Dateline Moscow, Kyiv, London, Washington, Beijing: Russia's possible endgames in its "special military operation."
Ukraine at D+57: Endames and the definition of victory. (The CyberWire) Russia's enduring goals in Ukraine find a shifting expression on the ground. In cyberspace, Ukraine and its Western sympathizers prepare to sustain, and parry, further Russian cyberattacks.
Russia’s invasion of Ukraine: List of events from day 58 (Al Jazeera) As the Russia-Ukraine war enters its 58th day, we take a look at the main developments.
Why Mariupol matters to Russia in three maps (Washington Post) Russia declared victory in Mariupol on Thursday, even though a bastion of Ukrainian resistance remains in the Azovstal Iron and Steel Works plant, where hundreds of Ukrainian fighters and civilians are holed up.
Russia outlines when Ukraine war will end (Newsweek) Russian Foreign Ministry official Alexey Polishchuk told news agency TASS that all of Russia's goals "will be reached."
Ukraine Endgame: Putin’s Bad Options (Defense One) No matter which one he chooses, the Western response should be the same.
Russia plans to hold sham independence vote in southern Ukraine, Zelenskiy says (the Guardian) Ukraine president warns citizens against handing over personal information, as satellite images of mass graves emerge near Mariupol
Russia racing against clock to win Ukraine war before May 9 'Victory Day' (Newsweek) British defense ministry says Moscow wants "significant successes" ahead of the annual WW2 commemoration.
What war in Ukraine reveals about information age conflict (C4ISRNet) Questions that need asking and topics that need addressing across the Department of Defense, Lt. Gen. Michael Groen said, include “the transformation of the character of warfare in an information age” and what that means for capabilities being developed or gear that is purchased.
Russia’s Catastrophic Geopolitics (Wilson Center) Russia’s war against Ukraine can be seen as a culmination of decades of Russian society poisoning itself with stories of foreign encirclement and mistreatment by the West. For more than two decades now, politicians and the state-run media have peddled external-threat scares, the West’s containment of Russia, and national grievances related to alienated territories and economic failures.
Climbing the ladder: How the west can manage escalation in Ukraine and beyond (Atlantic Council) Russia’s invasion of Ukraine and NATO’s response increase the possibility of purposeful or inadvertent escalation in Europe. Understanding how these dynamics might impact the war and further degrade transatlantic stability is critical.
Congress' Nuclear Adviser Wonders Whether Russia Is Stoking WW3 - Air Force Magazine (Air Force Magazine) The whole point of Russia’s war in Ukraine could be to drag the West into World War 3, said Congress’ nuclear adviser.
Siegfried Hecker: Putin has destroyed the world nuclear order. How should the democracies respond? - Bulletin of the Atomic Scientists (Bulletin of the Atomic Scientists) In this interview, renowned nuclear security and policy expert Sig Hecker explains the enormous damage that Russian President Vladimir Putin has done to the world nuclear order via his decision to invade Ukraine. That decision marks, Hecker contends, a turning point in world nuclear affairs as momentous as the dissolution of the Soviet Union.
Ukraine reveals Russian military plans for “full-scale invasion of Belarus” (Atlantic Council) With Belarusians uneasy over their country's role in Putin's Ukraine War, Moscow may revive earlier plans for the military takeover of Belarus if growing anti-war sentiment threatens to undermine Russian influence.
Possible mass graves near Mariupol as Russia attacks in east (AP NEWS) Mounds of dirt seen in satellite imagery that Ukrainian officials say indicate new mass graves highlighted the savagery of a war that showed no signs of abating Friday, as Russia pounded targets in eastern Ukraine in a new offensive to take the country's industrial heartland .
Lithuania's president calls for more NATO troops (Reuters) NATO should increase its deployment of troops in Lithuania and elsewhere on Europe's eastern flank following Russia's invasion of Ukraine, Lithuania's president told Germany's foreign minister during a meeting in Vilnius on Friday.
A deeper look at the malware being used on Ukrainian targets (The Record by Recorded Future) Over the last two months, the number of cyberattacks against Ukrainian government agencies, security and defense services, and commercial organizations has soared.
