Hacktivism and other cyberattacks continue against Russian targets.
Anonymous has resumed (or continued) its campaign of defacement against Russian networked closed-circuit cameras, rigging them to display such messages as "Putin is killing children,” and “352 Ukraine civilians dead. Russians lied to 200RF.com. Slava Ukraini! Hacked by Anonymous,” Vice reports.
Russian government websites have also come under attack. In an unusual announcement, Russia's Ministry of Digital Development and Communications said the attacks were "unprecedented." They appear, from the account offered by the Washington Post, to be a mixture of distributed denial-of-service (DDoS) attacks and website defacements. A statement from the Ministry, apparently addressing the DDoS attacks, said, “We are recording unprecedented attacks on the websites of government authorities. If their capacity at peak times reached 500 GB earlier, it is now up to 1 TB. That is, two to three times more powerful than the most serious incidents of this type previously recorded.” Among the website defacements was one affecting the Russian Emergency Situations Ministry website whose content was changed. The Ministry's hotline number was replaced by a heading "Come back from Ukraine alive," followed by a number Russian soldiers could call for assistance should they be interested in desertion.
Some hacktivism may go too far.
Cloud security firm Snyk has found malicious code in the npm open-source ecosystem that seems motivated by a hacktivist determination to strike Russia and its increasingly shy junior partner Belarus. Snyk explained:
peacenotwar being sabotaged as an act of protest by the maintainer of the
"This security incident involves destructive acts of corrupting files on disk by one maintainer and their attempts to hide and restate that deliberate sabotage in different forms. While this is an attack with protest-driven motivations, it highlights a larger issue facing the software supply chain: the transitive dependencies in your code can have a huge impact on your security."
Hacker News explains that "Node-ipc is a prominent node module used for local and remote inter-process communication (IPC) with support for Linux, macOS, and Windows. It has over 1.1 million weekly downloads."
An npm manager wrote and published a module he described as follows: "This code serves as a non-destructive example of why controlling your node modules is important. It also serves as a non-violent protest against Russia's aggression that threatens the world right now. This module will add a message of peace on your users' desktops, and it will only do it if it does not already exist just to be polite." At the very least, Snyk says, this particular form of protest calls into question the trustworthiness of the maintainer (nom-de-hack "RIAEvangelist") and his other contributions. Snyk concludes:
"Snyk stands with Ukraine and we’ve proactively acted to support the Ukrainian people during the on-going crisis with donations and free service to developers world-wide, as well as taking action to cease business in Russia and Belarus. That said, intentional abuse such as this undermines the global open source community and requires us to flag impacted versions of
node-ipc as security vulnerabilities."
The CyberWire's continuing coverage of the unfolding crisis in Ukraine may be found here.