Russian cyberattacks continue to afflict targets in Ukraine even as Russian conventional forces remain poised in assembly areas. US Secretary of Defense Austin and Chairman of the Joint Chiefs of Staff Milley said late last week that, while intentions remained "opaque," Russia's capabilities were up to a damaging invasion of Ukraine.
The United Nations Security Council is meeting today to discuss Russia's actions against Ukraine, the Washington Post reports. China voted with Russia against the meeting, but the US proposal to meet passed nonetheless. The US, the AP writes, fully intends to put Russia on the defensive during the sessions.
On Friday CrowdStrike released its analysis of the probable course of Russian cyber action against Ukraine. They attribute most of the activity against Ukrainian targets to Voodoo Bear, a unit operating under the direction of Russia’s GRU military intelligence service. Voodoo Bear has a long history of servicing Ukrainian targets that goes back to 2014, the year Russia seized and annexed Ukraine’s Crimean region. The recent information operations in the campaign CrowdStrike calls WhisperedDebate are assessed as preparation. Should the conflict escalate, CrowdStrike expects Voodoo Bear to step up destructive wiper attacks.
Other Russian services appear to have been active in cyberspace as well as the GRU. Researchers at Symantec ascribe recent attacks to the threat group they track as Shuckworm, and that's otherwise known as Primitive Bear, Armageddon, or, most commonly, Gamaredon, and they cite Ukraine's SSU on attribution of the group to Russia's FSB.
Both the US and the UK are preparing new sanctions against Russia should it not pull back from its threatening posture with respect to Ukraine, Bloomberg reports. The most serious sanctions would be reserved as a response to an invasion. This round of sanctions will in all likelihood be designed to have a strong effect on individuals. In the US a bill introduced in the Senate is consistent with earlier Administration statements on sanctions according to the Wall Street Journal.
The CyberWire's continuing coverage of the crisis in Ukraine may be found here.