Russia’s digital warriors adapt to support the war effort in Ukraine … – CyberScoop

Russian and pro-Russian operatives continue to modify their hacking and influence operations aimed at Ukraine to extract intelligence and sway public opinion in favor of the war, Google researchers said in a report released Wednesday. The latest tactics include promoting highly produced YouTube videos as well as more traditional phishing campaigns.

Roughly 14 months after the Russian invasion of Ukraine, the cyber components of the Russian onslaught continues with nearly 60% of Russian-backed phishing campaigns targeting Ukraine, Billy Leonard, a security engineer with the Google Threat Analysis Group, wrote in an update on the most notable hacking campaigns the company observed between January and March of 2023.

The latest report includes new information operations from Russias elite hacking units as well as work from a group believed to be Belarusian, a staunch Russian ally. From traditional credential and intelligence gathering efforts to information operations aimed abroad and at Russian audiences to glorify war efforts, the ongoing cyber operations remain active and show signs of adaptations and new techniques, Leonard wrote.

One of Russias most prolific and elite hacking groups known widely as Sandworm, but tracked by Google as FROZENBARENTS continues to focus heavily on the war in Ukraine with campaigns spanning intelligence collection, IO, and leaking hacked data through Telegram, Leonard wrote. Believed to operate out of Russian Armed Forces Main Directorate of the General Staff, or GRU, Unit 74455, the group known best for its multiple successful Ukrainian power grid attacks and the NotPetya malware that racked up more than $10 billion in global damages maintains its perch atop the Russian-backed offensive hacking ecosystem.

FROZENBARENTS remains the most versatile GRU cyber actor with offensive capabilities including credential phishing, mobile activity, malware, external exploitation of services, and beyond, Leonard wrote. They target sectors of interest for Russian intelligence collection including government, defense, energy, transportation/logistics, education, and humanitarian organizations.

The group continues to exploit EXIM mail servers around the world, Leonard wrote, a tactic it has employed since 2019, according to a 2020 NSA advisory. Once compromised, the hosts have been observed accessing victim networks, interacting with victim accounts, sending malicious emails, and engaged in information operations (IO) activity.

FROZENBARENTS has also continued to target organizations associated with the Caspian Pipeline Consortium (CPC), one of the largest oil pipelines in the world that transports crude oil from Kazakhstan across Russian territory to the Black Sea, Leonard wrote. The group has targeted a range of unnamed Eastern European energy sector organizations using fake Windows update packages on a domain spoofing CPC that, if executed, loaded a variation of the Rhadamanthys malware that could then exfiltrate stored credentials, including browser cookies.

Dating back to December 2022, the group has also launced multiple waves of credential theft campaigns targeting Ukrainian defense industry, military and Ukr.net mail users, Leonard wrote.

The group has also been active in the information operation space, he said, creating online personas to push pro-Russian news and narratives and leak stolen data, Leonard wrote, such as the persona CyberArmyofRussia, or CyberArmyofRussia_Reborn.

Both the YouTube channel for CyberArmyofRussia, or CyberArmyofRussia_Reborn which was pulled down upon notification and the Instagram account had minimal engagement and a negligible number of subscribers or followers, Leonard wrote. The groups Telegram channel, launched April 1, 2022, remains robust, with frequent posts for nearly 23,000 subscribers. Google researchers assess that the channel was created and controlled by the elite hacking unit.

In several recent incidents, FROZENBARENTS compromised a webserver of the target organization and uploaded a webshell to maintain persistent access to the compromised system, Leonard wrote. The attackers then deployed Adminer, a single file PHP script for managing databases, to exfiltrate data of interest. Shortly after exfiltration, the data appeared on the CyberArmyofRussia_Reborn Telegram channel.

In another information operation, the Internet Research Agency notorious for its efforts to shape domestic U.S. opinion ahead of the 2016 presidential elections produced a series of YouTube Shorts, short-form videos akin to TikTok or Instagrams Reels. The group has focused particularly on narratives supportive of Russia and the business interests of Russian oligarch Yevgeny Prigozhin, especially the Wagner Group, Leonard wrote.

The U.S. Department of Justice indicted Prigozhin, a longtime associate of Russian President Vladimir Putin, in 2018 for his role in the IRA interference operation. He is currently wanted by the FBI.

The group was also promoting a new film by Aurum LLC, a film company partially owned by Prigozhin. This movie has a high production value and communicates narratives portraying the Wagner Group in a positive light, Leonard wrote.

