Content

Russia-Ukraine War: Cyberattack – Kinetic Warfare Timeline

Share
Credit: Getty Images
This story was originally published December 13, 2022, and was most recently updated on January 29, 2024. Amid Russia's continued invasion of Ukraine, multiple cyberattacks have allegedly surfaced, and various cybersecurity warnings continue to emerge. The situation crystallizes how kinetic warfare (bombs, guns, bullets, etc.) is now fully intertwined with cyber warfare. Lump kinetic war and cyber war together, and you get the new reality of hybrid war. Advice for MSSPs and MSPs:
  1. Closely track CISA (Cybersecurity and Infrastructure Security Agency) alerts and updates, especially as they pertain to infrastructure security worldwide.
  2. Check the Russia-Ukraine conflict timeline below, which is updated regularly with cyberattack and cyber defense information tied to the conflict.

Russia Invades Ukraine: Kinetic Warfare and Cyberattack Timeline

Here's the latest... January 29, 2024:
  • POW HQ Hacked: Ukraine's Coordination Headquarters for the Treatment of Prisoners of War said on January 29 that it had restored all services following the previous day's DDoS attack. The department responsible for monitoring the treatment of prisoners of war was hacked mere days after the crash of the Russian Il-76 plane in Russia's Belgorod Oblast on January 24, which Moscow claims resulted in the death of 65 Ukrainian POWs. (Source: Yahoo News)
January 27, 2024:
  • Cyberattack on Russian Corporation: Cyber experts linked to Ukraine’s Main Intelligence Directorate (HUR) executed a hacking attack, destroying the entire IT infrastructure of IPL Consulting, a company specializing in implementing information systems in the Russian industrial sector, HUR reported on January 27. According to intelligence sources, specialists infiltrated the company’s internal network and obliterated its IT infrastructure, totaling over 60 terabytes, dozens of servers, and databases. (Source: Yahoo News)
January 25, 2024:
  • Cyberattacks on Oil and Gas Company: Multiple Ukrainian state agencies, including the state-owned energy company, reported cyberattacks or technical disruptions on January 24 that were affecting their IT systems and ability to communicate with the public. Naftogaz, Ukraine’s largest oil and gas company, said that a “large-scale cyberattack” on one of its data centers had knocked its website and call centers offline. (Source: CNN)
  • Denmark Pledges Aid to Ukraine: The Danish government announced plans to send military aid to Ukraine to boost the country’s cyber defense capabilities. Valued at more than 12 million euros ($13 million), the donation will be used for “priority” efforts Kyiv is undertaking to maintain its digital resilience against cyberattacks. Denmark’s defense ministry wrote that the cybersecurity fund demonstrates Copenhagen’s continued support for the Ukrainian government’s critical IT infrastructure impacted since Russia’s 2022 invasion. (Source: The Defense Post)
January 21, 2024:
  • Ukrainian Bank Hacked: Hackers targeted Monobank, Ukraine's largest mobile-only bank, with waves of denial of service (DDoS) attacks on January 21, reported the company's co-founder and CEO, Oleh Horokhovskyi. Horokhovskyi said Monobank was targeted with 580 million service requests in one attack. (Source: Yahoo News)
January 5, 2024:
  • Russians Hack Ukranian Telecom: Russian hackers were inside Ukrainian telecommunications Kyivstar's system from at least May 2023 in a cyberattack that should serve as a "big warning" to the West, Ukraine's cyber spy chief told Reuters. The hack, one of the most dramatic since Russia's full-scale invasion nearly two years ago, knocked out services provided by Ukraine's biggest telecoms operator for some 24 million users for days from December 12, 2023.
October 24, 2023:
  • Cyber Defense Center Prioritizes Cybersecurity in Ukraine: The Ukrainian National Center for Cybersecurity Coordination and IP3 International, an energy security developer, announced the Collective Defense AI Fusion Center (CDAIC) in Ukraine. CDAIC will promote collaboration between Ukraine and its allies to protect against cyberattacks.