Ukraine ramps up cyber defences to slow surge in attacks (The Straits Times) To deal with the threat, Ukrainian authorities on April 5 certified government use of physical security keys.
. Read more at straitstimes.com.
Five Eyes Alert Warns of Heightened Risk of Russian Cyber Attacks (Bloomberg) Critical infrastructure organisations within the UK have been urged to ramp up their cyber security defences as they face a heightened risk of Russian state-sponsored cyber attacks.
Russian cyber attack warning for NHS and UK nuclear power plants (WalesOnline) Moscow-based hackers may be looking to target the NHS, power stations and government offices
NHS and UK nuclear stations 'could be at risk of Russian cyber attacks', Five Eyes warns (ITV News) Critical infrastructure organisations within the UK face a heightened risk of Russian state-sponsored cyber attacks, an international intelligence alliance has said.
Preparing for Energy Industry Cyberattacks (Wall Street Journal) The conflict in Ukraine has put officials on high alert for attacks on the energy industry, both inside Ukraine and elsewhere. This paper discusses why the energy sector stands out as susceptible to hacks, why people outside the industry should be concerned and best practices that are relevant to those both within and those reliant upon it.
US sets dangerous precedents in cyberspace (Global Times) Cyberspace is a common space shared by all countries. The US should stop “playing the touch ball” in cyberspace. Instead, it is supposed to shoulder the responsibility of a major power, avoid strategic misjudgments, and earnestly maintain strategic stability among major powers and build a peaceful and secure cyberspace.
NATO Cyber Exercise Proceeds Against Backdrop of Ukraine War (Wall Street Journal) This year’s ‘Locked Shields’ war game has participants fighting off simulated hacks on power grids and financial-messaging systems.
Cyber criminals are ‘drinking the tears’ of Ukrainians (The Hill) In biology, when an insect drinks the tears of a large creature, it is called lachryphagy. And in cyberspace, malicious actors are likewise “drinking tears” by exploiting humanitarian concerns abou…
Russia’s War in Ukraine Has Complicated the Means Through Which Cybercriminals Launder Funds. Here’s How They’re Adapting (Flashpoint) Perfect storm: Sanctions and counter-sanctions Sanctions introduced against Russia in the wake of the 2022 Russian invasion of Ukraine—coupled with
From YouTube to Rutube. Inside Russia’s Influence Campaign. (Wall Street Journal) As part of an expansive effort to control the narrative about its invasion of Ukraine, the Kremlin is pushing Russians to embrace homegrown social-media platforms.
Scholz says top priority is avoiding NATO confrontation with Russia (Reuters) NATO must avoid a direct military confrontation with Russia that could lead to a third world war, German Chancellor Olaf Scholz said in an interview with Der Spiegel when asked about Germany's failure to deliver heavy weapons to Ukraine.
Biden pledges $1.3 billion more for weapons, economic assistance for Ukraine (Chicago Tribune) President Joe Biden on Thursday announced an additional $800 million in military aid to help Ukraine fight back against the Russian invasion.
White House appoints Ukraine security aid coordinator (Defense News) The White House announced Thursday it has appointed a retired three-star general who previously helped coordinate the U.S.-led anti-ISIS coalition to manage the steadily increasing influx of military assistance for Ukraine.
U.S. Security Cooperation With Ukraine (United States Department of State) The United States, our allies, and our partners worldwide are united in support of Ukraine in response to Russia’s premeditated, unprovoked, and unjustified war against Ukraine. We have not forgotten Russia’s earlier aggression in eastern Ukraine and occupation following its unlawful seizure of Crimea in 2014. The United States reaffirms its unwavering support for Ukraine’s […]
Small group of Ukrainian troops begins training on US howitzers (Military Times) The 50 trainees will return to Ukraine to train the rest of the artillery force.
Treasury Department sanctions Russian crypto mining giant BitRiver (The Record by Recorded Future) The US Treasury Department’s Office of Foreign Assets Control (OFAC) issued sanctions against multiple companies operating in Russia’s virtual currency mining industry.