Altogether, Moscow continues to leverage the full spectrum of information operationsfrom overt state-backed media to covert platforms and accountsto shape public perception of the war in Ukraine, Leonard wrote.

Smaller campaigns from other hacking groups caught Googles eye as well.

Another operation attributed to the GRU as well but perhaps a unit other than FROZENBARENTS has since April 2022 maintained a Telegram channel to promote and amplify narratives related to the use of biological weapons in Ukraine and how the United States is responsible for the proliferation of biological weapons around the world, Leonard wrote. This campaign involves a Russian-language Telegram channel and an English Substack newsletter, which has published only once.

APT28 known widely as Fancy Bear, and tracked as FROZENLAKE sent multiple large waves of phishing emails to hundreds of users in Ukraine in February and March, Leonard wrote. Part of the effort involved reflected cross-site scripting (XSS) on multiple Ukrainian websites, which represents a new tactic for the group.

A Belarusian-linked hacking campaign tracked as PUSCHA by Google but sometimes called UNC1151 andlinked to Belarus by Mandiantin November 2021 has consistently targeted users in Ukraine and neighboring countries throughout the war, Leonard wrote, typically targeting the i.ua and meta.ua webmail services. Leonard described the phishing campaigns as targeted, and focused on small numbers of users in Ukraine.

Written by AJ VicensAJ covers nation-state threats and cybercrime. He was previously a reporter at Mother Jones. Get in touch via Signal/WhatsApp: (810-206-9411).

View post:
Russia's digital warriors adapt to support the war effort in Ukraine ... - CyberScoop

