Ukraine and US targeted by cybersecurity attacks as Russian invasion nears

New reports have surfaced of hacking campaigns linked directly and indirectly to Russia’s war in Ukraine, with the stories highlighting an opaque element of the invasion: cyber warfare. Many experts have predicted that Russia will launch major cyberattacks in Ukraine, for example cutting off the country’s power grid. But while large-scale operations have failed to materialize, reports of small incursions are beginning to emerge.

On Monday, Google said it uncovered widespread phishing attacks targeting Ukrainian officials and Polish military personnel. Security team Resecurity Inc also shared evidence of a coordinated hacking campaign targeting US companies that supply natural gas (a commodity that has become critical as Western sanctions weigh on Russian energy exports). In either case, the attacks could be linked to groups associated with Russia and its allies.

Google’s Threat Analysis Group (TAG) said the phishing campaign targeted users of UkrNet, a Ukrainian media company, as well as “Polish and Ukrainian government and military organizations”. Attacks have been carried out by groups such as Belarusian group Ghostwriter and Russian threat actor Fancy Bear. The latter group is associated with the Russian military intelligence agency GRU and was responsible for the Democratic email hacks in 2016.

“Over the past two weeks, TAG has observed activity from a range of malicious actors that we regularly monitor and are well known to law enforcement, including FancyBear and Ghostwriter,” wrote Google’s Shane Huntley. in a blog post. “This activity ranges from espionage to phishing campaigns. We share this information to help educate the security community and high-risk users.

The campaign targeting US natural gas companies managed to infiltrate more than 100 computers belonging to employees and former employees. As reported by Bloomberg Newsthe motives for the operation are unknown, but Resecurity described the work as “pre-positioning” – hacking into machines to prepare for a larger operation.

The attacks began two weeks before the invasion of Ukraine, and gaining a foothold with US gas suppliers would certainly offer plenty of opportunities for geopolitical leverage. As European nations have sought to wean themselves off Russian natural gas as part of a series of economic sanctions, energy companies in the United States have stepped up their supply, making the United States the world’s largest supplier of liquefied natural gas. or LNG.

Resecurity CEO Gene Yoo said Bloomberg he believed the attack was carried out by state-sponsored hackers, but did not speculate who it might be. Bloomberg himself notes that one of the hackers involved had ties to the Fancy Bear attacks (albeit under his Strontium moniker, as reported by Microsoft’s security research team).


Not all news on the site expresses the point of view of the site, but we transmit this news automatically and translate it through programmatic technology on the site and not from a human editor.
Back to top button