Anne Neuberger, Deputy National Security Adviser for Cyber ​​Security, acknowledged that “there are currently no specific credible threats to the United States,” however, she continued, “We work with the private sector, share, and share specific information, and are asking for action to reduce their organization’s cybersecurity risks. And by giving very specific advice on how to do it.” These words were uttered on February 2, during a media briefing. Neuberger spoke of the continuing presence of Russian cyber threats to Ukraine and beyond. Neuberger was clear: “We have been warning for weeks and months, both in private and in public, that cyber attacks could be part of Russia’s wide-ranging efforts to destabilize and invade Ukraine. The Russians have used cyberspace as a key element of power projection over the past decade, including previously In Ukraine, in the 2015 time frame.

At about the same time, threat analysts from Unit 42 of the Palo Alto Networks released information about the detection of attacks by “Gamaredon” (also known as Armageddon, Primitive Bear, Shuckworm and Actinium) on a Western government entity (not yet identified) in Ukraine . By the way: Gamaredon was identified in November 2021 by the Ukrainian Security Service (SSU) headed by five Russian officials of the Federal Security Service (FSB) working under the auspices of the Information Security Center FSB from offices located in Russia occupied Crimea.

Check also:

In November, the SSU highlighted 5,000 attacks by Gamaredon for:

• Control of critical infrastructure facilities (power plants, heating and water systems).

• Data acquisition, including theft and intelligence gathering, including restricted access to information (related to the security and defense sector, and government agencies).

• Gaining a media and psychological impact.

• Withholding information systems.

The SSU Technical Report on Gamaredon Attacks details the group’s composition as well as its path from obscurity to a real threat to national infrastructure and a credible threat in cyber intelligence attack activities.

Unit 42’s report highlights the efforts of the Gamaredon Group to take advantage of the exceptional individual needs of Ukraine by the western governmental unit. The group sent the candidate’s CV in Word format. Jamaridon is betting that the resume uploaded by the “candidate” will not be subject to the same controls as phishing emails received by groups. The report also refers to the Estonian CERT team’s January 27, 2021 report on Gamaredon, which indicated that as of 2020, the Gamaredon group has targeted European Union countries using spear phishing techniques (this is a cyber-attack method used by hackers to steal confidential information. Or install malware on devices of specific victims).

Meanwhile, Symantec’s Threat Hunter team published its own study on January 31, 2022, stating that Shuckworm specializes in “cyber espionage,” which is in line with SSU’s discovery in November 2021. The Threat Hunter Team report includes an interesting case study of the series attack Gamaredon that started with a malicious document. The case study timeframe covers the period from July 14 to August 18, 2021.

Soon, on February 4, the Microsoft Threat Intelligence Center and the Digital Security Unit shared information about the threat posed by the ACTINIUM group, which has been targeting Ukraine for ten years. The report emphasized that the target of this group is the government, the military, non-governmental organizations, the judiciary, law enforcement and non-profit organizations. Microsoft’s findings mirror those of other analysts that the group’s efforts are focused on soliciting inside information, and gaining a foothold for sustainable access.

Neuberger concluded that the United States is working with the European Union and NATO to “increase national and allied resilience in cyberspace.” She emphasized that US efforts are aimed at providing cyberspace contingency plans to “coordinate and support Ukraine and each other in the event of such incidents…. We work with the private sector by sharing and exchanging specific information and request they have acted to reduce cybersecurity risks.” for their organization and by giving very specific advice on how to do so.

In light of the above, and with rising tensions in Ukraine, on February 9, cybersecurity authorities in the United States, Australia, and the United Kingdom issued a joint recommendation on the growing global threat of ransomware (Alert (AA22-040A)). The warning highlights the observed increase in ransomware incidents in 14 of the 16 critical infrastructure sectors in the United States.

David Klein, Cymulate’s Cyber ​​Evangelist, commented, “CISO should take this alert from various cyber commands into account as it recognizes that the offensive and destructive activity of the United States against ransomware criminals has caused some criminal organizations to divert attention from the objectives of the ‘game’ And they moved on to easier medium-sized targets.In the current climate, size is clearly not specific for being a target.

About the author

Christopher Burgess has worked with the Central Intelligence Agency (CIA) for over 30 years. Co-author of Stolen Secrets, Lost Fortune, Preventing Intellectual Property Theft and Economic Espionage in the Twenty-first Century.

Source: CSO