Russian Cyber Attacks
The U.S. government on Monday once again cautioned of potential cyber-attacks from Russia in retaliation for economic sanctions imposed by the west on the country following its military assault on Ukraine last month.
“It’s part of Russia’s playbook,” U.S. President Joe Biden said in a statement, citing “evolving intelligence that the Russian Government is exploring options.”
The development comes as the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned of “possible threats” to U.S. and international satellite communication (SATCOM) networks in the wake of a cyber attack targeting Viasat KA-SAT network, used extensively by the Ukrainian military, roughly around the time when Russian armed forces invaded Ukraine on February 24.
“Successful intrusions into SATCOM networks could create risk in SATCOM network providers’ customer environments,” the agencies said.
To strengthen cybersecurity defenses against the malicious cyber activity, the government is recommending organizations to mandate the use of multi-factor authentication, ensure that systems are up-to-date and patched against all known vulnerabilities, encrypt data at rest, and maintain offline backups.
“Build security into your products from the ground up — ‘bake it in, don’t bolt it on — to protect both your intellectual property and your customer’s privacy,” the U.S. government noted, while also urging companies to scrutinize the provenance of software components, open-source or otherwise, to watch out for supply chain threats.
CERT-UA Sounds the Alarm
The warnings about spillover incidents follow a barrage of cyberattacks that have struck both Ukraine and Russia over the past few weeks (although they have been quite muted compared to the contrary). Russia, for its part, has urged domestic firms to turn off automatic software updates and switch to Russian DNS servers.
Last week, Ukraine’s Computer Emergency Response Team (CERT-UA) also notified of new spear-phishing campaigns targeting state entities with the goal of deploying a backdoor called LoadEdge. The agency attributed the attacks to InvisiMole, a hacking crew with suspected ties to the Russia-based nation-state group Gamaredon.
Separately, the CERT-UA alerted that information systems of Ukrainian enterprises are being compromised by C#-based wiper program called DoubleZero that’s engineered to overwrite all non-system files and render the machines inoperable.
Russian Cyber Attacks