On June 9, Russia, alongside China, warned the West that cyber-attacks against its infrastructure could risk leading to direct military confrontation and that attempts to challenge Moscow in the cyber sphere would be met with targeted countermeasures.
The warning came days after the website of Russia’s Ministry of Construction, Housing and Utilities appeared to have been hacked on June 6, with an internet search for the site leading to a "Glory to Ukraine" sign in. Russia attributed this attack to Ukraine and the United States.
The President of Russia, Vladimir Putin, was forced to publicly recognise the scale of the impact of ongoing attacks last month. He called for reduced reliance on foreign-made software and hardware, as well as enhanced cyber defences.
On the contrary, Russia has been blamed for a large number of distributed denial-of-service (DDoS) and destructive malware attacks in Ukraine since the beginning of the invasion.
Following months of diplomatic talks and military action, cyber activity continues to steadily grow, with countries, organisations and cyber groups continuing to pledge their alliances.
After a decrease in hacktivist activity through April and early May, a new wave of increased activity has been observed over recent weeks. The majority of incidents identified have largely targeted Russian entities. However, on May 20, it was confirmed pro-Russian hacker group ‘Killnet’ attacked the website of various Italian institutions and government ministries, leaving them inoperable.
In retaliation, pro-Ukraine hacktivist group ‘Anonymous’ declared a cyber war against Killnet. Since then, the collective has leaked stolen data via ‘DDoSecrets’ from multiple large-scale organisations including operating from Russia.
DDoS attacks remain a key method used by hacktivist groups. This includes the IT Army of Ukraine, who claimed seven DDoS campaigns against multiple sectors across Russia between May 28 and June 6.
Anonymous-aligned hacktivist ‘LulzSecMafia’ also announced further DDoS campaigns against Russia websites.
Of note this week, the Ukrainian Computer Emergency Response Team (CERT) has warned that the Russian hacking group Sandworm are likely exploiting Follina, a vulnerability in the Microsoft Windows Support Diagnostic Tool (MSDT) tracked as CVE-2022-30190.
To exploit the vulnerability, phishing emails are being distributed that require the victim to open a specially crafted document.
So far, the emails have targeted more than 500 recipients at various media organisations in Ukraine, including radio stations and newspapers.
The ongoing conflict has become a catalyst for threat actors to develop and work together with the same motivations.
The UK is highly likely to maintain a supportive stance for Ukraine throughout the developing conflict which may gain international publicity and fuel a response from the Russian government, individuals, or groups through cyber-attacks.
Reporting
Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).