September 7, 2023:
  • Russia-linked Cyber Crew Targets Ukrainian Military: A Russian cyber crew is believed to be orchestrating a new malware campaign, dubbed Infamous Chisel, directed at the Ukrainian military, according to a joint report by the Five Eyes intelligence alliance. The campaign, which was publicly uncovered by Ukraine’s security agency earlier this month, is believed to be the work of Sandworm, the advanced persistent threat operatives linked to the GRU, Russia’s military intelligence service. Sandworm is reportedly behind earlier attacks on Ukraine’s power grid in 2017 and the NotPetya malware operation.
September 15, 2023:
  • Cyber War Operation: The US Cyber Command (CYBERCOM) deployed a team of cyberwarfare experts near Russia to conduct a defensive hunt operation amid the ongoing war in Ukraine. The American cyber specialists analyzed critical networks for evidence of malicious cyber activities in cooperation with counterparts from the Lithuanian Interior Ministry Information Technology and Communications Department.
July 12, 2023:
  • Cyberattacks Against Ukrainians Adjoin NATO Summit in Lithuania: Ahead of the NATO Summit, July 11-12, in Vilnius, Lithuania, BlackBerry researchers determined that the threat actor known as RomCom targeted Ukraine supporters timed to the conference. The suspected threat group was believed to be using fake documents that pretend to lobby for Ukraine’s acceptance into NATO.
July 3, 2023:
  • Microsoft Warns of Russia-backed Credentials Stealing Campaign: Microsoft’s security team recently said that it had found evidence of a jump in cyberattacks orchestrated by the Russian state-backed Midnight Blizzard crew eyeing personal credentials. The Midnight Blizzard hackers, also known as Nobelium, uses residential proxy services to obfuscate the source IP address of their attacks that typically target governments, IT service providers, NGOs, defense industry and critical manufacturing, Microsoft said. Nobelium is believed to be behind attacks on Ukrainian military targets, countries providing assistance to Ukraine’s war efforts and other organizations opposing Russia.
June 15, 2023:
  • Cyberattacks Traced to Russian Military Assets: A wave of cyberattacks hitting Ukrainian government agencies and information-technology vendors was traced back to hackers associated with Russia’s military intelligence service, the GRU, an official with Microsoft said in a blog post. The ongoing digital belligerence is attributed to a group dubbed “Cadet Blizzard,” allegedly active since 2020.
May 22, 2023:
  • U.S. Charges Russian over Ransomware Attacks: A Russian national has been charged with ransomware attacks on U.S. critical infrastructure, including law enforcement agencies in Washington, D.C. and New Jersey, and healthcare, schools and other victims worldwide. According to the unsealed indictment obtained in the District of New Jersey, Mikhail Pavlovich Matveev (AKA Wazawaka, m1x, Boriselcin, and Uhodiransomwar) engaged in activities to spread the ransomware variants LockBit, Babuk and Hive beginning a recently as 2020. Matveev is alleged to have made ransom demands with each of the attacks, the U.S. Justice Department said.
May 10, 2023:
  • Cyber Gang Disabled: Federal law enforcement crashed a network of compromised computers an elite Russian espionage group used for two decades to spy on some 50 countries and exfiltrate sensitive information. Unit 16 of Russia’s Federal Security Service, or FSB, referred to as Turla, apparently used versions of the Snake malware to set up a peer-to-peer network of hundreds of infected computers to strip away material belonging to U.S. allies in the North American Treaty Organization, journalists and other targets of interests to the Kremlin.
May 9, 2023:
  • Pro-Russian Hacktivist Group Rebrands: Killnet, a cyber crew that has touted itself as “hacktivists” actively targeting opponents of Russia’s invasion of Ukraine, has rebranded itself as “Black Skills.” And they say that it’s all about the money now. The hacking group, responsible for widespread distributed denial of service (DDos) attacks in Europe and the U.S., posted on the instant messaging service Telegram in late April that it is ending its altruistic activities and reorganizing as a “private military hacking company.”
