Doxing: official and hacktivist.
The Main Intelligence Directorate of the Ukrainian Ministry of Defense has released what appears to be personal information on 620 people it claims are FSB officers working on Russia's war against Ukraine. The data exposed included names, phone numbers, addresses, vehicle license plates, SIM cards, date and location of birth, signatures, and passport numbers. Security Affairs points out that the authenticity of the data can't be confirmed.
Hacktivists associated with the Anonymous collective tweet that they've succeeded in doxing the Russian Orthodox Church. "Hackers leaked 15GB of data stolen from the Russian Orthodox Church's charitable wing & released roughly 57,500 emails via #DDoSecrets," Anonymous TV said. "#DDoSecrets noted that due to the nature of the data, at this time it is only being offered to journalists & researchers."
Cyber Front Z: a Russian influence troll farm.
Vice describes Cyber Front Z, a troll farm that hires "social commentators, spammers, content analysts, programmers, IT specialists, and designers" to run social media posts and other comments intended to advance Moscow's line concerning its war against Ukraine, and to do at scale, with fake personae deployed to give the impression of a mass movement. Cyber Front Z's home base and public face is on Telegram, but its trolls operate in other media. It's noteworthy that the Front's operators need to "fire up their VPNs" to gain access to other, largely blocked, social networks, and also noteworthy that the VPNs themselves are currently in bad odor with the Kremlin, wary as it is of the VPNs' reputation for anonymous circumvention of censorship.
Some Russian influence operations are more tightly focused. Vice reports elsewhere that Security Service of Ukraine (SBU) last week exposed a bot farm operating out of Dnipropetrovsk but, according to the SBU, remotely controlled from Russia. The bots were smishing Ukrainian soldiers with resistance-is-futile texts. "The outcome of events is predetermined! Be prudent and refuse to support nationalism and leaders of the country who discredited themselves and already fled the capital!!!" the texts said, with the triple-exclamation point emphasis in the original. The guy in whose apartment they found the trolls' server said he had no idea what was going on.
Western organizations remain on alert for a Russian cyber campaign.
Massive cyberattacks of the kind widely expected have yet to materialize, but Western intelligence services continue to warn that Russia can be expected to be keeping its options open in this respect. US Deputy National Security Advisor Anne Neuberger told NPR Friday, "We continue to see evolving intelligence, as we talked about last week, that the Russian government is exploring options. And we continue to, most importantly, double down in working closely with the private sector to share that sensitive threat intelligence and really try to create the urgency for action and the call to action to put in place the cybersecurity measures that would prevent that from being successful." She cautioned that there was no specific intelligence that such an attack was imminent, but that the private sector should take steps to increase its resilience should such attacks take place.
Neuberger noted that Russian scanning for vulnerabilities is being observed, and that, while such scanning is common (and not confined to Russia), the current war makes it prudent to take protective measures.
Warnings are also coming from the private sector. CyberCube advises insurance companies to give their exposure to cyber risk close attention, Insurance Journal reports, and Pre-Employ warns that remote work increases a business's risk of cyberattack. Known Russian threat actors have been active in the theater of operations. Researchers at Malwarebytes report continued activity from UAC-0056 (also known as SaintBear, UNC2589 and TA471).
The CyberWire's continuing coverage of the unfolding crisis in Ukraine may be found here.