fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft Says Russia Hit Ukraine with Hundreds of Cyberattacks

Microsoft Says Russia Hit Ukraine with Hundreds of Cyberattacks

Microsoft has revealed the true scale of Russian-backed cyberattacks against Ukraine since the invasion, with hundreds of attempts from multiple Russian hacking groups targeting the country’s infrastructure and Ukrainian citizens.

These attacks also include the use of destructive malware designed to take down critical systems and disrupt civilians’ access to critical life services and reliable information.

“Starting just before the invasion, we have seen at least six separate Russia-aligned nation-state actors launch more than 237 operations against Ukraine – including destructive attacks that are ongoing and threaten civilian welfare,” said Tom Burt, Microsoft’s corporate vice president for customer security and trust.

“The destructive attacks have also been accompanied by broad espionage and intelligence activities. [..] We have also observed limited espionage attack activity involving other NATO member states, and some disinformation activity.”

The Microsoft Threat Intelligence Center (MSTIC) observed [PDF] threat groups linked to the GRU, SVR, and FSB Russian intelligence services (including APT28, Sandworm, Gamaredon, EnergeticBear, Turla, DEV-0586, and UNC2452/2652) pre-positioning for conflict and intensifying their attacks against Ukraine and its allies starting with March 2021.

Also Read: The FREE Guide To The 9 Obligations Of PDPA

Microsoft also noticed a direct link between cyberattacks and military operations, with the timing between hacking attempts and breaches closely matching that of missile strikes and sieges coordinated by the Russian military.

Military strikes cyberattack correlation Ukraine
Military strikes – cyberattack correlation (Microsoft)

Among the destructive attacks it observed (almost 40 between February 23 and April 8) against dozens of organizations in Ukraine, Microsoft says 32% directly targeted Ukrainian government organizations, and over 40% were aimed at critical infrastructure organizations.

Microsoft has seen multiple malware families leveraged by Russian threat actors for destructive activity against Ukrainian targets, including WhisperGate/WhisperKillFoxBlade (aka HermeticWiper), SonicVote (aka HermeticRansom), CaddyWiper, DesertBlade, Industroyer2, Lasainraw (aka IsaacWiper), and FiberLake (aka DoubleZero).

MSTIC has attributed three of them (i.e., FoxBlade, CaddyWiper, and Industroyer2) to Sandworm. Their members are believed to be military hackers part of Unit 74455 of the Russian GRU’s Main Center for Special Technologies (GTsST).

“WhisperGate, FoxBlade, DesertBlade, and CaddyWiper are all malware families that overwrite data and render machines unbootable. FiberLake is a .NET capability being used for data deletion,” the Microsoft Digital Security Unit (DSU) said [PDF].

“SonicVote is a file encryptor sometimes used together with FoxBlade. Industroyer2 specifically targets operational technology to achieve physical effects in industrial production and processes.”

Timeline of destructive attacks against Ukraine
Timeline of destructive attacks against Ukraine (Microsoft)

Microsoft has also found that the WhisperGate malware was used in data-wiping attacks against Ukraine in mid-January, before the February invasion, disguised as ransomware.

As Microsoft President and Vice-Chair Brad Smith said, these ongoing attacks with destructive malware against Ukrainian organizations and infrastructure “have been precisely targeted.”

They are part of a “massive wave of hybrid warfare,” as the Ukrainian Security Service (SSU) said, right before Russia’s invasion.

The highly targeted and precisely timed nature of this year’s Russian-backed cyberattacks against Ukraine is in stark contrast with the indiscriminate NotPetya worldwide malware assault that hit countries worldwide (including Ukraine) in 2017 and was also linked to the Russian GRU Sandworm hackers.

Also Read: Overview of the Personal Data Protection Act – SG

“While much of what Microsoft has observed to date suggests threat actors DEV0586 and IRIDIUM are operating with restraint in the execution of destructive attacks by limiting malware deployments to specific target networks,” Microsoft DSU added.

“However, Russia-aligned nation state actors are actively pursuing initial access to government and critical infrastructure organizations worldwide suggesting possible future targeting.”

Today’s report follows one published by the Google Threat Analysis Group (TAG) in late March, revealing phishing attacks coordinated by a Russian-based threat group targeting NATO and European military.

Another Google TAG report from early March about malicious activity linked to the Russian war in Ukraine exposed Russian, Chinese, and Belarus state hackers’ efforts to compromise Ukrainian and European organizations and officials.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us