Resources

As the Russian invasion in Ukraine enters its third week, we analyze the latest cyber security events surrounding the invasion and the implications the conflict has for the global economy and supplychains.

Our assessment regarding the threat level for organizations remains the same. We continue to see highly motivated hacktivist groups and APTs engaged in increased cyber activity. We also cover PatchTuesday in depth as patching technology remains a pertinent step towards mitigating against future attacks.

As the Russian invasion of Ukraine is ongoing, the threat of cyberattacks increases. NATO and EU have provided weapons to Ukraine and stricter sanctions against Russia, which might cause Russia to retaliate in the form of targeted cyberattacks. Therefore, organizations in Western countries face an increased risk of targeted cyberattacks, particularly the critical infrastructure, defense, and government sectors. Furthermore, collateral damage provoked by targeted attacks could impact the availability, confidentiality, and integrity of dependent infrastructure. QuoIntelligence assesses the threat level for companies in the EU as medium to high.

Russian President Vladimir Putin announced the decision to carry out a military operation in the Donbas region of eastern Ukraine. This decision has already resulted in cyber and physical ramifications. This weekly intelligence summary covers our in-depth analysis of the events as they unfold – including our assessment of cyberattacks (ie wiper) targeting Ukraine infrastructure, the likelihood of attacks causing a ripple effect on entities outside Ukraine, the impact to the global supply chain, and more.

Following the increasingly tense situation in Ukraine, this week read about the unconfirmed withdrawal of Russian troops and a DDoS attack that affected the Ministry of Defense and some of its banks. Both events came after the US’ warning of an imminent Russian invasion of Ukraine. Also, FBI and USSS released a joint advisory providing IOC information on the BlackByte ransomware group.

For this week’s Patch Tuesday, Microsoft addressed 51 security flaws – one zero-day but none of them rated as critical. Also Adobe and SAP released patches for their products, some rated as critical. Besides, the European Commission unveils the EU Chips Act, which aims to reach at least 20 percent of world semiconductors production by 2030 to ensure the security of the EUs supply, resilience and technological leadership.

This week, read about Lazarus targeting users with malicious decoy documents by leveraging Windows Update Client and GitHub. The North Korean linked APT is sending malicious decoy documents disguised as job offers or letters by notable defense organizations like Lockheed Martin, BAE Systems, Boeing, Airbus, and more. Secondly, the US and UK are sending troops to #Ukraine. We suspect the tensions in Eastern Europe will likely result in cyberattacks and other forms of hybrid warfare such as disinformation campaigns soon.

This week, we report on an old acquaintance striking with a new Unified Extensible Firmware Interface (UEFI) rootkit dubbed MoonBounce. Attributed to China-linked cyber espionage group APT41 (also known as Winnti), the campaign’s objective, amongst other things, is to steal sensitive intellectual property and personally identifiable information. Besides, we give an update on the ongoing diplomatic efforts to help de-escalation between Ukraine and Russia

This week, we look at the recent attack on Ukrainian government websites, which further stoked already escalating tensions between Ukraine and Russia. Russia’s use of hybrid tactics has played a large part in the current conflict with Ukraine and is likely to continue. Besides, read about read about the Lazarus subgroup dubbed BlueNoroff, which targets small and medium-sized companies to steal crypto assets.