Mediaboss Marketing

Russian and pro-Russian operatives continue to modify their hacking and influence operations aimed at Ukraine to extract intelligence and sway public opinion in favor of the war, Google researchers said in a report released Wednesday. The latest tactics include promoting highly produced YouTube videos as well as more traditional phishing campaigns.

Roughly 14 months after the Russian invasion of Ukraine, the cyber components of the Russian onslaught continues with nearly 60% of Russian-backed phishing campaigns targeting Ukraine, Billy Leonard, a security engineer with the Google Threat Analysis Group, wrote in an update on the most notable hacking campaigns the company observed between January and March of 2023.

The latest report includes new information operations from Russias elite hacking units as well as work from a group believed to be Belarusian, a staunch Russian ally. From traditional credential and intelligence gathering efforts to information operations aimed abroad and at Russian audiences to glorify war efforts, the ongoing cyber operations remain active and show signs of adaptations and new techniques, Leonard wrote.

One of Russias most prolific and elite hacking groups known widely as Sandworm, but tracked by Google as FROZENBARENTS continues to focus heavily on the war in Ukraine with campaigns spanning intelligence collection, IO, and leaking hacked data through Telegram, Leonard wrote. Believed to operate out of Russian Armed Forces Main Directorate of the General Staff, or GRU, Unit 74455, the group known best for its multiple successful Ukrainian power grid attacks and the NotPetya malware that racked up more than $10 billion in global damages maintains its perch atop the Russian-backed offensive hacking ecosystem.

FROZENBARENTS remains the most versatile GRU cyber actor with offensive capabilities including credential phishing, mobile activity, malware, external exploitation of services, and beyond, Leonard wrote. They target sectors of interest for Russian intelligence collection including government, defense, energy, transportation/logistics, education, and humanitarian organizations.

The group continues to exploit EXIM mail servers around the world, Leonard wrote, a tactic it has employed since 2019, according to a 2020 NSA advisory. Once compromised, the hosts have been observed accessing victim networks, interacting with victim accounts, sending malicious emails, and engaged in information operations (IO) activity.

FROZENBARENTS has also continued to target organizations associated with the Caspian Pipeline Consortium (CPC), one of the largest oil pipelines in the world that transports crude oil from Kazakhstan across Russian territory to the Black Sea, Leonard wrote. The group has targeted a range of unnamed Eastern European energy sector organizations using fake Windows update packages on a domain spoofing CPC that, if executed, loaded a variation of the Rhadamanthys malware that could then exfiltrate stored credentials, including browser cookies.

Dating back to December 2022, the group has also launced multiple waves of credential theft campaigns targeting Ukrainian defense industry, military and Ukr.net mail users, Leonard wrote.

The group has also been active in the information operation space, he said, creating online personas to push pro-Russian news and narratives and leak stolen data, Leonard wrote, such as the persona CyberArmyofRussia, or CyberArmyofRussia_Reborn.

Both the YouTube channel for CyberArmyofRussia, or CyberArmyofRussia_Reborn which was pulled down upon notification and the Instagram account had minimal engagement and a negligible number of subscribers or followers, Leonard wrote. The groups Telegram channel, launched April 1, 2022, remains robust, with frequent posts for nearly 23,000 subscribers. Google researchers assess that the channel was created and controlled by the elite hacking unit.

In several recent incidents, FROZENBARENTS compromised a webserver of the target organization and uploaded a webshell to maintain persistent access to the compromised system, Leonard wrote. The attackers then deployed Adminer, a single file PHP script for managing databases, to exfiltrate data of interest. Shortly after exfiltration, the data appeared on the CyberArmyofRussia_Reborn Telegram channel.

In another information operation, the Internet Research Agency notorious for its efforts to shape domestic U.S. opinion ahead of the 2016 presidential elections produced a series of YouTube Shorts, short-form videos akin to TikTok or Instagrams Reels. The group has focused particularly on narratives supportive of Russia and the business interests of Russian oligarch Yevgeny Prigozhin, especially the Wagner Group, Leonard wrote.

The U.S. Department of Justice indicted Prigozhin, a longtime associate of Russian President Vladimir Putin, in 2018 for his role in the IRA interference operation. He is currently wanted by the FBI.

The group was also promoting a new film by Aurum LLC, a film company partially owned by Prigozhin. This movie has a high production value and communicates narratives portraying the Wagner Group in a positive light, Leonard wrote.

Altogether, Moscow continues to leverage the full spectrum of information operationsfrom overt state-backed media to covert platforms and accountsto shape public perception of the war in Ukraine, Leonard wrote.

Smaller campaigns from other hacking groups caught Googles eye as well.