March 30, 2023:
  • Cyber Conflict in Ukraine Report: Thales, a Paris-based data protection and identity management provider, said in a new report entitled “A Year of Cyber Conflict in Ukraine,” that cyber warfare inside the conflict has “clearly moved on” from the beginnings of the war. Over the last 12 months, Thales figures that the majority of incidents only affecting Ukraine in the first quarter of 2022 (50.4%) sank to 28.6% in the third period. But European Union countries have seen a spike in incidents related to the war in the past six months from 9.8% to 46.5%.
March 20, 2023:
  • Malware Gang Alert: A Russia-linked malware campaign attributed to nation-state threat actor Iridium (aka Sandworm) could hit Ukrainian government facilities soon with a series of cyber strikes, Microsoft said in a new threat intelligence report. Iridium, which is believed to be associated with Russia’s military intelligence agency (GRU), is readying the operation in the same manner as it did with the Foxblade and Caddywiper malware deployments in the early days of the war, Microsoft said. Attacks could spread beyond Ukraine’s borders to disrupt the country’s supply chain.
March 10, 2023:
  • Cyber Exercises Held: Roughly three dozen cyber teams from 11 nations, including personnel from Ukraine, the U.S., Japan, Singapore, Kenya, Oman and the United Kingdom, successfully defended against a sophisticated cyberattack on national infrastructure, ostensibly by Russia, in a simulated exercise named Defense Cyber Marvel 2.
  • NATO Hosts Cyber Training Event: The recent exercise took place in Tallin, Estonia, where in late December the North Atlantic Treaty Organization (NATO) launched a similar exercise involving 1,000 cyber defenders, 26 NATO allies and nine non-member countries. That five-day exercise, dubbed Cyber Coalition 2022, had similar intentions as the Defence Cyber Marvel 2, to boost the cyber resilience of the participating countries and test and train cyber defenders from across the alliance to defend NATO and national networks.
January 30, 2023:
  • German Websites Attacked: Russian hackers kicked a number of German websites offline with distributed denial of service (DDoS) attacks in response to Berlin’s decision to deploy tanks to Ukraine to support its war efforts. In yet another stark example of cyber warfare entering an arena with traditional war, the hacking group Killnet took credit for DDoS attacks on German government websites, banks and airports, reports said. Germany’s BSI cyber agency said the attacks were largely ineffective. Killnet was also suspected in a number of attacks against U.S. hospital websites.
January 10, 2023
  • Russian Malware Alert: A nation-state cyber crew, suspected to be the Russia-tied Turla Team, is distributing the Kopiluwak reconnaissance utility and the QuietCanary backdoor on Ukraine targets via three expired command and control (C2) domains the group re-registered associated with the 10-year-old Andromeda malware.
December 13, 2022:
  • Cyber Defense Agreement: The Centre for Strategic Communication and Information Security within the Ministry of Culture and Information Policy of Ukraine struck an agreement with NWO.ai, a predictive artificial intelligence (AI) platform, and OODA, a technology and security consultant, for greater cyberwar defense against Russian attacks.
December 6, 2022
  • Cyberattack on Russian Bank: Russia's No. 2 bank VTB was hit by the largest cyberattack in its history, warning of temporary difficulties in accessing its mobile app and website, but assuring customers that their data remained safe. The attack may involve pro-Ukraine cyber forces targeting Russia's financial system. Source: Reuters.
September 7, 2022:
  • Tracking Threat Actors: Google is tracking threat actors targeting Ukraine whose activities seem closely aligned with Russian government-backed attackers. Source: Google Threat Analysis Group.
August 29, 2022:
  • Ericsson, Nokia, Logitech Exiting Russia: Ericsson said it will gradually wind down business activities in Russia over the coming months as the Swedish telecoms equipment maker completes its obligations to customers. Nokia and Logitech made similar statements. Source: Reuters, August 29, 2022.
