Dateline
Ukraine at D+56: Phase II of Russia's war is underway, and the Five Eyes warn of infrastructure attacks. (The CyberWire) Russian forces enter the second phase of Mr. Putin's war against Ukraine as Kyiv refuses to concede either the Donbas or the Sea of Azov coast to the invaders. The Five Eyes issue an unusually explicit warning of an imminent Russian cyber threat to critical infrastructure.
Ukraine at D+55: Russia's second phase, and more Shuckworm attacks. (The CyberWire) Russia's firepower-intensive tactics continue the reduction of cities in the Donbas and along the Sea of Azov. In cyber operations, the FSB's Shuckworm group continues its plodding but troubling intelligence collection.
Russia’s invasion of war: List of key events day 57 (Al Jazeera) As the Russia-Ukraine war enters its 57th day, we take a look at the main developments.
Mayor of Ukraine's Kharkiv says city is under intense bombardment (Reuters) Ukraine's second-largest city Kharkiv was under intense bombardment on Thursday, its mayor Ihor Terekhov said.
Putin Says Mariupol Now Under Russian Control: Latest (Bloomberg) President Vladimir Putin said Russia has “liberated” Ukraine’s Mariupol, apart from the massive Azovstal steel plant, which he ordered blockaded. Kyiv has called for urgent talks to save the lives of the fighters and civilians in Mariupol; limited civilian evacuations went ahead Wednesday and are expected to continue.
Russia and Ukraine's battle for Donbas could decide the war — and it could go either way (CNBC) Russia's latest offensive goes in the Donbas region could prove to be extremely significant and decisive in the war against Ukraine, analysts say.
Russian Offensive Bears Down on Donbas as West Races to Supply Ukraine With More Weapons (Wall Street Journal) Russian forces made incremental gains in their offensive in eastern Ukraine’s Donbas region, as Western nations rushed more weapons to the outgunned Ukrainian military.
Why are Donetsk and Luhansk in Ukraine’s Donbas region a flash point for Putin? (Washington Post) The Donbas region in eastern Ukraine has been a flash point in the escalating crisis between Russia and Ukraine, which hinges on land borders and strategic influence.
New videos show bodies of civilians on Mariupol streets (Washington Post) New videos recorded in the besieged Ukrainian city of Mariupol show the lifeless bodies of more than a dozen civilians lying on streets.
A breakdown of the Good, the Bad and the Ugly from Russia's War in Ukraine (The Cipher Brief) Cipher Brief Expert Tim Willasey-Wilsey breaks down the good, the bad and the ugly as Russia pushes into month three of its war in Ukraine
Video: Putin Says New Missile Will Make Russia’s Detractors ‘Think Twice’ (New York Times) Video released by the Russian Defense Ministry shows the successful launch of the new Sarmat intercontinental ballistic missile.
Vladimir Putin tests ‘Satan II’ – a nuclear missile with a dozen warheads that can hit ‘anywhere in world’ (The Telegraph) ‘Deadliest weapon ever’ is a present for Nato that will make Moscow’s enemies think twice, says Kremlin
Russia Test-Fires Nuclear-Capable ICBM in Warning to U.S. Allies (Bloomberg) Putin says weapon will defend Russia against outside threat. Kremlin has raised specter of nuclear escalation over conflict.
Putin’s Nuclear Threat Makes Armageddon Thinkable (Bloomberg) With “mutual assured destruction” no longer relevant, the world is desperately in need of a workable doctrine of nuclear deterrence.
Moskva commanders left our conscript sons to die, say parents of missing sailors (The Telegraph) ‘How is it that all the commanders escaped, but the conscript boys remained there?’ mother asks after warship went down in Black Sea
Russia defence ministry seeks greater secrecy on military deaths in Ukraine (Reuters) The Russian defence ministry has proposed that relatives of soldiers killed in Ukraine should have to apply to military rather than civilian authorities for compensation payments, imposing an extra level of secrecy around its war losses.
