As Russia’s military invasion of Ukraine officially marks its first anniversary, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) is urging organizations and individuals to increase their cyber vigilance.
CISA predicts that disruptive and defacement attacks may be executed against websites on February 24, 2023, the anniversary of the invasion, to sow chaos and societal discord in the United States and European nations.
In response to these potential attacks, CISA recommends that organizations implement cybersecurity best practices, increase preparedness, and proactively take measures to reduce the likelihood and impact of distributed denial-of-service (DDoS) attacks.
This advisory comes as the Computer Emergency Response Team of Ukraine (CERT-UA) discovered that Russian nation-state hackers breached government websites and planted backdoors as early as December 2021.
The activity was traced to a threat actor known as UAC-0056, who is also referred to as DEV-0586, Ember Bear, Nodaria, TA471, and UNC2589.
The hackers used web shells and various custom backdoors like CredPump, HoaxApe, and HoaxPen, in addition to their existing arsenal of tools like WhisperGate, SaintBot, OutSteel, GraphSteel, GrimPlant, and Graphiron.
Furthermore, the agency also disclosed a phishing campaign involving RAR archives that lead to the deployment of the Remos remote control and surveillance software.
This campaign has been associated with a threat actor identified as UAC-0050 or UAC-0096.
Fortinet has reported a 53% increase in destructive wiper attacks in Q4 2022, primarily attributed to Russia’s state-sponsored hackers employing a range of data-destroying malware in Ukraine.
Cybercriminal groups are increasingly using these strains of malware and deploying them throughout the growing cybercrime-as-a-service (CaaS) network.
This has led to the development of new wiper malware by cybercriminals, making all organizations potential targets, not just those located in Ukraine or neighboring countries.