August 27, 2022:
  • Dell Exits Russia: Dell Technologies said it had ceased all Russian operations after closing its offices in mid-August, the latest in a growing list of Western firms to exit Russia. Source: Reuters, August 27, 2022.
July 22, 2022:
  • Google Search Blocked: Russian-backed separatists in a breakaway region of eastern Ukraine have blocked access to Google's search engine, citing alleged disinformation. Source: Reuters.
July 12, 2022:
  • Cyberattacks vs. Ukraine State Systems: Five months after Russia’s invasion, Ukraine continues to see significant increases in cyberattacks targeting state systems and infrastructure as a result of the war, according to the country’s top cyber defense agency. Source: SC Media.
July 6, 2022:
  • Breakup: Russian cybersecurity outfit Group-IB will split its domestic and international business into two separate companies in a bid to maintain a presence in both the Russian and overseas markets. Source: Reuters.
June 30, 2022:
  • Norway, Nato Members Targeted: Russian hacker group Killnet targeted a string of Norwegian public service websites in the latest digital salvo against NATO member countries. Source: Bloomberg.
June 23, 2022:
  • Cisco Systems Exiting Russia: Cisco plans to wind down its business in Russia and Belarus. Source: Reuters, June 23, 2022.
June 9, 2022: 
  • Russia Issues Warning: Russia warned the West that cyberattacks against its infrastructure risked leading to direct military confrontation, and that attempts to challenge Moscow in the cyber sphere would be met with targeted countermeasures. Source: Reuters, June 9, 2022.
June 8, 2022: Multiple updates...
  • Ukraine Internet Access: In areas of Ukraine under Russian occupation, Internet access has often been shut down or disrupted, leaving the local population isolated from the rest of the world. Now, a new trend is emerging: The internet is coming back online, but the traffic is no longer managed by Ukraine. It’s been re-routed to networks owned by the Russian government. Source: Bloomberg, June 8, 2022.
  • Banning Russia Cloud Services?: The European Union is working on a possible ban on the provision of cloud services to Russia as part of new sanctions against the Kremlin for the invasion of Ukraine. Source: Reuters, June 8, 2022.
June 6, 2022...
  • Ukraine Phones Allegedly Targeted: The phones of Ukrainian officials have been targeted by hackers as Russia pursues its invasion of Ukraine, Reuters reported. Victor Zhora, the deputy head of Ukraine's State Special Communications Service, said that phones being used by the country's public servants had come under sustained targeting, the report indicated. Source: Reuters.
May 31, 2022...
  • DDoS Attacks Against German Banks?: The German financial regulator BaFin issued a fresh cyber security warning to the nation's financial sector due to the war in Ukraine following a recent increase in cyber attacks. BaFin has repeatedly warned about cyber attacks but this security notice marks an escalation of its concerns. "In recent days there have been repeated attacks on IT infrastructure," BaFin said -- many of which involved DDoS attacks, the organization said. Source: Reuters.
May 19, 2022...
  • Russia Disinformation Campaign: Mandiant research has detailed several Russian-aligned disinformation and propaganda campaigns, including bogus online claims that Ukrainian President Vladimir Zelenskyy had committed suicide or fled Ukraine. Source: Associated Press.
May 10, 2022...
  • More Kaspersky Concerns?: The National Security Agency is investigating the extent that software made by the Russian cybersecurity company Kaspersky is embedded in U.S. businesses and organizations amid rising security concerns arising from Russia’s invasion of Ukraine. Source: Bloomberg.
May 3, 2022...
  • Germany Warning: Germany's financial regulator BaFin warned of a "very big and very present" risk of cyberattacks in the wake of Russia's invasion of Ukraine. Source: Reuters, May 3, 2022.