Russian War Report: Google refutes misleading claims about blurring Russian military assets (Atlantic Council) Thousands of posts online claim Google Maps unblurred satellite images of Russian military installations. Meanwhile, Russia hesitates to ban YouTube and a troll campaign distracts from Bucha.
SpaceX shut down a Russian electromagnetic warfare attack in Ukraine last month — and the Pentagon is taking notes (Defense News) “The next day, Starlink had slung a line of code and fixed it," said Pentagon electronic warfare director Dave Tremper. "And how they did that was eye-watering to me."
U.S., allies provide 'comprehensive' look at Russia cyber threats to critical infrastructure (The Record by Recorded Future) U.S and international authorities on Wednesday issued a joint alert warning state-backed Russian hackers and criminal groups remain a top threat to critical infrastructure worldwide.
Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure (CISA) Actions critical infrastructure organizations should implement to immediately protect against Russian state-sponsored and criminal cyber threats: • Patch all systems. Prioritize patching known exploited vulnerabilities. • Enforce multifactor authentication. • Secure and monitor Remote Desktop Protocol and other risky services. • Provide end-user awareness and training.
US and allies warn of Russian hacking threat to critical infrastructure (BleepingComputer) Today, Five Eyes cybersecurity authorities warned critical infrastructure network defenders of an increased risk that Russia-backed hacking groups could target organizations within and outside Ukraine's borders.
Allied cyber authorities warn 'evolving intelligence' points to incoming Russian cyber attacks (Breaking Defense) Cyber authorities "urge critical infrastructure network defenders to prepare for and mitigate potential cyber threats — including destructive malware, ransomware, DDoS attacks, and cyber espionage — by hardening their cyber defenses and performing due diligence in identifying indicators of malicious activity,” the advisory states.
SpaceX beating Russian jamming attack was 'eyewatering': DoD official (Breaking Defense) “The way that Starlink was able to upgrade when a threat showed up, we need to be able to have that ability," said Dave Tremper, the Pentagon's director of electronic warfare. "We have to be able to change our electromagnetic posture, to be able to change very dynamically what we're trying to do without losing capability along the way.”
U.S. vows "ironclad" commitment to second Russia-NATO front under pressure (Newsweek) A Sixth Fleet spokesperson told Newsweek that the U.S. Navy works "to ensure security and stability in the Baltics, and that work continues unabated by the current situation."
First American howitzers bound for Ukraine arrive in Europe as US troops begin training Ukrainians on the cannons (Stars and Stripes) The first US 155mm howitzers from the latest $800 million military aid package for Ukraine have arrived in Europe as American troops there begin training Ukrainian forces on the artillery, a senior U.S. defense official said Wednesday.
Ukraine's Air Force has added about 20 more operational aircraft after influx of spare parts, senior US defense official says (CNN) The Ukrainian Air Force has added about 20 more operational aircraft to its fleet because of an influx of spare parts, according to a senior US defense official.
"De-Putinize Russia": Petro Poroshenko urges West to take its chance (Newsweek) Ukraine's former president told Newsweek that Russia under Putin has the fate of "a very, very big North Korea."
Kremlin Insiders Alarmed Over Growing Toll of Putin’s War in Ukraine (Bloomberg) Some in the elite fear the invasion was a catastrophic mistake — but say the Russian president won't relent and is in no danger of losing power.
Sanctioned Billionaire Tinkov Slams ‘Insane War’ in Ukraine (Bloomberg) Banker says 90% of Russians are against the war with neighbor. Few Russian businessmen have condemned Putin’s invasion.
Biden to speak on Ukraine war amid expectation of new military aid (Reuters) President Joe Biden will deliver an update on the Russian invasion of Ukraine on Thursday as he works to complete a new arms package for its military.
Russia Ruled in Potential Default Over Ruble Payment on Debt (Bloomberg) CDS committee said a potential failure to pay event occurred. Russia on course for its first external default in a century.
