Evidence of Planning, and Haste
- Russia takes aim at Ukraine with Sandworm, the truth about Russia’s top search engine
- Russia takes aim at Ukraine with Sandworm, the truth about Russia’s top search engine
Scitum
SecurityScorecard
- SecurityScorecard Discovers new botnet’ ‘Zhadnost’, responsible for Ukraine DDoS attacks
- Was the explosion at Freeport LNG a Result of a Russian Cyber Attack?
- One Year of Cyberwarfare: Russia-Ukraine Conflict
SonicWall
- HermeticWiper data wiping malware targeting Ukrainian organizations – SonicWall
- Shields Up: Preparing for Cyberattacks During Ukraine Crisis | SonicWall
Sophos
- Cyberthreats during Russian-Ukrainian tensions: what can we learn from history to be prepared? – Sophos News
- Keep Calm and Carry On: Five Tips to Better Protect Yourself During the Current Russia-Ukraine Crisis – Sophos News
- CISA warning: “Russian actors bypassed 2FA”- what happened and how to avoid it
- Will Russia’s war on Ukraine result in less online crime?
- Six months on: Looking back at the role of cyberattacks in the Ukraine War
- Russia-Ukraine war: related cyberattck developments
Symantec
- Shuckworm Continues Cyber-Espionage Attacks Against Ukraine | Symantec Blogs (security.com)
- Ukraine: Disk-wiping Attacks Precede Russian Invasion | Symantec Blogs (security.com)
- Shuckworm: Russia-Linked Group Maintains Ukraine Focus
- Graphiron: New Russian Information Stealing Malware Deployed Against Ukraine
TEHTRIS
Trellix