The Snake Island garrison's defiant "Russian warship, go f**k yourself" became a rallying call in Ukraine, especially after the Moskva, the Russian warship to whom the message was directed, sank after being hit by two Ukrainian Neptune anti-ship missiles. Ukrposhta, Ukraine's national postal service, issued stamps commemorating the incident, showing a Ukrainian soldier (presumably Roman Hrybov, who radioed the defiant reply to Moskva's demand that the garrison surrender) flipping the bird in the direction of a large but ineffectual looking Moskva. Within a few days of the stamp's issue, Ukrposhta said it had come under a distributed denial-of-service (DDoS) attack apparently intended to disrupt domestic and international sales of the commemorative stamp. Ukrposhta offered no attribution, but in this case the circumstantial evidence pointing to Moscow is, as Gizmodo points out, too obvious to ignore. The postal service is working through the effects of the DDoS attack, and says that a lot of people are still getting through to buy the stamp. (Supplies are limited, collectors; act now.)
#OpRussia: Anonymous counts coup.
The hacktivist collective has tweeted Its tally of recent successes claimed against Russian organizations: "#OpRussia: Since declaring 'cyber war' on Kremlin's criminal regime, the #Anonymous collective has now published approximately 5.8 TB of Russian data via #DDoSecrets. #Anonymous vows to release more data belonging to Russian entities and government, including a commercial bank."
On Sunday Security Affairs published the results of its sifting through the documents Anonymous had leaked "over the last three days" and found that files were taken from four commercial businesses:
- "Enerpred is the largest producer of hydraulic tools in Russia and the CIS, specializing in the energy, petrochemical, coal, gas and construction industries. The collective has leaked a 432GB archive containing 645,000 emails."
- "Accent Capital is a commercial real-estate investment firm that owns or is directly involved with the management of many of the properties its clients invest in. The collective has leaked a 211GB archive containing 365,000 emails."
- "Sawatzky is a property management company. Sawatzky’s clients include Du Pont, Lenovo, Whirlpool, Aveva, Wella, Johnson + Johnson, Cisco, Google, Swatch, Avito, Samsung, Microsoft, Western Union, Saint-gobain, Turkish Airlines, and British American Tobacco. The collective has leaked a 432GB archive containing 575,000 emails."
- "Worldwide Invest is an investment firm with ties to Estonia and Russian railways. The collective has leaked a 130GB archive containing 250,000 emails."
That #OpRussia represents a successful hacktivist action seems beyond dispute, but its achievements also seem to confirm that hacktivism in this ongoing hybrid war has yet to rise above nuisance levels. The nuisance is real, but it remains exactly that: a nuisance.
"Lacryphages," privateers, and state actors.
Anonymous has been operating in the Ukrainian interest. There has been evidence of hacktivism in the Russian interest as well, although in that case it's difficult to distinguish from opportunistic cybercrime that exploits sympathy for Ukrainian suffering ("lachryphagy," "drinking of tears," in the colorful term used by an op-ed in TheHill), gangland privateering, and direct state action. CNN reports that humanitarian organizations working on Ukrainian relief have been the targets of phishing, or, as CNN puts it "malicious links and pornographic material on their cell phones." Most aid organizations are relatively poorly protected non-governmental organizations, and in many cases have difficulty even recognizing that they're under attack, still less able to respond to an attack quickly and effectively. CNN quotes Amazon Web Services as explaining that the attacks seem intended to “to spread confusion and cause disruption,” which seems particularly odious when the activities being disrupted are the distribution of food, clothing, and medical supplies.
Alternative energy suppliers in Europe sustain cyberattacks.
The Wall Street Journal reports that three alternative energy companies in Europe have sustained cyberattacks since Russia's invasion of Ukraine began. WindEurope, a wind-power industry group based in Brussels, says it believes the attacks originate with Russia. Presumably the goal is to make a shift from Russian oil and natural gas more difficult for European, especially German, markets. Two German turbine manufacturers (Enercon GmbH and Nordex SE) and one turbine maintenance firm (Windtechnik AG) have been affected.
Rosaviatsiya recommends that Russian airlines prepare for operations without GPS.
Isvestia reports that the Russian federal air transport authority, Rosaviatsiya, has counseled airlines to be prepared to operate without GPS. "This is due to its possible shutdown, as well as "jamming" of GPS signals and spoofing attacks when flying in the Kaliningrad region, over the Black Sea, east of Finland and the Mediterranean." GPS spoofing and jamming have been reported in those regions by Western sources, and that activity has generally been chalked up to Russian operators, but Isvestia offers no such attribution. RIA Novosti cites Roskosmos to the effect that it would be difficult to selectively turn GPS off in Russia, and that in any case GLONASS offers a viable alternative to GPS.
The CyberWire's continuing coverage of the unfolding crisis in Ukraine may be found here.