The Russian attack on Ukraine is a new kind of war, being fought in cyber space as much as it is on the city streets of Ukraine.
Microsoft reports that Ukrainian networks were targeted with FoxBlade malware several hours before the start of the invasion on the 24th February.
Said Brad Smith, President & Vice Chair at Microsoft:
Several hours before the launch of missiles or movement of tanks on February 24, Microsoft’s Threat Intelligence Center (MSTIC) detected a new round of offensive and destructive cyberattacks directed against Ukraine’s digital infrastructure. We immediately advised the Ukrainian government about the situation, including our identification of the use of a new malware package (which we denominated FoxBlade), and provided technical advice on steps to prevent the malware’s success.
As the conflict continues, there has been a series of phishing based attacks which use the conflict as a theme to inspire the victim to open the malicious email attachment. Threat actors often use current global events are a theme to trick their victims into opening malicious attachments and emails.
Bitdefender labs have reported on two campaigns which starts on the 1st of March which deliver Agent Tesla and Remcos Remote Access Trojans (RATs) by posing as suppliers or customers affected by supply chain disruption as a result of the conflict. Both of these campaigns pretend to deliver a survey for the victim to complete in order to help plan for supply chain disruptions.
There are also widespread charity scams from criminals pretending to collect donations to support the refugees and victims displaced by the war posing both as Unicef and the other charities working to support victims of the war. Some of the scams ask for donations in cryptocurrency due to the disruption to the global financial systems as a result of the sanctions imposed on Russia.
Anyone wanting to make a donation to support the victims of the conflict are advised to use a search engine to locate the website of a charity they know and trust rather than responding to unverified emails asking for donations.
Read our article on the impact of the Ukraine conflict on the cyber security of UK Businesses.
“We were very impressed with the service, I will say, the vulnerability found was one our previous organisation had not picked up, which does make you wonder if anything else was missed.”
Aim Ltd Chief Technology Officer (CTO)