Continue to next page for Russia-Ukraine updates from early March 2022 through April 2022 . Here are Russia-Ukraine updates from early March to April  2022. April 27, 2022: Multiple updates... April 14, 2022: More than 600 Western companies have said they would exit or cut back operations in Russia, according to researchers at Yale University. Source: The Wall Street Journal. April 12, 2022:
  • Nokia Exits Russia: Telecoms equipment maker Nokia is pulling out of the Russian market. Source: Reuters.
  • Sandworm Hackers Target Ukraine Power Grid: Russia's Sandworm hackers attempted a third blackout in Ukraine. The attack was the first in five years to use Sandworm's Industroyer malware, which is designed to automatically trigger power disruptions. Sources: Wired and SC Media.
April 11, 2022:
  • Ericsson Exits Russia: Swedish telecom equipment maker Ericsson is suspending its business in Russia indefinitely. Ericsson will record a US$95 million provision in the first quarter for costs related to the move. Source: Reuters.
April 8, 2022:
  • Cyberattacks Target Finland: The cyberattacks on Finland government websites and a suspected airspace violation by Russian aircraft just as speculation mounts that the Nordic nation will opt to apply for membership in the NATO alliance. Source: Bloomberg.
April 7, 2022: April 6, 2022:
  • FBI vs. Russia: The FBI has wrested control of thousands of routers and firewall appliances away from Russian military hackers by hijacking the same infrastructure Moscow’s spies were using to communicate with the devices. Source: Reuters.
April 4, 2022:
  • Nordex Cyberattack: Nordex is the second German wind turbine maker to suffer a cyberattack since Russia's invasion of Ukraine began. Nordex rival Enercon’s remote service links had been cut at start of the war. Source: ReCharge, April 4.
April 1, 2022: March 31, 2022: 
  • Private Kaspersky Warnings: The U.S. government began privately warning some American companies the day after Russia invaded Ukraine that Moscow could manipulate software designed by Kaspersky to cause harm. Kaspersky has repeatedly denied such claims. Source: Reuters.
  • Sanctions vs. Russia Technology Sector: The U.S. Treasury Department imposed sanctions on 21 entities and 13 people, including Joint Stock Company Mikron, Russia's largest chipmaker and manufacturer and exporter of microelectronics. Source: Reuters.
March 30, 2022:
  • Hackers Allegedly Target NATO: A Russian APT group known as Gamaredon, Callisto and COLDRIVER has been phishing accounts of NATO and Eastern European militaries in addition to existing campaigns against American NGOs, a Ukrainian defense contractor, and a Balkan military. Details surfaced from Google's Threat Analysis Group. Source: SC Media.
March 29, 2022:
  • U.S. Energy Infrastructure Targeted: Russian hackers have been scanning the systems of energy companies and other critical infrastructure in the United States, and state-sponsored hacking by Russia presents a "current" threat to American national security, a top FBI official told lawmakers. Source: Reuters.
March 28, 2022:
  • Ukraine Telecom Cyberattack: Ukraine's state-owned telecommunications company Ukrtelecom experienced a disruption in internet service on March 28, 2022 after a "powerful" cyberattack. Source: Reuters.
March 24, 2022:
  • SAP Russia: SAP is shutting down its cloud operations in Russia, withdrawing further from the country after stopping sales in Russia in early March 2022. Source: Reuters.
March 22, 2022:
  • U.S. Energy Companies Targeted: Hackers associated with Russian Internet addresses have been scanning the networks of five US energy companies in a possible prelude to hacking attempts, the FBI said in a March 18 advisory to US businesses. Source: CNN.
March 21, 2022:
  • Potential cyberattacks vs. United States?: President Joe Biden warned, based on "evolving intelligence," that Russia was "exploring" potential cyberattacks on the U.S. Source: SC Media.
  • Kaspersky Under Pressure: The endpoint security company faces renewed scrutiny in Italy and Germany, and the chatter could pressure Kaspersky's MSP partner program, MSSP Alert believes.
  • U.S. Health Care Cybersecurity: The Department of Health and Human Services is urging provider organizations to review and bolster defenses to guard against possible fallout from the Russian invasion of Ukraine. Source: SC Media.