U.S. Treasury sanctions Russian bitcoin miners as war enters its third month (CNBC) For the first time ever, the U.S. Department of the Treasury is taking aim at bitcoin miners operating in Russia.
Germany points finger at Britain as anger grows over failure to send weapons to Ukraine (The Telegraph) Olaf Scholz under pressure over refusal to hand over tanks
How EU would benefit from reducing its reliance on Russian gas (Euromaidan Press) The European Union relies on Russian natural gas with 41% of the EU gas imports coming from Russia. Reducing this dependance would weaken Russia’s influence over the continent, while purchasing gas from different suppliers would diversify Europe’s energy market, which could increase the global gas production and reduce prices. On the other hand, it gives an opportunity to invest more heavily in renewable energy.
UN: Ukraine refugee crisis is Europe’s biggest since WWII (Atlantic Council) According to UN data, more than five million Ukrainians have now fled their homeland since the start of Russia's invasion on February 24, representing the biggest European refugee crisis since the Second World War.
Attacks, Threats, and Vulnerabilities
REvil's TOR sites come alive to redirect to new ransomware operation (BleepingComputer) REvil ransomware's servers in the TOR network are back up after months of inactivity are now redirecting to a new operation that launched recently.
REvil's ransomware infrastructure appears to have restarted after months of inactivity (Computing) Security researchers recently noticed a new REvil leak site being promoted on a forum marketplace that focuses on Russian-speaking regions
Phishing Site on Facebook Domain Used to Steal Credentials (Abnormal) In this sophisticated credential phishing attack, threat actors built a phishing site on Facebook's domain to trick targets into entering their login info.
Organizations Warned of Attacks Exploiting Recently Patched Windows Vulnerability (SecurityWeek) Organizations are urged to immediately patch a Windows Print Spooler vulnerability patched in February after CISA learned that it has been exploited in attacks.
FBI Warns of Ransomware Attacks on Farming Co-ops During Planting, Harvest Seasons (SecurityWeek) The FBI believes ransomware attacks against agricultural cooperatives could rise during the planting and harvest seasons.
Serious Vulnerabilities Found in AWS's Log4Shell Hot Patches (SecurityWeek) Hot patches made available by AWS in response to the recent Log4j vulnerabilities could be exploited for privilege escalation or to escape containers
Okta Closes Lapsus$ Breach Probe, Adds New Security Controls (SecurityWeek) Okta says it has concluded an investigation into the Lapsus$ hacking incident and has severed ties with a third-party company at the center of the breach.
Okta says Lapsus$ breach lasted 25 minutes, impacted two customers (VentureBeat) Okta said that the January 2022 breach of a third-party support firm resulted in two active customer tenants being accessed for 25 minutes.
What are types of Business Email Compromise phishing attacks? (Area 1 Security, Inc.) Cloudflare Area 1’s guide to four different Business Email Compromise (BEC) attack types. Although well-known Type 1 BEC like gift card scams persist, more sophisticated Type 3 and Type 4 BECs compromise supply chain partner email accounts.
PlanMember Securities Corporation Confirms Recent Data Breach (JD Supra) Recently, PlanMember Securities Corporation filed notice of a data breach that compromised the names, Social Security numbers and financial account...
Security Patches, Mitigations, and Software Updates
Oracle Releases 520 New Security Patches With April 2022 CPU (SecurityWeek) Oracle on Tuesday announced the release of 520 security fixes as part of its April 2022 Critical Patch Update (CPU), including nearly 300 for vulnerabilities that can be exploited remotely without authentication.
Trends
Research Shows Over 400% Increase In Phishing Attacks (Zscaler) New Zscaler research shows over 400% increase in phishing attacks with retail and wholesale industries at greatest risk.
Marketplace
ThreatLocker Raises $100 Million for Zero Trust Endpoint Security Solution (SecurityWeek) Zero Trust endpoint security provider ThreatLocker this week announced that it has raised $100 million in Series C funding, which brings the total investment in the company to $124.4 million.
