What You Need to Know About Russian Cyber Escalation in Ukraine
The Russian invasion of Ukraine has caused a substantial increase in cyberattacks. The public and private organizations can be impacted even before they are not located in the region. Therefore, the SOCRadar analyst team, monitoring the situation from its early hours, has gathered initial findings in this blog post.
Ransomware attacks have evolved, especially in the ongoing Russian invasion of Ukraine, as threat actors continue to find ways to expand the reach and profitability of their operations. The ransomware-as-a-service (RaaS) model has been utilized as a cyber weapon and has become popular because the use of affiliates allows ransomware operators to target more victims effortlessly.
February 13: A file matching the DDoS attack IoCs was uploaded to VirusTotal.
February 15 & 16: Some Ukrainian websites were not accessible due to heavy DDoS attacks. Both UK and US officials have attributed these attacks to a known Russian GRU infrastructure stating The US has technical data to back it up. During attacks, it is reported that some customers could not access the banking websites.
Conti, a dangerous ransomware gang that first appeared in December 2019, resided in Saint Petersburg, Russia, from the very beginning. During the actual conflict between Ukraine and Russia, eyes were naturally turned to the side where the group would participate in the cyber world.
The infamous Lapsu$ Extortion Group has become a newsworthy threat actor while the cyber incidents escalated during the Russian invasion of Ukraine. While the group’s claim on stolen data from Nvidia GPU Designer is still the central part of the news, the group now leaked data from South Korean tech giant Samsung, including some Samsung products’ source code.
More resources
