CISA Sounds Alarm on Cybersecurity Threats Amid Russia’s Invasion Anniversary

1 year ago AndyC

Feb
24,
2023Ravie
LakshmananCyber
War
/
Cybersecurity

The
U.S.

Feb
24,
2023Ravie
LakshmananCyber
War
/
Cybersecurity

CISA Sounds Alarm on Cybersecurity Threats Amid Russia's Invasion Anniversary

The
U.S.
Cybersecurity
and
Infrastructure
Security
Agency
(CISA)
is
urging
organizations
and
individuals
to
increase
their
cyber
vigilance,
as
Russia’s
military
invasion
of
Ukraine
officially

enters
one
year.

“CISA
assesses
that
the
United
States
and
European
nations
may
experience
disruptive
and
defacement
attacks
against
websites
in
an
attempt
to
sow
chaos
and
societal
discord
on
February
24,
2023,
the
anniversary
of
Russia’s
2022
invasion
of
Ukraine,”
the
agency

said.

To
that
end,
CISA
is

recommending
that
organizations
implement
cybersecurity
best
practices,
increase
preparedness,
and
take
proactive
steps
to
reduce
the
likelihood
and
impact
of
distributed
denial-of-service
(DDoS)
attacks.

The
advisory
comes
as
the
Computer
Emergency
Response
Team
of
Ukraine
(CERT-UA)

revealed
that
Russian
nation-state
hackers
breached

government
websites
and
planted
backdoors
as
far
back
as
December
2021.

CERT-UA
attributed
the
activity
to
a

threat
actor
it
tracks
as
UAC-0056,
which
is
also
known
under
the
monikers
DEV-0586,
Ember
Bear,
Nodaria,
TA471,
and
UNC2589.

The
attacks
entail
the
use
of
web
shells
as
well
as
a
number
of
custom
backdoors
like
CredPump,
HoaxApe,
and
HoaxPen,
adding
to
the
group’s

arsenal
of
tools
like
WhisperGate,
SaintBot,
OutSteel,
GraphSteel,
GrimPlant,
and
more
recently,
Graphiron.

The
agency,
in
a
related
advisory,
also
disclosed
a

phishing
campaign
bearing
RAR
archives
that
lead
to
the
deployment
of
the
Remos
remote
control
and
surveillance
software.
It’s
been
linked
to
a
threat
actor
known
as

UAC-0050
(and
UAC-0096).

The
findings
come
as
Fortinet
reported
a
53%
increase
in
destructive
wiper
attacks
from
Q3
to
Q4
2022,
primarily
fueled
by
Russia’s
state-sponsored
hackers
employing
an
unprecedented
variety
of

data-destroying
malware
at
Ukraine.

“These
new
strains
are
increasingly
being
picked
up
by
cybercriminal
groups
and
used
throughout
the
growing
cybercrime-as-a-service
(CaaS)
network,”
the
security
vendor

said.

“Cybercriminals
are
also
now
developing
their
own
wiper
malware
which
is
being
used
readily
across
CaaS
organizations,
meaning
that
the
threat
of
wiper
malware
is
more
widespread
than
ever
and
all
organizations
are
a
potential
target,
not
just
those
based
in
Ukraine
or
surrounding
countries.”

Found
this
article
interesting?
Follow
us
on

Twitter


and

LinkedIn
to
read
more
exclusive
content
we
post.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts