Ukraine grinds out a slow advance, Russia hits apartment blocks, and the hybrid war continues in cyberspace.
Ukraine at D+475: Ukraine's slow advance.
In this morning's situation report the UK's Ministry of Defence describes Russian use of tactical air power. "In the last two weeks, there has been an uptick in Russian tactical combat air sorties, especially over southern Ukraine.This has almost certainly been in response to reports of increased Ukrainian offensive operations, as the Russian Aerospace Forces (VKS) attempt to support ground troops with air strikes. Despite the uptick, VKS’ daily sortie rate remains much lower than the peak of up to 300 daily missions early in the war. Since the start of the invasion, the south of Ukraine has often been more permissible for Russian air operations compared to other sectors of the front. Over the last year, VKS has increased its use of air-to-surface weapons, such as glide bombs, which allow attack aircraft to remain well away from their targets."
France alleges Russian disinformation campaign.
French authorities report that Russian actors attempted to plant and amplify disinformation using, in part, spoofed pages misrepresenting themselves as major news outlets. Bloomberg reports that France's Ministry of Foreign Affairs uncovered a coordinated campaign that "involved the creation of fake web pages impersonating French media including 20 Minutes, Le Monde, Le Parisien and Le Figaro, and government sites, as well as the creation of fake accounts on social networks." Foreign Minister Catherine Colonna said in a statement, “France condemns these actions, which are unworthy of a permanent member of the United Nations Security Council. No attempt at manipulation will distract France from its support for Ukraine in the face of Russia’s war of aggression.”
Russian hacktivists and privateers hit Swiss targets.
Switzerland’s federal agencies have been targets of a distributed denial of service attack (DDoS) claimed by pro-Russian hacktivist gang NoName that rendered the websites of multiple Swiss governmental agencies and state-affiliated companies inaccessible yesterday, writes Infosecurity Magazine. A press release from the Swiss government portal says that measures are in place to restore access to the sites and applications after the agency quickly caught onto the attack. Reuters reports that the Russian hacktivist auxiliary NoName has claimed credit for the DDoS attack.
The recent ransomware attack on Swiss IT firm Xplain may have caused the exposure of Swiss government operational data, the Record reports. Xplain, an IT provider serving a multitude of Switzerland’s federal agencies, was victimized in a May 23 ransomware attack that saw the leakage of 907 gigabytes of stolen files on the first of this month. The files are said to include sensitive data, including financial and taxation information, BleepingComputer reports. The Play ransomware gang has been cited as the perpetrator of the attack by Xplain. The nation’s National Cybersecurity Centre (NCSC) and law enforcement were notified and are aiding in the investigation of the attack.
KillNet says it's partnered with the less-well-known Devil Sec.
KillNet’s spokesperson KillMilk announced today that, after the group's most recent operational pause, it will begin cyber actions against Ukraine and NATO. KillNet brings with it a new partnership with Devil Sec, supposedly a Turkey-based ransomware group which seems to focus on targeting Nato countries, Israel, and Ukraine. “We declare our solidarity with Russia in their cyber attacks on Ukraine, and we will target very sensitive facilities for the Ukrainian entity. All of this is in coordination of operations with the KillNet group,” Devil Sec posted to their Telegram page. That page was created in June 2022, but began hosting stories of Devil Sec’s cyber activities only recently, on May 26th of 2023.
Devil Sec claims to have hacked the Bank of America, offering “website data” for the low, low price of $5,000. The group also claims to have stolen 1.5 million Kuwaiti citizenship documents on June 5th. Devil Sec also advertises its tools for sale and free download of various tools to utilize exploits. One rar file, probably stolen, is titled “Mass CVE-2022-29455.” The vulnerability is described as a DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor's Website Builder plugin.
This partnership with Devil Sec, should it be real, appears to represent a change of pace for KillNet, which had previously focused on DDoS campaigns. In the moderately unlikely event that Devil Sec lives up to its own hype, the two cooperating groups could become more than just a nuisance, if their partnership is real, and lasts long enough to actually be productive.
The private cybersecurity industry's effect on the war in Ukraine.
With the war in Ukraine people recognize the actions of Western countries as sending ammunition and machines of war, but what many don’t realize is that private industries have been just as instrumental to the defense of Ukraine as Governmental arms support. Yesterday, the R Street Institute held a conference to discuss the impact of private cyber security firms on the war in Ukraine. An account of the conference may be found in CyberWire Pro.