U.S. Treasury Designates Facilitators of Russian Sanctions Evasion (U.S. Department of the Treasury) Treasury Targets Financial and Operational Support Networks for Attempts to Evade U.S., International Sanctions Treasury Takes New Step of Designating a Virtual Currency Mining Company
Russia says nyet, sanctions Mark Zuckerberg, LinkedIn’s Roslansky, VP Harris and other US leaders (TechCrunch) From the department of Tit for Tat, on the heels of a cascade of sanctions against Russia, Russian organizations and Russian individuals over Russia’s aggressive war in Ukraine, the Russian Foreign Ministry now has issued a list of U.S. figures that are now prohibited from entering Russia …
Attacks, Threats, and Vulnerabilities
Costa Rica's Alvarado says cyberattacks seek to destabilize country as government transitions (Reuters) Costa Rican President Carlos Alvarado said on Thursday that recent cyberattacks on state computer systems are aimed at destabilizing the Central American country as it transitions to the new government of president-elect Rodrigo Chaves.
GOLD ULRICK continues Conti operations despite public disclosures (Secureworks) Leaks of GOLD ULRICK communications and operational details have not hampered ransomware activity.
Hackers Spearphish Corporate Hiring Managers with Poisoned Resumes, Infecting Them with the More_Eggs Malware, Warns eSentire (eSentire) Read this blog to learn about the eSentire Threat Response Unit (TRU)’s recent discovery of a phishing campaign where hackers are posing as job applicants, luring hiring managers to download poisoned resumes, and infecting their victims’ IT systems with the more_eggs malware. Find out how to…
Critical bug could have let hackers commandeer millions of Android devices (Ars Technica) Flaw could be exploited with malicious audio file.
FBI Shares Information on BlackCat Ransomware Attacks (SecurityWeek) The FBI has published indicators of compromise (IOCs) associated with the BlackCat Ransomware-as-a-Service (RaaS).
FBI: BlackCat ransomware breached at least 60 entities worldwide (BleepingComputer) The Federal Bureau of Investigation (FBI) says the Black Cat ransomware gang, also known as ALPHV, has breached the networks of at least 60 organizations worldwide, between November 2021 and March 2022.
FBI Issues Warning About Unique BlackCat Ransomware Attacks (Forbes) The Bureau states that the gang’s ransomware has been used to attack at least 60 organizations around the world so far. There’s something different about BlackCat’s ransomware: the way it’s coded.
BlackCat/ALPHV Ransomware Indicators of Compromise (IC3) This FLASH is part of a series of FBI reports to disseminate known indicators of compromise (IOCs) and tactics, techniques and procedures (TTPs) associated with ransomware variants identified through FBI investigations.
These hackers showed just how easy it is to target critical infrastructure (MIT Technology Review) Two Dutch researchers have won a major hacking championship by hitting the software that runs the world’s power grids, gas pipelines, and more. It was their easiest challenge yet.
Crypto Thieves Get Bolder by the Heist, Stealing Record Amounts (Wall Street Journal) A hacker stole $182 million over the weekend, the fifth largest hack on record.
CVE-2022-21449 - Analyzing the Java Vulnerability (JFrog) Details on CVE-2022-21449 “Psychic Signatures” Apache vulnerability: when it applies, and how to remediate it? By the JFrog Security Research Team
Spoofing Credit Unions for Profit (Avanan) Hackers are spoofing credit unions to gain credentials and profits from end-users.
Security Patches, Mitigations, and Software Updates
Cisco Releases Security Updates for Multiple Products (CISA) Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages users and administrators to review the following Cisco advisories and apply the necessary updates:
Drupal Releases Security Updates (CISA) Drupal has released security updates to address vulnerabilities affecting Drupal 9.2 and 9.3. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Drupal security advisories SA-CORE-008 and SA-CORE-009 and apply the necessary updates.
Delta Electronics ASDA-Soft (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: ASDA-Soft Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow arbitrary code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of ASDA-Soft servo software are affected:
Johnson Controls Metasys SCT Pro (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc. Equipment: Metasys Vulnerability: Server-side Request Forgery 2.
