The cybersecurity environment has been through a lot of changes recently. Take the ongoing cyber conflict between Russia and Ukraine, for example. The massive magnitude of Russian cyberattacks on Ukraine was detailed in a study provided by Microsoft. Citizens and national infrastructure were attacked by a variety of threat groups. Furthermore, harmful malware was used in the attacks to impair essential systems and deny citizens access to information and life services.
Getting into the intricacies
At least six different Russian actors conducted over 237 strikes in the run-up to the invasion. All of these attacks were damaging, and many of them are still going on.
Hundreds of systems belonging to Ukrainian banking, government, energy, and IT firms were targeted by GRU operations.
CaddyWiper, WhisperGate, FoxBlade, DesertBlade, DoubleZero, and Industroyer2 are some of the damaging viruses found by MSTIC.
More than 40% of the assaults were directed at enterprises involved in vital infrastructure. Civilians, the government, the economy, and the military all suffered as a result of these attacks.
Government entities at the local, regional, and national levels were targeted in more than 30% of the assaults.
Since at least March 2021, groups affiliated with the GRU—APT28, Gamaredon, Sandworm, UNC2452/2652, DEV-0586, and Turla—have been detected pre-positioning for combat.
Hundreds of computers were permanently and discreetly destroyed by around 40 assaults between February 23 and April 8.
Why is this significant?
To acquire initial access to the target, the attackers employ a range of assault strategies. Phishing, infecting upstream IT service providers, and utilising unpatched defects are just a few examples.
They can use this access to initiate actions such as data exfiltration, data destruction, and persistence.
Russian threat actors disrupted, infiltrated, or destroyed a wide range of vital infrastructure and government networks as part of their operations.
Conclusion
The deluge of attacks is expected to continue, according to Microsoft analysts, given the perpetrators’ harmful behaviour and geopolitical goals. Furthermore, they expect both the communications and energy industries to be severely damaged. As a result, CISA, cyber authorities, and the US government should issue notifications, and necessary defensive measures should be put in place.
