Wilshire

The Cyber Angle

The start of Russia’s war in Ukraine included some of the most ambitious cyber operations in history, targeting satellites and power plants in an effort to shock and awe.

Now, Ukrainian officials say, some of Moscow’s most notorious hackers are focusing on moves like knocking out a local information agency’s web page — a more modest approach that belies Vladimir Putin’s claim that everything is going according to plan.

From January to June, the number of cyberattacks in Ukraine rose to 762, more than double the second half of 2022, according to a new report by the country’s cybersecurity service and backed by US Agency for International Development and the European Union. But the number of incidents they labelled as “critical” over that period decreased by 81% to 27 — a sign of improved defenses as well as Russia’s more restrained ambitions, Ukrainian officials say.

Bloomberg didn’t independently confirm the claims made in the report, and generally, verifying alleged cyberattacks in both Ukraine and Russia has been challenging during the conflict. The Kremlin and Russian military regularly denies any role in hacking operations.

At the start of the war, the Kremlin expected a quick victory. Its hackers went after Viasat Inc.’s commercial satellite network, causing major disruptions in Ukrainian communications, and also attempted to strike the country’s energy grid in a failed attack. But even then, Russia’s overstretched forces had a hard enough time coordinating their own moves without integrating cyber operations, and prospects of a full-scale cyberwar soon faded. Now, the alleged cyber goals appear to be more modest.

The new marks include those that tend to have softer defenses, including sectors like media and telecommunications. Local law enforcement and government offices collecting evidence of war crimes are also among the primary targets. Some hacks have collected data on captured Russians who could face war crimes trials, with the goal of helping them avoid prosecution and return to Russia, according to the report.

State-linked hackers have largely avoided targets that could be used to support military operations, according to the report. Instead, Sandworm, a group affiliated with the GRU military intelligence agency that has been linked to some of Russia’s most aggressive attacks around the world, hit a Ukrainian state-run news agency in January in an attempt to knock out its website, the report found.

Despite the shift, Ukrainian cybersecurity experts warn attacks on critical infrastructure will continue. Private energy company DTEK has reported repeated attacks against its IT infrastructure, both from hackers and from missile strikes. Russian hackers have also tried to collect information about Ukraine’s Zaporizhzhia nuclear power plant.

In other words, don’t write off Russia’s hacking forces just yet.

What We Learned This Week

For some time now, cybersecurity experts have been warning that text-based multifactor authentication is not secure. Now Microsoft has joined in, encouraging users of its Azure cloud to ditch text and phone two-factor authentication.

The advisory comes amid a surge of social engineering attacks, a low-tech method in which hackers gain initial entry onto a corporate network by tricking IT help desks by pretending to be an employer, or an employee. Social engineering attacks were behind recent cyberattacks on MGM Resorts International, Caesars Entertainment and Coinbase Global.

The group suspected to be behind the attacks, known as Scattered Spider, has exploited Azure in some of its attacks, according to the cybersecurity firm Mandiant.

In May, as Scattered Spider was running amok through corporate networks, Microsoft researchers published a study claiming that SMS and voice-based authentication is 40% less secure than push notifications through a cellphone app.

Alex Weinert, Microsoft’s vice president of identity security, said in a statement to Bloomberg News that the company is “strongly encouraging” use of Microsoft Authenticator. --Margi Murphy

Original photo:

Source: https://t.me/itarmyofukraine2022/1702

Тільки подивіться на результати нашої вчорашньої операції і її впливу на аерорух країни-агресора. Тут і визнання якості підготовки, і змучені пасажири в аеропортах, і пояснення що таке DDOS. Шкода що не пояснили як приєднатись до IT ARMY, ну то напевно вже в наступних сюжетах... — Ah, just take a gander at the glorious results of our operation yesterday and its monumental impact on the air traffic of our "friendly" aggressor nation. Truly a masterclass in preparation, right? Let's not forget the weary passengers stranded in airports, learning the ABCs of what a DDOS is. The only thing missing is a how-to guide on joining the IT ARMY. But hey, I'm sure that's coming up in the next episode.

Video: https://files.catbox.moe/0vj454.mp4

Video NSFL: https://files.catbox.moe/6a9g9q.mp4

Video NSFL: https://files.catbox.moe/x5vwn8.mp4

Video: https://files.catbox.moe/cg0rdh.mp4

Video NSFL: https://files.catbox.moe/79pktg.mp4

Video: https://files.catbox.moe/sm9grh.mp4

Video: https://files.catbox.moe/24t74u.mp4

NSFL https://files.catbox.moe/zlsfxw.jpg

NSFL https://files.catbox.moe/x1r9n3.jpg

NSFL https://files.catbox.moe/ak0rzs.jpg

NSFL https://files.catbox.moe/nceg43.jpg

NSFL https://files.catbox.moe/078zkh.jpg

NSFL https://files.catbox.moe/mtl3yq.jpg

NSFL https://files.catbox.moe/4s3f0x.jpg

Source: https://t.me/DPSUkr/14504

Translated from source:

The SBU detained a Russian agent who was "directing" enemy fire at units of the Armed Forces of Ukraine counterattacking near Bakhmut

The security service detained another FSB agent "red handed" who was correcting Russian air attacks on the positions of the Defense Forces in Donetsk region.

Among the main targets of the enemy were units of the Armed Forces of Ukraine, which are involved in conducting counteroffensive operations in the Bakhmut area.

It was established that the perpetrator gave the aggressor 8 locations of Ukrainian troops that were moving in the direction of the front line.

However, SBU employees exposed the perpetrator at the initial stage of her criminal activity and, thanks to this, promptly informed the command of the Armed Forces of Ukraine about potential threats.

After that, comprehensive measures were taken to secure the Ukrainian defenders in the indicated direction, and the Russian agent herself was detained while trying to transfer new intelligence to the aggressor.

According to the investigation, the enemy accomplice turned out to be a resident of Toretsk, who was remotely recruited by the Russian special service at the beginning of this year.

The invaders used another traitor from the temporarily occupied part of the region to involve the figure in tacit cooperation. She turned out to be a friend of a Russian agent - a representative of the occupying "FSB Directorate for the DNR".

According to her instructions, the woman independently went around the territory of the city and its surroundings and covertly recorded the military facilities of the Armed Forces of Ukraine.

About the received information, she wrote to the "liaison" in the messenger, and after sending the messages, she immediately deleted them from the phone.

On the basis of the collected evidence, the investigators of the Security Service informed the detainee of suspicion under Part 2 of Art. 111 of the Criminal Code of Ukraine (treason committed under martial law).

The perpetrator is currently in custody. She faces life imprisonment.

Counter-subversion measures were carried out by SBU employees in Donetsk and Luhansk regions under the procedural guidance of the Donetsk regional prosecutor's office.

https://t.me/SBUkr/9815