March 13, 2022...
  • Cyberattack Hits Russia Energy Subsidiary: A German subsidiary of the Russian energy company Rosneft has suffered a cyberattack. So far, there had been no effect on Rosneft's business or the supply situation even though the company's systems had been affected. Source: Reuters.
  • Ukraine President's Memo to Software Giants: Ukrainian President Volodymyr Zelenskiy called on Microsoft, Oracle and SAP to halt support services for their products in Russia. Source: Reuters.
March 11, 2022...
  • Russia Website Cyberattacks: Efforts to disrupt the operations of company websites in Russia have jumped in March 2022, Rostelecom-Solar said, with the number of distributed denials of service (DDoS) attacks already exceeding those for the whole of February 2022. Source: Reuters.

  • Broadband Cyberattacks: Western intelligence agencies -- namely, the NSA and ANSSI plus Ukrainian intelligence -- are investigating a cyberattack by unidentified hackers that disrupted broadband satellite Internet access in Ukraine coinciding with Russia's invasion. Source: Reuters.

March 8, 2022...
  • Technology Coalition: DNSFilter has started a coalition of technology vendors "with the sole purpose of driving donations to Ukraine." Source: DNSFilter.
  • Ukraine Crisis Resource Center: Mandiant has launched a threat analysis resource center to help organizations navigate cyber threats associated with Russia's invasion of Ukraine. Source: Mandiant.
  • Cybersecurity Emergency Response Fund: Telecoms ministers from the 27 EU countries want the European Commission to set up a cybersecurity emergency response fund to counter large-scale cyberattacks, citing the recent attacks against Ukraine. Source: Reuters.
  • Internet Service Providers (ISPs) Exit Russia: Lumen Technologies and Cogent Communications ended their Internet services in Russia. Source: Reuters.
Continue to next page for Russia-Ukraine updates from early March and February 2022. Here are Russia-Ukraine updates from early March and February 2022. March 7, 2022...
  • Alliance: Cloudflare, CrowdStrike and Ping Identity have announced a Critical Infrastructure Defense Project to "provide free cybersecurity services to particularly vulnerable industries during this time of heightened risk." The project, in collaboration with core partners across the public sector, will also "offer an easy-to-follow roadmap that businesses in any industry can use to implement step-by-step security measures to defend themselves from cyberattack," the companies indicated. Source: Cloudflare, Crowdstrike and Ping Identity.
  • Fortinet Suspends Operations in Russia: The MSSP-friendly security company did not say how many employees or partners will be impacted by the decision. Source: Fortinet.
  • Wildix Evacuates Employees: Roughly 80 percent of Wildix’s Ukrainian employees have relocated to safe locations, including those in neighboring Romania, Moldova and Hungary. Others have transferred to Trento, Italy, where a major Wildix office is located. Wildix reports that the employees still in Ukraine are those who either chose to remain or are unable to relocate at this time. Source: Wildix.
March 5, 2022...
  • Intel Navigates Software Challenge: Intel's decision to halt business in Russia involves far more than selling PC and server components. For more than two decades, Intel has operated a major software development center in Nizhny Novgorod -- a city about 260 miles east of Moscow, according to The Information. Including staff at its Moscow office, Intel’s Russian workforce totals 1,200 people who work on key areas of Intel products such as autonomous driving and optimizing the architecture of Intel’s chips, the report said. Source: The Information.
March 4, 2022: Multiple updates...
  • Microsoft Sales & Cybersecurity: Microsoft suspended news sales in Russia, and continues to focus on protecting Ukraine's cybersecurity. Source: Microsoft.
  • Accenture Exits Russia: The global IT consulting giant has halted business in Russia, and vowed to support 2,300 employees who were impacted by the decision. Source: ChannelE2E.
  • Veeam Halts Sales In Russia: The backup software company, which has some roots that extend back to Russia, has halted software sales to the country.
