EM – Mandiant Analysts: Russian-Backed APTs Likely to Amplify Attacks

0

The evolving international crisis in Ukraine – which has already seen government websites attacked – is likely to spark further offensive cyberattacks, and there are growing concerns that future activities will spill over to targets outside Ukraine, according to Mandiant, who IT security teams across Europe warned today that they are on the lookout for malicious activity.

In last week’s cyberattacks, a hacker group allegedly linked to Belarus, a key Russian ally, used multiple techniques to gain access to their targets, including compromising the Systems of an IT service provider, exploits related to the Log4Shell vulnerability in Apache Log4j2 and Distributed Denial of Service (DDoS) attacks. These have been accompanied by a wave of attacks that defaced Ukrainian government websites, ostensibly to distract from attempts to manually inject malware into government systems.

Mandiant now believes Advanced Persistent Threat (APT) groups affiliated with Russia and linked to its allies, will conduct further cyber intrusions as the standoff continues. Many of these are likely linked to intelligence gathering and espionage, but the possibility of more aggressive or even destructive cyberattacks should not be discounted, the company’s analysts warned.

In a post detailing the potential scope of the threat for global organizations, John Hultquist, vice president of Mandiant Threat Intelligence, said, “Cyber ​​capabilities are a means for states to compete nonviolently and irreversibly for political, economic, and military gains that are likely to escalate into open conflict.

“While information operations and cyberattacks like the 2016 US election operations and the NotPetya incident can have serious political and economic consequences, Russia may favor them because they can reasonably expect that these operations will not result in a major escalation of the conflict.

“Mandiant e encourages defenders to take proactive steps to secure their networks against [damaging attacks] and has provided the public with a free guide to the process,” Hultquist wrote.

Hultquist said Kremlin-backed APTs for cyberespionage like UNC2452, Turla and APT28 were “almost certainly” tasked with gathering intelligence around the crisis and used their expertise in penetrating government, military and diplomatic targets to gather intelligence for Moscow. Other groups, including some operating out of the separatist Donbass region in Ukraine and Crimea, which Russia annexed in 2014 and has since illegally occupied, may also be forced into service.

In the meantime, there are likely to be Information, or rather dis- and misinformation operations are taking place, including the creation of fabricated content and the manipulation of social media platforms, and more such campaigns can be expected to target countries in Eastern Europe – such as NATO members Romania and Bulgaria , from which Russia is now demanding the exit of the alliance.

Information campaigns have become a staple of Russian cyber activities aimed at controlling and implanting narratives that advance Moscow’s interests by exploiting divisions within and between nation-states , which they aim at, trust in demokra tical institutions and undermined mistrust within blocs such as Nato and the European Union (EU).

Such campaigns have included the use of forged documents and manipulated photos, which were successfully used against Estonia in a recent campaign titled ‘Secondary Infection’ were used. In other cases, Russian intelligence operations have relied on third parties, including journalists and activists, to try to “wash” untruths.

Disruptive and destructive cyberattacks have been less common elements compared to past espionage and misinformation campaigns of the Russian cyber arsenal, although when deployed they had profound and long-lasting effects – NotPetya (which targeted Ukraine but spread much further) through the so-called Sandworm APT is probably the most notable.

Such attacks take a variety of forms, from the already familiar DDoS attacks to more complex Critical National Infrastructure (CNI) attacks, with the most effective of these attacks – NotPetya being a highly relevant example – focusing on damaging critical targets at scale downstream Networks of users, customers etc nd dependencies.

However, such attacks require more hands-on work and therefore have a longer lead time. In the context of the current crisis in Ukraine, this could indicate that such attacks, if they occur, will hit organizations that have been compromised long in advance. Alternatively, Mandiant said, more destructive tools could be deployed simultaneously against a larger group of targets, most likely through strategic compromises in the internet and software supply chains. At the same time, Mandiant warned, such attackers would likely try to cover up their actions by planting false flags, fabricating evidence of guilt, making misleading statements to target attacks on others, and so on.

Along with governments and organizations Public sectors would likely be most at risk in transport and logistics, financial services and media, and it’s possible that ransomware groups would also be deployed in certain circumstances, given the Russian government’s “unmatched access” to criminal cyber capabilities, it noted Hultquist.

Gartner’s global forecast calls for a resumption of longer-term technology projects in 2022, with hyper-automation and AI on the…

The FTC and DOJ want public input on the government’s merger policies that are using to challenge potentially anti-competitive mergers. …

While there are some areas where the EU’s digital markets law is correct, Professor Marshall Van Alstyne of Boston University said that it…

The cryptocurrency exchange had claimed that no customer funds were lost in the recent cyber attack, but now gives 4,836.26 ETH and…

Automated penetration tests that speed up the process for businesses and providers are maturing. Is it ready to close the time…

Cisco’s Kenna Security advised companies, when deciding when and…

Geographically remote locations, large public venues, and manufacturing facilities are some of the key areas in 5G for Enterprises…

For a network segmentation strategy to be effective and improve security, network teams need to create detailed security policies…

Standalone 5G is the next major update for 5G technology. Learn about the benefits of SA 5G and find out when operators…

A good IaaS should act like a partner tailored to your infrastructure. Consider these criteria when choosing a vendor for…

To expand the software available for its quantum computing, IBM added LG Electronics to its Quantum Network to…

An open-source Cloud data lake platform recognized by major organizations such as Uber, Walmart and Disney Hotstar…

Coalesce’s CEO and co-founder shares insight into the startup’s mission and the challenges companies continue to face . ..

The event streaming provider extends its cloud platform with schema linking, data warehouse connectors and a load metrics API…

All rights reserved,
Copyright 2000 – 2022, TechTarget
Privacy Policy

Cookie Settings

Do not sell my personal information

Related title:
How a Russian cyber war in the Ukraine could spread worldwide
Mandiant analysts: Russian-backed APTs are likely to increase attacks
How Russia’s cyber war in Ukraine will spread globally

Keywords:

Russia,Cyberwarfare,Ukraine,Cyberattack,Russia, Cyberwarfare, Ukraine, Cyberattack,,,