Russo-Ukrainian tension has moved US authorities to issue an alert on the threat of Russian cyber operations. That alert came as the continuing effort to address Log4j vulnerabilities has raised concern about open-source software security.
Reuters reports that a "massive" cyberattack hit Ukrainian government websites yesterday. Websites operated by the Ukrainian Cabinet and at least seven ministries were affected. Some of the defacements told their Ukrainian audience to "be afraid and expect the worst."
The attacks seem to be simple defacements, an influence operation, and not the data-destruction and doxing the message claims. Note the implicit attempt to suggest that Poland and Ukraine have a historical dispute over Ukraine's western territories. The Moscow Times reports that Ukraine's SBU said that services had been restored to normal within hours of the attacks.
While it's impossible at this stage to rule out hacktivism or provocation by some third party, the Ukrainian Foreign Ministry points to the obvious suspect: Russian intelligence services: "It's too early to draw conclusions, but there is a long record of Russian (cyber) assaults against Ukraine in the past," a spokesman told Reuters.
Talks between the US and Russia and NATO and Russia have so far produce public signs of progress. The Baltic Times reports that Lithuanian President Gitanas Nauseda said, after a conversation on the talks with NATO Secretary General Jens Stoltenberg, that successful diplomacy would require reciprocity of kind that's not on evidence from the Russian side. Progress can “only take place on the basis of reciprocity and not in the language of demands and ultimatums, which is unacceptable.”
At yesterday's White House press conference addressing the talks US National Security Advisor Jake Sullivan said, "There are no dates set for any more talks. We have to consult with allies and partners first. We’re in communication with the Russians, and we’ll see what comes next."
There may, however, have been some conciliatory Russian gestures toward the West. Bloomberg notes that there seems to have been a decline, a "tapering," of coverage of Ukraine by Russian state media: "There is now a renewed diplomatic flurry with talks between U.S. and Russian officials, again in Geneva, followed by other discussions including a NATO-Russia council meeting. Dialing back the heat in state media could be a move to see if such talks bear fruit." Bloomberg's report reads this sign with cautious optimism, since no such quiet period was observed during the run-up to Russia's 2014 invasion of Crimea.
More interesting is a raid Russia's FSB has conducted against the REvil ransomware gang. Russia's Interfax news agency reported this morning that the FSB has liquidated the gang in a series of arrests. "The FSB of Russia has established the full composition of the REvil criminal community and the involvement of its members in the illegal circulation of means of payment, and documentation of illegal activities has been carried out," an official statement said. The FSB said it had conducted the raids (which netted not only fourteen arrests, but $600,000 and €500,000 in cash, as well as computers, "crypto wallets used to commit crimes," and twenty luxury cars, all of which are said to be ill-gotten) at the "appeal of competent US authorities."
The White House offered a preliminary "readout" of this week's Open Source Software Security Summit, during which Government and industry officials met to discuss ways of shoring up the security of widely used open-source software. That discussion was prompted by December's revelation of vulnerabilities in the Apache Software Foundation's Log4j library, and it was given salience by this week's warnings from the US Intelligence Community that there was a risk of nation-state attacks exploiting issues with that and other open-source products. Both Government and industry sources see cooperation on implementing an effective system of software bills of materials as an important first step.
The CyberWire's update on cyber dimensions of the Russo-Ukrainian crisis and US efforts to shore up open-source software security may be found here.