The
U.S.
Cybersecurity
and
Infrastructure
Security
Agency
(CISA)
is
urging
organizations
and
individuals
to
increase
their
cyber
vigilance,
as
Russia’s
military
invasion
of
Ukraine
officially
enters
one
year.
“CISA
assesses
that
the
United
States
and
European
nations
may
experience
disruptive
and
defacement
attacks
against
websites
in
an
attempt
to
sow
chaos
and
societal
discord
on
February
24,
2023,
the
anniversary
of
Russia’s
2022
invasion
of
Ukraine,”
the
agency
said.
To
that
end,
CISA
is
recommending
that
organizations
implement
cybersecurity
best
practices,
increase
preparedness,
and
take
proactive
steps
to
reduce
the
likelihood
and
impact
of
distributed
denial-of-service
(DDoS)
attacks.
The
advisory
comes
as
the
Computer
Emergency
Response
Team
of
Ukraine
(CERT-UA)
revealed
that
Russian
nation-state
hackers
breached
government
websites
and
planted
backdoors
as
far
back
as
December
2021.
CERT-UA
attributed
the
activity
to
a
threat
actor
it
tracks
as
UAC-0056,
which
is
also
known
under
the
monikers
DEV-0586,
Ember
Bear,
Nodaria,
TA471,
and
UNC2589.
The
attacks
entail
the
use
of
web
shells
as
well
as
a
number
of
custom
backdoors
like
CredPump,
HoaxApe,
and
HoaxPen,
adding
to
the
group’s
arsenal
of
tools
like
WhisperGate,
SaintBot,
OutSteel,
GraphSteel,
GrimPlant,
and
more
recently,
Graphiron.
The
agency,
in
a
related
advisory,
also
disclosed
a
phishing
campaign
bearing
RAR
archives
that
lead
to
the
deployment
of
the
Remos
remote
control
and
surveillance
software.
It’s
been
linked
to
a
threat
actor
known
as
UAC-0050
(and
UAC-0096).
The
findings
come
as
Fortinet
reported
a
53%
increase
in
destructive
wiper
attacks
from
Q3
to
Q4
2022,
primarily
fueled
by
Russia’s
state-sponsored
hackers
employing
an
unprecedented
variety
of
data-destroying
malware
at
Ukraine.
“These
new
strains
are
increasingly
being
picked
up
by
cybercriminal
groups
and
used
throughout
the
growing
cybercrime-as-a-service
(CaaS)
network,”
the
security
vendor
said.
“Cybercriminals
are
also
now
developing
their
own
wiper
malware
which
is
being
used
readily
across
CaaS
organizations,
meaning
that
the
threat
of
wiper
malware
is
more
widespread
than
ever
and
all
organizations
are
a
potential
target,
not
just
those
based
in
Ukraine
or
surrounding
countries.”