Before Russian troops entered Ukraine, both government and companies of Ukraine faced several cyber attacks. While these cyber attacks are expected to spread all over the world, the attacks on Ukraine continue. A few days ago, according to Reuters, Ukraine asks hackers to help defending its cyber structure. “The government of Ukraine is asking for volunteers from the country’s hacker underground to help protect critical infrastructure and conduct cyber spying missions against Russian troops, according two people involved in the project” said Reuters. “Ukrainian cyber community! It’s time to get involved in the cyber defense of our country,” said in the post..
While all this is happening, Anonymous, international hacking collective announced they support Ukraine and has declared war against Russia. After this statement, we saw that several Russian government and company websites faced issues.
As recent progress, Ukraine’s Computer Emergency Response Team (CERT-UA) has warned of Belarusian state-sponsored hackers targeting its military personnel as a phishing campaign. “Mass phishing emails have recently been observed targeting private ‘i.ua’ and ‘meta.ua’ accounts of Ukrainian military personnel and related individuals.. After the account is compromised, the attackers, by the IMAP protocol, get access to all the messages” the CERT-UA said.
Before, in November, Mandiant announced that UNC1151 Assessed with High Confidence to have Links to Belarus government. UNC is a naming of Mandiant for the threat actors that under investigation, but not yet matched to an existing group. and Ukraine now blames UNC1151 group for these attacks.
“UNC1151 has targeted a wide variety of governmental and private sector entities, with a focus in Ukraine, Lithuania, Latvia, Poland, and Germany,” Mandiant researchers said in the report. “The targeting also includes Belarusian dissidents, media entities, and journalists.“
Another statement on the subject, some threat actors behind Conti ransomware posted a warning Friday that said it was “officially announcing a full support of Russian government.” Previously, Mandiant announced that “at least a portion of actors involved with Conti ransomware are based in Russia“. As in the past, it seems that Russian government is taking advantage of their talents.
What is CONTI?
CONTI is a Windows ransomware family that has been used in recent years. Later, a linux version was also encountered. Until today, many different people using this ransomware were encountered in the Russian forums.