Another operation attributed to the GRU as well but perhaps a unit other than FROZENBARENTS has since April 2022 maintained a Telegram channel to promote and amplify narratives related to the use of biological weapons in Ukraine and how the United States is responsible for the proliferation of biological weapons around the world, Leonard wrote. This campaign involves a Russian-language Telegram channel and an English Substack newsletter, which has published only once.

APT28 known widely as Fancy Bear, and tracked as FROZENLAKE sent multiple large waves of phishing emails to hundreds of users in Ukraine in February and March, Leonard wrote. Part of the effort involved reflected cross-site scripting (XSS) on multiple Ukrainian websites, which represents a new tactic for the group.

A Belarusian-linked hacking campaign tracked as PUSCHA by Google but sometimes called UNC1151 andlinked to Belarus by Mandiantin November 2021 has consistently targeted users in Ukraine and neighboring countries throughout the war, Leonard wrote, typically targeting the i.ua and meta.ua webmail services. Leonard described the phishing campaigns as targeted, and focused on small numbers of users in Ukraine.

Written by AJ VicensAJ covers nation-state threats and cybercrime. He was previously a reporter at Mother Jones. Get in touch via Signal/WhatsApp: (810-206-9411).

View post:
Russia's digital warriors adapt to support the war effort in Ukraine ... - CyberScoop

Im trying hard to stay optimistic about Ukraines imminent spring offensive against the Russian invaders. But the recent news flow, though ambiguous, raises concerns.

How strong are the Ukrainians, really, and will the Russians be able to exploit their weaknesses? And how cohesive is the alliance of Kyivs supporters? If the Ukrainians cant break the stalemate soon, will their friends start drifting off?

Only a couple of months ago, the outlook seemed better. Ukraine had scored dramatic tactical victories and dug in for a hard winter. Then Germany, the U.K., Poland, the U.S. and other allies decided to send heavy battle tanks in preparation for spring. Some of those, including the first batch of German-made Leopard 2s, have now arrived at the front. Thus equipped, the Ukrainians should right about now be able to turn a static war of attrition into a kinetic war of reconquest, it was hoped.

This could be due to a conflict with your ad-blocking or security software.

Please add japantimes.co.jp and piano.io to your list of allowed sites.

If this does not resolve the issue or you are unable to add the domains to your allowlist, please see this FAQ.

We humbly apologize for the inconvenience.

In a time of both misinformation and too much information, quality journalism is more crucial than ever.By subscribing, you can help us get the story right.

Follow this link:
Ukraine's spring offensive just got harder - The Japan Times

Yes, it definitely is quite a weak position. They do express concern, and I am of course grateful for that. But I need to see some actual actions, you know, some real actions because Vladimir is a British citizen, and I believe that the British government has a responsibility to protect his rights and to defend him in this absolutely atrocious situation. And expressions of concern are no longer enough because Vladimirs health is deteriorating Introducing sanctions against his perpetrators would actually be a very practical step that I would very much like to see.

I am, of course, grateful for the presence of UK diplomats at my husbands hearings throughout this year. And Im, of course, very grateful for the FCDO for summoning the Russian ambassador to ask him questions related to the illegal unlawful persecution of my husband. But if we talk about sanctions, I am honestly slightly baffled. Vladimir is a dual Russian British citizen, and I believe it is the duty, the responsibility, of the British government to stand with him and show with any instruments available, show to the Russian authorities that they know who the perpetrators are, and they will not let them get away with committing such atrocious human rights violations as were committed in my husbands case.

Vladimir is not for example, a Canadian citizen. However, Canada was the first country to introduce sanctions against Vladimirs perpetrators. This initiative was then followed by the United States that introduced sanctions in March. Today the Latvian Foreign Office announced that they would be introducing sanctions against 10 people involved in the illegal prosecution of my husband. So far, I have not seen any response from the FCDO on that matter. And I am slightly baffled, to tell the truth.

Read this article:
Russia-Ukraine war: condemnation grows of Kara-Murzas prison sentence as wife baffled by UKs weak response as it happened - The Guardian

Russia

Officials ready for nuclear threats and cyber-attacks as part of Russian response to predicted counter-offensive

Western leaders are preparing for Vladimir Putin to use whatever tools hes got left including nuclear threats and cyber-attacks in response to an expected Ukrainian counter-offensive against Russia.

British officials at the G7 foreign ministers summit in Japan said they were expecting Russia to retaliate and must be prepared for extreme tactics as it attempted to hold on to Ukrainian territory.

The former Russian president Dmitry Medvedev said last month that Moscow was ready for the Ukrainians to hit back, warning that his country would use absolutely any weapon if Kyiv attempted to retake Crimea, which was annexed by Russia in 2014.