Hitachi Energy MicroSCADA Pro/X SYS600 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: MicroSCADA Pro/X SYS600 Vulnerabilities: Observable Discrepancy, HTTP Request Smuggling, Classic Buffer Overflow, Improper Certificate Validation, Improper Restriction of Operations within the Bounds of a Memory Buffer, Exposure of Sensitive Information to an Unauthorized Actor 2.
Intelligence Insights: April 2022 (Red Canary) SocGholish falls from first place, Yellow Cockatoo rebounds in March, and Qbot campaigns leverage Windows Installer packages.
SecZetta Shares New Research: Lack of Diligence in Managing Third-Party Identity Risk Increases Vulnerability to Cyberattacks (Business Wire) SecZetta, the leading provider of third-party identity risk solutions, in partnership with ESG, an IT analyst, research, validation, and strategy firm
New Satori State of Data Security Operations (DataSecOps) in Cloud Report Reveals 61% of data leaders point to manual processes and tools for data access management slowing down data initiatives (GlobeNewswire News Room) As data democratization continues its march, 75% are working on increasing access to data for more users; yet, 61% point to manual processes and tools...
Zero Tolerance: More Zero-Days Exploited in 2021 Than Ever Before (Mandiant) We identified 80 zero-days exploited in the wild in 2021, more than we've seen in any year.
Google, Mandiant Share Data on Record Pace of Zero-Day Discoveries (SecurityWeek) Google and Mandiant separately warn that nation-state APT actors, ransomware gangs and private mercenary exploit firms are burning through zero-days at record pace.
Critical infrastructure: Under cyberattack for longer than you might think (WeLiveSecurity) Lessons from history and recent attacks on critical infrastructure throw into sharp relief the need to better safeguard our essential systems and services.
When does cyber crime become fincrime? And what are the consequences? (Global Banking & Finance Review) By Taylor Humphreys, FinCrime Threat Intelligence Analyst at BAE Systems Cyber crime as a mechanism to commit financial crime (fincrime) has escalated in the last decade as the digital age has grasped our lives. The complex interplay between cyber crime and fincrime is becoming more visible, with countries such as the UK raising cyber crime’s […]
Many Industrial Firms Say Cybersecurity Systems Cause Problems to Operations (SecurityWeek) Despite an increase in attacks, ICS/OT companies admit that they turn off cybersecurity systems if they cause problems to operations.
D&O Liability survey 2022 (Willis Towers Watson) Results from our 2022 Directors and Offices Liability survey including cyber, insolvency and climate change.
Devo Acquires AI-Powered Security Automation Innovator to Deliver the “Autonomous SOC” (GlobeNewswire News Room) Kognos threat hunting solution, paired with the Devo cloud-native security analytics platform, transforms petabytes of security data into comprehensive...
ThreatLocker Scores $100M In Funding Led By General Atlantic, Zeroes In On $1B Unicorn Valuation (CRN) Here's a look at how ThreatLocker scored $100 million in funding from private equity powerhouse General Atlantic.
U.S. Air Force Academy Awards $3.1M Contract to Telos Corporation (Telos Corporation) Ashburn, Va. – April 22, 2022 – Telos® Corporation (NASDAQ: TLS), a leading provider of cyber, cloud and enterprise security solutions for the world’s most security-conscious organizations, today announced that it was awarded a $3.1M contract for the United States Air Force Academy (USAFA) Wi-Fi network expansion program. Under this contract, Telos will upgrade and... Read more
Elon Musk Says He Has $46.5 Billion in Funding for Twitter Bid (Wall Street Journal) The financing commitments lend credibility to what had looked more like a personal lark than a bona fide takeover play.
ICS Exploits Earn Hackers $400,000 at Pwn2Own Miami 2022 (SecurityWeek) Pwn2Own Miami 2022, a hacking contest focusing on industrial control systems (ICS), has come to an end, with contestants earning a total of $400,000 for their exploits.