Russia issues school textbook saying it was 'forced' to march into Ukraine - Reuters - January 27th, 2025 [January 27th, 2025]
Russia introduces history textbook that redefines war against Ukraine as justified defense. - Kyiv Independent - January 27th, 2025 [January 27th, 2025]
Bad Things Happened: Trump Still Doesnt Understand the Ukraine War - The Bulwark - January 27th, 2025 [January 27th, 2025]
Russia says its troops have captured a strategic town in eastern Ukraine - The Associated Press - January 27th, 2025 [January 27th, 2025]
NATO chief: Cost of Russian victory in Ukraine would be trillions not billions - Atlantic Council - January 27th, 2025 [January 27th, 2025]
For Russian Forces In Ukraine, Its Now Normal To Ride Into Battle In A Compact Car - Forbes - January 27th, 2025 [January 27th, 2025]
Opinion: Trump promised to end the Ukraine war, but neither side is ready - Los Angeles Times - January 27th, 2025 [January 27th, 2025]
Putin echoes Trump's claim that conflict in Ukraine could have been avoided had he been in office - The Associated Press - January 27th, 2025 [January 27th, 2025]
Russia says it sees no signs that Ukraine and the West are ready for peace talks despite all statements - Reuters - January 27th, 2025 [January 27th, 2025]
Zelenskiy says Trump could end Ukraine war only if Kyiv included in talks - Reuters - January 27th, 2025 [January 27th, 2025]
War in Ukraine: EU to Agree to Extend Russia Sanctions, Hungary to Back Down - Bloomberg - January 27th, 2025 [January 27th, 2025]
Letters: Stop the fireworks; angry about McCoy story; end war in Ukraine - VC Star - January 27th, 2025 [January 27th, 2025]
Zelenskiy Says Ukraine Ready to Transit Gas From Azerbaijan - Bloomberg - January 27th, 2025 [January 27th, 2025]
Why peace talks between Ukraine and Russia are not as simple as Trump makes out - The Independent - January 27th, 2025 [January 27th, 2025]
Trump tells Putin to end 'ridiculous war' in Ukraine or face new sanctions - BBC.com - January 26th, 2025 [January 26th, 2025]
Ukraine-Russia latest: Putin ready for Trump negotiations as Kyiv sets oil refinery ablaze with drone strike - The Independent - January 26th, 2025 [January 26th, 2025]
Ukraine is reforming its recruitment efforts to attract younger soldiers and boost forces - The Associated Press - January 26th, 2025 [January 26th, 2025]
Europe considers sending troops to Ukraine if theres a ceasefire. But would Russia accept? - The Associated Press - January 26th, 2025 [January 26th, 2025]
Opinion: I spent Trumps inauguration in Ukraine. This is what I saw. - Salt Lake Tribune - January 26th, 2025 [January 26th, 2025]
Putin claims Ukraine crisis may have been averted if Trump was president - CNN - January 26th, 2025 [January 26th, 2025]
Did Ukraine Kill Its Own by Downing a Russian Plane? A Year Later, It Hasnt Said. - The New York Times - January 26th, 2025 [January 26th, 2025]
Russia claims its troops are in the last stages of taking another eastern Ukraine town - The Associated Press - January 26th, 2025 [January 26th, 2025]
Ukraine Is Losing Fewer Soldiers Than Russia but Its Still Losing the War - The New York Times - January 26th, 2025 [January 26th, 2025]
Does Putin know why Ukraine fights on? Because we prize freedom above stability and wealth | Andrey Kurkov - The Guardian - January 26th, 2025 [January 26th, 2025]
Russia rejects idea of NATO peacekeepers in Ukraine, warning of "uncontrollable escalation" - Reuters - January 26th, 2025 [January 26th, 2025]
Trump's threat against Moscow on Ukraine seen as an insulting false start by some in Russia - NBC News - January 26th, 2025 [January 26th, 2025]
UKs 100-year partnership with Ukraine is a meaningless political stunt - Al Jazeera English - January 26th, 2025 [January 26th, 2025]
Putin says he and Trump should meet to discuss Ukraine and energy prices - Reuters - January 26th, 2025 [January 26th, 2025]
Putin ready for negotiations with Trump on Ukraine war - The Guardian - January 26th, 2025 [January 26th, 2025]
US arms exports hit record in 2024 on Ukraine-related demand - Reuters - January 26th, 2025 [January 26th, 2025]
This Ones Mine. Ukraine Says Russia Is Executing More POWs and Capturing It on Video. - The Wall Street Journal - January 26th, 2025 [January 26th, 2025]
Russia Brushes Off Trumps Threats on Ukraine - The Wall Street Journal - January 26th, 2025 [January 26th, 2025]
Russia: Nothing new in Trump threats on Moscows war on Ukraine - VOA Asia - January 26th, 2025 [January 26th, 2025]
Video: The Kremlin responds to Trump calling on Putin to make a deal with Ukraine - CNN - January 26th, 2025 [January 26th, 2025]
To end the Russia-Ukraine war, Trump will need to get leverage - The Hill - January 26th, 2025 [January 26th, 2025]
Ukraine's Kursk invasion was a risky play, but it might have nailed the timing - Business Insider - January 26th, 2025 [January 26th, 2025]
Trump leans in on targeting Russian oil revenue as he tries to fulfill pledge to end Ukraine war - The Associated Press - January 26th, 2025 [January 26th, 2025]
'He shouldn't have done that': Donald Trump criticizes Ukraine president over war - USA TODAY - January 26th, 2025 [January 26th, 2025]
Putin open for talks with Trump over Ukraine war and calls for leaders to meet - The Independent - January 26th, 2025 [January 26th, 2025]
Business elites truly believe Trump could be on the verge of solving one of the world's most difficult problems: The Ukraine War - New York Post - January 26th, 2025 [January 26th, 2025]