SeeMetrics Raises $6M for Portfolio Management Platform (SecurityWeek) Israeli startup SeeMetrics raises early-stage funding to build technology to help cybersecurity teams measure, track and simplify security program operations.
HelpSystems Appoints Onkar Birk as Alert Logic Managing Director (Alert Logic) Alert Logic today announced that Onkar Birk has been named Alert Logic Managing Director for HelpSystems. In his new role, Birk will oversee the Alert Logic business as it continues providing the most innovative managed detection and response (MDR) solution to security-strapped organizations. He previously served as Chief Operating Officer and Chief Technology Officer for Alert Logic until the company’s acquisition by HelpSystems in March 2022.
Distinguished High-Tech Executive Sanjay Poonen, Known for Building Multibillion-Dollar Businesses, Joins Tetrate Board of Advisors (Business Wire) Tetrate, the enterprise service mesh company founded by creators and maintainers of Istio and Envoy, today announced that Sanjay Poonen will serve as
Products, Services, and Solutions
Ivanti Extends Neurons Platform to Help Customers Strengthen Cybersecurity Posture and Deliver Secure, Contextual Digital Employee Experiences (Business Wire) Ivanti, the provider of the Ivanti Neurons automation platform that discovers, manages, secures, and services IT assets from cloud to edge, today anno
AttackIQ Announces Integration with Vectra AI Threat Detection and Response Platform to Help Customers Optimize their Security Control Effectiveness (Business Wire) AttackIQ®, the leading independent vendor of Breach and Attack Simulation (BAS) systems, today announced a new integration with Vectra®, an AI-driven
Lightspin Secures Infrastructure as Code Files with New GitHub Integration (PR Newswire) Lightspin, the next-generation cloud security platform, today announced an integration with GitHub that will allow organizations to scan their...
Technologies, Techniques, and Standards
CISA Expands the Joint Cyber Defense Collaborative to include Industrial Control Systems Industry Expertise (CISA) The Cybersecurity and Infrastructure Security Agency (CISA) announced today the expansion of the Joint Cyber Defense Collaborative (JCDC) to include Industrial Control Systems (ICS) experts—security vendors, integrators, and distributors—to further increase U.S. government focus on the cybersecurity and resilience of industrial control systems and operational technology (ICS/OT).
Legislation, Policy, and Regulation
The next National Defense Strategy is coming. These seven points are key to understanding it. (Atlantic Council) Our experts break down what we know so far about the document that will guide the Pentagon's policy making in the coming years, and what burning questions remain.
CISA Expands the Joint Cyber Defense Collaborative to include Industrial Control Systems Industry Expertise (CISA) The Cybersecurity and Infrastructure Security Agency (CISA) announced today the expansion of the Joint Cyber Defense Collaborative (JCDC) to include Industrial Control Systems (ICS) experts—security vendors, integrators, and distributors—to further increase U.S. government focus on the cybersecurity and resilience of industrial control systems and operational technology (ICS/OT).
Proposed US Guidance, Legislation Show Increasing Importance of Cloud Security (SecurityWeek) CISA is working on cloud security guidance just as lawmakers are weighing whether to designate major cloud service providers as critical infrastructure.
Litigation, Investigation, and Law Enforcement
U.K. Court Brings Assange One Step Closer to Extradition (New York Times) The court formally ordered the extradition of the WikiLeaks founder to the United States, but it still needs approval from a British cabinet minister and his defense can appeal to her directly.
YouTube Shuts Channel of Hong Kong’s Leadership Candidate (Bloomberg) Google says it’s complying with U.S. sanctions on officials. Internet giant’s action spurs debate over Hong Kong freedoms.
SuperCare Health faces lawsuits over data breach (Healthcare IT News) According to a notice published in March, an unknown party accessed the respiratory care provider's systems in July 2021, affecting the information of more than 300,000 people.