Meta Offers Rewards for Flaws Allowing Attackers to Bypass Integrity Checks (SecurityWeek) Facebook parent company Meta today announced that its bug bounty program will cover vulnerabilities that can be exploited to bypass integrity safeguards.
Veracode Named a Leader in the 2022 Gartner® Magic Quadrant™ for Application Security Testing for Ninth Consecutive Time (Veracode) Also recognized as a 2021 Customers’ Choice for Application Security Testing
Conquest Cyber announces executive team addition, Jason Weiss as Chief Software Officer (EIN News) Conquest Cyber has continued the expansion of top-tier executive growth with the addition of a new Chief Software Officer.
National Security Veteran Alexander Gates Joins Shift5 as Chief Research Officer (Shift5) Cybersecurity Leader from Department of Energy, National Security Agency to Drive OT Cybersecurity Threat Intelligence Amid Era of Cyber-Physical Threats
HelpSystems Appoints Onkar Birk as Alert Logic Managing Director (Alert Logic) Alert Logic today announced that Onkar Birk has been named Alert Logic Managing Director for HelpSystems. In his new role, Birk will oversee the Alert Logic business as it continues providing the most innovative managed detection and response (MDR) solution to security-strapped organizations. He previously served as Chief Operating Officer and Chief Technology Officer for Alert Logic until the company’s acquisition by HelpSystems in March 2022.
Products, Services, and Solutions
Dynatrace Advances Observability and AIOps for Databases (Business Wire) Software intelligence company Dynatrace (NYSE: DT) today announced it has extended its advanced AIOps capabilities for leading database environments,
Committed to Open Source - Sumo Logic Simplifies Infrastructure and Application Monitoring Deployments (GlobeNewswire News Room) Introduces the Sensu Integration Catalog – an open marketplace featuring turn-key integrations to accelerate deployments...
Red Sift OnDOMAIN Proactively Uncovers Impersonated & Forgotten Domains Before They Can Be Weaponized (Business Wire) Red Sift OnDOMAIN enables security-first organizations to enhance brand protection and prevent BEC attacks by shutting down phishing sites
Cybereason DFIR Solution Contains Cyberattacks in Minutes (Cybereason) Cybereason, the XDR company, today launched Cybereason DFIR (Digital Forensics Incident Response), a solution designed to automate incident response (IR) investigations by incorporating nuanced forensics artifacts into threat hunting, reducing remediation time by enabling security analysts to contain cyberattacks in minutes.
Alert Logic Releases Industry's Most Holistic and Intuitive MDR Incident Response Capability for Addressing a Breach (PR Newswire) Alert Logic by HelpSystems today announced general availability of its new intelligent response capabilities. The innovations, including simple...
Digital Element Announces Nodify Threat Intelligence Solution (PR Newswire) Digital Element, the global IP geolocation and audience insights leader, today announced the launch of Nodify™, a threat intelligence solution...
Resecurity’s cyber threat intelligence for SAMA compliance protects Saudi’s financial services sector (Arabian Business) Cyber threat intelligence has become mandatory for financial institutions in the Saudi Arabia to achieve SAMA Cybersecurity Framework Compliance
Entelar Signs Reseller Agreement with Radware (GlobeNewswire News Room) Entelar to offer Radware’s application and network security solutions...
Eset To Further Secure Organizations To Enhance Their Digital Transformation Process (Enterprise Security) Social engineering, ransomware, and advanced persistent threats (APTs) have become more common in the last decade. Unfortunately, it is difficult to protect...
Neustar Security Services’ UltraDNS Integrates Terraform for Streamlined, Automated DNS Management (Business Wire) Neustar Security Services, a leading provider of cloud-oriented security services that enable global business to thrive online, has launched an integr
North American Private Equity Firm Stops HR-Spoofing Cyber-Attack with Darktrace AI (Dark Trace) Attackers Used Fake Microsoft Branding and Company Research to Pose as Employees in Targeted Phishing Campaign
Design and Innovation
Digging Into the Science of Behaviour to Tackle Cyber Extortion (Infosecurity Magazine) When building a strategy to tackle cyber extortion, it is crucial to remember the complexity of human behavior
Minot State earns National Security Agency Cyber Defense designation (Minot Daily News) A capacity crowd of students, professors, and state dignitaries gathered in the hallway outside the Minot State University Cyber Center in Old Main on Wednesday. The University announced that the Management Information Systems program has been designated by the National Security Agency and the Department of Homeland Security as a Center of Academic Excellence in […]
College students defend against cyberattacks during competition in San Antonio (KSAT) Cyberattacks are becoming an everyday part of life, and this week, the future generation of students who will fight back against these threats are in San Antonio.