There appeared to be an acknowledgment in Moscow that its forces might soon find themselves on the defensive in Ukraine as Russias own winter offensive appeared to be slowing down.

Russias nuclear rhetoric has united the G7 ministers, who issued a statement after their two-hour meeting on Monday condemning the threats as unacceptable and criticising Putins plan to deploy tactical nuclear weapons in Belarus.

G7 officials said there was an open exchange of views in the talks on the approach to the Ukrainian conflict, including on future prospects for bringing the war to an end, which Rishi Sunak has said would eventually be around the negotiating table.

However, Foreign Office sources suggested that the only way to finally resolve the conflict would be for Putin to withdraw his troops from Crimea and for the west to give Kyiv the tools to finish the job.

Despite pressure from Ukraine, and others including the former UK prime minister Boris Johnson, to increase military support including more tanks and fighter jets the UK believes it is providing what the country needs. Sources said it was already committing its rainy day fund.

A transatlantic group of former senior diplomats and high-level military advisers said on Monday that the war in Ukraine was on course to become a stalemate unless the west went all in and increased its level of military support.

The group said that declarations of unwavering support were not enough and actions still fail to match the rhetoric in a reflection of military assessments in European capitals and Washington.

At the G7 summit, the ministers reaffirmed their commitment to intensifying, fully coordinating and enforcing sanctions against Russia, agreeing to be more coordinated to prevent evasion of the measures and to target third parties supplying weapons to Moscow.

It came as the foreign secretary, James Cleverly, demanded the release of a British-Russian opposition leader after he was sentenced to 25 years in prison by a court in Moscow, paying tribute to Vladimir Kara-Murza Jr for bravely denouncing Putins invasion of Ukraine.

The Kremlin critic, who has twice survived poisonings, was convicted on charges of treason and denigrating the Russian military in what he denounced as a show trial.

The Russian ambassador to the UK, Andrei Kelin, was summoned to the Foreign Office for a dressing down on Monday over Russias human rights obligations, including the right to a fair trial.

Meanwhile, the US secretary of state Antony Blinkens G7 bilateral talks with his French counterpart, Catherine Colonna, over-ran, prompting speculation her talks with the US had been fraught.

The French president, Emmanuel Macron, provoked controversy last week when he said, on a flight back from China, that Europe should not become a vassal to the US on foreign policy.

He had previously been accused of naivety when he said Moscow must not be humiliated and would need security guarantees. G7 officials stressed that all member nations, including France, were united on the need to prevent Putins attempts to divide and conquer.

Eastern European governments, in particular, had accused Macron of failing to learn the lessons of the war. Without US military and financial support for Kyiv, more than 30 times that of France, Ukrainian resistance would have already crumbled, they believe.

In separate talks in Japan, G7 nations including UK, US, Canada, Japan and France formed an alliance to develop shared supply chains for nuclear fuel, aimed at pushing Russia out of the international nuclear energy market.

The UKs Department for Energy Security and Net Zero said the five countries would use their civil nuclear power sectors to undermine Russias grip on supply chains, cutting off another means for Putin to fund his invasion of Ukraine.

{{topLeft}}

{{bottomLeft}}

{{topRight}}

{{bottomRight}}

{{.}}

Go here to see the original:
West prepares for Putin to use whatever tools hes got left in Ukraine - The Guardian

What is included in my trial?

During your trial you will have complete digital access to FT.com with everything in both of our Standard Digital and Premium Digital packages.

Standard Digital includes access to a wealth of global news, analysis and expert opinion. Premium Digital includes access to our premier business column, Lex, as well as 15 curated newsletters covering key business themes with original, in-depth reporting. For a full comparison of Standard and Premium Digital, click here.

Change the plan you will roll onto at any time during your trial by visiting the Settings & Account section.

If you do nothing, you will be auto-enrolled in our premium digital monthly subscription plan and retain complete access for $69 per month.

For cost savings, you can change your plan at any time online in the Settings & Account section. If youd like to retain your premium access and save 20%, you can opt to pay annually at the end of the trial.

You may also opt to downgrade to Standard Digital, a robust journalistic offering that fulfils many users needs. Compare Standard and Premium Digital here.

Any changes made can be done at any time and will become effective at the end of the trial period, allowing you to retain full access for 4 weeks, even if you downgrade or cancel.

You may change or cancel your subscription or trial at any time online. Simply log into Settings & Account and select "Cancel" on the right-hand side.

You can still enjoy your subscription until the end of your current billing period.

We support credit card, debit card and PayPal payments.

See the original post:
How the Ukraine war has divided the world - Financial Times