March 3, 2022: Multiple updates...
  • Ukraine IT Army: Volunteer hackers announced a new set of targets - including the Belarusian railway network and Russia's homegrown satellite-based navigation system, GLONASS. Source: Reuters.
  • Conti Ransomware: The Conti ransomware gang quickly dismantled back-end and command-and-control infrastructure on March 2 following a week-long revolt by its affiliates after the gang signaled its support for Russia during Ukrainian hostilities. Source: SC Media.
March 2, 2022: Multiple updates...
  • Amazon.com and Amazon Web Services (AWS): Amazon is supplying logistics and cybersecurity assistance to companies and governments aligned with the Ukraine. Source: Amazon CEO Andy Jassy.
  • Dell Technologies: Dell Technologies has suspended product sales in Russia. Source: The Information.
  • Enterprise Software and Applications: Enterprise application rivals Oracle and SAP have suspended business in Russia. Source: The Register.
  • Financial Sanctions & Cryptocurrency: Senator Elizabeth Warren and three other Democratic lawmakers urged the Treasury Department to ensure the cryptocurrency industry is complying with sanctions imposed on Russia, expressing concern that digital assets could be used to undermine U.S. foreign policy goals. Source: Reuters.
  • Ukraine Rallies Tech Companies: Ukraine plans to urge about 50 additional tech companies, including in gaming, esports and internet infrastructure, to take action against Russia following a slew of earlier requests. Source: Reuters.
March 1, 2022: Multiple updates...
  • Apple: The Apple Store has stopped selling products in Russia. Source: CNBC.
  • Cisco Systems: Cisco Systems has helped about a quarter of its employees in Ukraine leave the country and is working to support those who had decided to remain following the invasion by Russia, CEO Chuck Robbins indicated. Source: Reuters.
  • Kaspersky Statement: Eugene Kaspersky issued a statement that welcomed negotiations for a compromise in the Russia-Ukraine conflict, but he stopped short of condemning Russia for the invasion. Kaspersky is a cybersecurity software company with roots that stretch back to Russia.
  • Potential Cyberattacks vs. Russia Infrastructure: A Ukrainian cyber guerrilla warfare group plans to launch digital sabotage attacks against critical Russian infrastructure such as railways and the electricity grid. Source: Reuters.
  • Free Cybersecurity Tools: Vectra AI, a provider of threat detection and response software, has introduced free cybersecurity tools and services for organizations that may be targeted as a result of the conflict.
Continue to page three for Russia-Ukraine updates from February 2022. Here's page three, featuring Russia-Ukraine updates from February 2022. February 28, 2022: Multiple updates...
  • NATO Statement: A cyberattack on a NATO member state could trigger Article 5 (the collective defense clause), a NATO official said, amid concerns that chaos in cyberspace around Russia's invasion of Ukraine could spill over into other territories. Source: Reuters, February 28.
  • Payments Companies Cut Off Russia: Cross-border payments company Wise and remittance processor Remitly have suspended their money transfer services in Russia. Source: Reuters.
  • HP Halts PC Shipments to Russia: HP has suspended shipments to Russia. Source: SeekingAlpha.
  • Microsoft Threat Intelligence: Microsoft has been providing threat intelligence to Ukraine government officials, according to Microsoft President Brad Smith. Source: Microsoft.
  • FoxBlade Malware Targets Ukraine: Microsoft Security Intelligence lists two components named FoxBlade, both categorized as severe. FoxBlade.A is listed as a trojan that could be used for DDoS attacks. FoxBlade.B is a downloader, presumably used to install component A. Source: SC Media.
February 27, 2022: Multiple updates...
  • Google Policy 1: Google banned downloads of Russian state-owned media outlet RT's mobile app on Ukrainian territory at the request of the government in Kyiv. Source: Reuters.
  • Google Policy 2: Google has temporarily disabled for Ukraine some Google Maps tools which provide live information about traffic conditions and how busy different places are. Source: Reuters.