UCF Earns National Victory in NSA-Sponsored Pilot Cybersecurity Competition | University of Central Florida News (University of Central Florida News | UCF Today) UCF competed against 21 other colleges and universities to take first place in three of the five modules in the inaugural competition.
Legislation, Policy, and Regulation
New Zealand Deal May Put Japan Closer to ‘Five Eyes’ Intelligence Alliance (New York Times) The two countries announced a goal of “seamless” sharing of classified information as China moves to expand its influence in the Asia-Pacific region.
China's Xi proposes 'global security initiative', without giving details (Reuters) Chinese President Xi Jinping on Thursday proposed a "global security initiative" that upholds the principle of "indivisible security", a concept also endorsed by Russia, although he gave no details of how it would be implemented.
Navy’s Cyberspace Boss: 5-domain conflict is the new norm (DVIDS) Vice Adm. Ross Myers, commander, U.S. Fleet Cyber Command/U.S. 10th Fleet (FCC/C10F), participated in the 5th Joint Service Academy Cybersecurity Summit, Apr. 20.
NDIA Policy Points: U.S. Can’t Wait Any Longer for a Cyber Force (National Defense) In 1947, the United States acknowledged that air power had fundamentally changed warfare by creating the Department of the Air Force.
House introduces cyber bill intended to safeguard energy sectors (The Hill) House lawmakers introduced a cybersecurity bill on Thursday that would address rising cyber threats against U.S. energy sectors. The Energy Cybersecurity University Leadership Program Act, a bill c…
Bipartisan bill would create grant program for energy sector cyber research (The Record by Recorded Future) A bipartisan House duo on Thursday introduced legislation intended to bolster the energy sector’s ability to combat future cyberattacks and other digital threats.
White House Official Urges Cyber Protection of Solar Energy (GovTech) In San Antonio on Wednesday, a White House official urged the private sector to partner with government to build a "cybersecurity foundation" to protect solar power sources from cyber attacks.
Obama calls for tech regulation to combat disinformation on social media (CNBC) Former President Barack Obama said on Thursday that tech "platforms seems to be tilting us in the wrong direction."
Litigation, Investigation, and Law Enforcement
EU’s Vestager brushes off spyware threat (POLITICO) Commissioner says her phone and devices only hold ‘boring’ information.
House Democrats ramp up investigation into impact of election disinformation (Washington Post) Democrats probe officials in Florida, Arizona, Texas and Ohio on impact of election disinformation
Greek prosecutor to probe alleged bugging of journalist's phone (Reuters) A Greek prosecutor said on Thursday she had begun an investigation into an allegation by a journalist that his smartphone had been infected by surveillance software in an operation by the country's intelligence service.
DOJ Puts Google's $5.4B Cyber Deal Under The Microscope (Law360) Cybersecurity firm Mandiant disclosed Wednesday that the U.S. Department of Justice had initiated an in-depth investigation into the company's $5.4 billion acquisition by Google, a move that freezes the review clock for the transaction meant to boost the tech giant's cloud business.
Ronan Farrow on investigating the world's most notorious spyware company: NSO Group (NPR) NPR's Daniel Estrin speaks with Ronan Farrow about his New Yorker investigation into Israeli spyware company NSO Group, and his interview with an employee who quit.
Meta’s Sheryl Sandberg Pressured Daily Mail to Drop Bobby Kotick Reporting (Wall Street Journal) The social-media executive, who dated the Activision Blizzard CEO, was part of a campaign to persuade the U.K. tabloid to shelve a potential article.