Kyiv investigates another case of Russian soldiers executing Ukraine POWs - POLITICO Europe - January 26th, 2025 [January 26th, 2025]
Ukrainian winemaker and US veterans team up to show the best of Ukraine, a glass at a time - The Associated Press - January 26th, 2025 [January 26th, 2025]
Is Trump changing tack on ending the war in Ukraine? - The Conversation Indonesia - January 26th, 2025 [January 26th, 2025]
Shared Challenges: Israel Considers Sending Russian Weapons Seized From Hezbollah to Ukraine - Foundation for Defense of Democracies - January 26th, 2025 [January 26th, 2025]
Ukrainian troops say inexperienced North Koreans are making easy targets - The Washington Post - December 16th, 2024 [December 16th, 2024]
Ukraine says it has laser weapon able to down targets flying at over 2km - Yahoo! Voices - December 16th, 2024 [December 16th, 2024]
Berlin eyes role in Ukraine peace deal but says too early for decisions - Reuters - December 16th, 2024 [December 16th, 2024]
Keep Ukraine Out of Talks to End Its War - Foreign Policy - December 16th, 2024 [December 16th, 2024]
Ukraine and US say some North Korean troops have been killed fighting alongside Russian forces - The Associated Press - December 16th, 2024 [December 16th, 2024]
Russia aims to win the war in Ukraine in 2025, top official says - Semafor - December 16th, 2024 [December 16th, 2024]
Trump suggests reversing permission for Ukraine to use US missiles in Russia - The Telegraph - December 16th, 2024 [December 16th, 2024]
Trump to Europe: Overseeing a Ukraine Cease-Fire Would Be Your Job - The Wall Street Journal - December 16th, 2024 [December 16th, 2024]
The Price of Russian Victory: Why Letting Putin Win Would Cost America More Than Supporting Ukraine - Foreign Affairs Magazine - December 16th, 2024 [December 16th, 2024]
They said we were American spies: Priests describe Russias crackdown on Evangelicals in occupied Ukraine - CNN - December 16th, 2024 [December 16th, 2024]
Trump says it was 'stupid' for Biden to let Ukraine use US weapons to strike deeper into Russia - The Associated Press - December 16th, 2024 [December 16th, 2024]
Cajole, Plead and Flatter: Ukraine Makes Its Case to Trump - The New York Times - December 16th, 2024 [December 16th, 2024]
Ukraine-Russia war map: Where Putins forces are making gains in eastern Ukraine - The Independent - December 16th, 2024 [December 16th, 2024]
Europe Needs to Swiftly Fulfil Its Aid Pledges to Ukraine - Bloomberg - December 16th, 2024 [December 16th, 2024]
Ukraine says it has laser weapon able to down targets flying at over 2km - Reuters - December 16th, 2024 [December 16th, 2024]
Trump says deal needed to stop Ukraine war, will talk to Putin and Zelenskiy - Reuters - December 16th, 2024 [December 16th, 2024]
Were 750,000 additional lives wasted in Ukraine for less than nothing? - The Hill - December 16th, 2024 [December 16th, 2024]
Ukraine war: US gives $20bn to Kyiv funded by seized Russian assets - BBC.com - December 10th, 2024 [December 10th, 2024]
Trump calls for immediate ceasefire in Ukraine and says a US withdrawal from NATO is possible - The Associated Press - December 10th, 2024 [December 10th, 2024]
How Trump Can Win the Peace in Ukraine - The Atlantic - December 10th, 2024 [December 10th, 2024]
Ukraine-Russia latest: Zelensky wont sacrifice young troops to Putins forces for more weapons from West - The Independent - December 10th, 2024 [December 10th, 2024]
Biden is rushing aid to Ukraine. Both sides are digging in. And everyone is bracing for Trump - The Associated Press - December 10th, 2024 [December 10th, 2024]
Russian prison boss killed in car blast in occupied Ukraine - BBC.com - December 10th, 2024 [December 10th, 2024]
Kremlin says Ukraine war will go on until Putin's goals are met on battlefield or by negotiation - Reuters - December 10th, 2024 [December 10th, 2024]
Russia targets Ukraine's energy grid as winter sets in. Here's how one plant copes - NPR - December 10th, 2024 [December 10th, 2024]
Deadly Russian strike kills at least three in Ukraine's Zaporizhzhia - Euronews - December 10th, 2024 [December 10th, 2024]
How Trump Could End the War in Ukraine - The Atlantic - December 10th, 2024 [December 10th, 2024]
War in Ukraine: The woman turning amputees into 'superhumans' - BBC.com - December 10th, 2024 [December 10th, 2024]
Zelensky salutes Trump's 'strong resolve' to end war in Ukraine - FRANCE 24 English - December 10th, 2024 [December 10th, 2024]
US announces nearly $1 billion more in longer-term weapons support for Ukraine - The Associated Press - December 10th, 2024 [December 10th, 2024]
Amid U.S. pressure, Ukraine starts thinking about drafting 18-year-olds - The Washington Post - December 10th, 2024 [December 10th, 2024]
Zelenskyy open to Western troops providing security for end to war in Ukraine - The Associated Press - December 10th, 2024 [December 10th, 2024]
Ukraine to raise NATO invite, security guarantees at meeting with European allies - Reuters - December 10th, 2024 [December 10th, 2024]
Kyiv reveals total Ukraine casualties in Putins war for first time - POLITICO Europe - December 10th, 2024 [December 10th, 2024]
Bill Browder on saving Ukraine, NATO, and the threat of Vladimir Putin - the1a.org - December 10th, 2024 [December 10th, 2024]
Biden is rushing aid to Ukraine as everyone braces for Trump - FOX 5 DC - December 10th, 2024 [December 10th, 2024]

April 19th, 2023

No comments yet

Comments are closed.

Mediaboss Marketing

Russia’s digital warriors adapt to support the war effort in Ukraine … – CyberScoop

About

Pages

Categories

Media Sites

Recommended Sites

Archives