Western governments remain on alert for Russian cyberattacks as hybrid war continues in Ukraine.
Western governments continue to warn that Russian cyberattacks remain a real possibility, and that organizations should prepare to defend themselves. US Cybersecurity and Infrastructure Security Agency (CISA) director Jen Easterly put it this way to CNN over the weekend: "All businesses, all critical infrastructure owners and operators need to assume that disruptive cyber activity is something that the Russians are thinking about, that are preparing for, that are exploring options, as the President said. That’s why we are so focused on making sure that everybody understands the potential for this disruptive cyber activity. And it’s not about panic. It’s about preparation."
Citing research by Malwarebytes, BleepingComputer describes a large-scale phishing campaign directed against potential Russian dissidents. It seems to be an internal security measure intended to keep an eye on dissatisfaction with the war and to offer a measure of insurance against the possibility of insurrection or coup d'etat. A malicious RTF file attached to a phishing email carries either a CobaltStrike or PowerShell payload. Employees of certain agencies are of particular interest to the organs carrying out the campaign, and it's interesting to see how many of them work for either educational organizations or regional authorities.
Defense One reports that Ukrainian operators, hacktivists of the CyberPan Ukraine group, say they've found weaknesses in Russian tactical battle management systems that render them susceptible to disruption by interfering with their ability to use GLONASS signals. (GLONASS is the Russian equivalent of the more familiar US GPS.) They also hint that they're exploring ways of directly interfering with Russian artillery computers, and that they've identified some possibly exploitable weaknesses in those systems. This wouldn't be surprising: Russia did it to the Ukrainians a few years ago. During the early stages of the Donbas insurrection Russia fomented and supported, CrowdStrike reported that Russian operators were able to gain access to Ukrainian fire direction systems.