  • U.S. Banks Prep for Inbound Cyberattacks: U.S. banks are preparing for retaliatory cyber attacks after Western nations slapped a raft of stringent sanctions on Russia for invading Ukraine, cyber experts and executives said. Source: Reuters.
February 26, 2022: Multiple updates...
  • Some Russian Banks Removed From SWIFT: The European Commission and certain allies vowed to remove certain Russian banks from the SWIFT messaging system. In a statement, the decision makers said, "This will ensure that these banks are disconnected from the international financial system and harm their ability to operate globally." The Society for Worldwide Interbank Financial Telecommunication (SWIFT) is a Belgian cooperative society providing services related to the execution of financial transactions and payments between banks worldwide, Wikipedia notes. Source: European Commission.
  • CISA Alert: A CISA alert warned that threat actors have deployed malware such as WhisperGate and HermeticWiper was being used against organizations in the Ukraine. Source: CISA.
  • Ukraine Internet Connectivity Knocked Out: Connectivity is particularly poor in southern and eastern parts of the country where fighting has been heaviest, Internet monitors said. Source: Reuters.
  • SpaceX Starlink Satellite Broadband: SpaceX billionaire Elon Musk said that the company's Starlink satellite broadband service is available in Ukraine and SpaceX is sending more terminals to the country, whose internet has been disrupted due to the Russian invasion. Source: Reuters.
  • Ukraine Rallies Cyber Pros and Hackers: Ukraine has tried to assemble a mismatched team for cybersecurity response against the full force of a major cyber power. They have asked domestic hackers to volunteer for offensive and defensive missions and South Korea for help with general cybersecurity. And they have also started to receive varying degrees of help from cybersecurity firms. Many are offering free software and services to Ukrainian enterprises; some are offering even more. Source: SC Media.
  • Kremlin Website Offline: The official website of the Kremlin, the office of Russian President Vladimir Putin, kremlin.ru, was down, following reports of denial of service (DDoS) attacks on various other Russian government and state media websites. Source: Reuters.
February 25, 2022:
  • Phishing Attacks Allegedly Target Ukrainian Personnel: Hackers from Belarus have launched phishing emails against Ukrainian military personnel. Source: Ukraine Computer Emergency Response Team (CERT).
  • Mobile World Congress (MWC) 2022 Cancels Russian Pavilion: There will be no Russian pavilion at the telecom conference, and a "handful" of Russian firms will be barred from Mobile World Conference (MWC) 2022 because of sanctions imposed on Russia for its invasion of Ukraine. Source: Reuters.

  • Conti Ransomware Gang Sides With Russia: The Conti ransomware team vowed to use its "full capacity to deliver retaliatory measures in case the Western warmongers attempt to target critical infrastructure in Russia or any Russian-speaking region of the world." Source: Conti blog.
  • Poland Cyberattacks: The computer servers of the Polish government and the national system for payment clearing have experienced more cyberattacks in recent days. Poland has not identified the source of the attacks, which come as Russia invades Ukraine -- Poland's eastern neighbor. Source: Reuters.
February 24, 2022: Multiple updates...
  • Ukraine - Outsourced IT Services: The invasion will threaten Ukraine’s information technology sector -- which was booming before the conflict started. Indeed, Ukraine's IT export volume increased 36% to $6.8 billion in 2021, up from $5 billion in 2020 and $4.2 billion in 2019, according to the IT Ukraine Association. Source: The Wall Street Journal.
  • Ukraine Hacker Underground: The government of Ukraine is asking for volunteers from the country's hacker underground to help protect critical infrastructure and conduct cyber spying missions against Russian troops. Source: Reuters.
  • U.S. Cyber Defenses: President Joe Biden said that the U.S. is prepared to “respond” if Russia reacts to economic sanctions by launching cyberattacks against their private industry and infrastructure. Source: SC Media.
  • U.S. Cyberattack Options?: Biden has been presented with a menu of options for the U.S. to carry out massive cyberattacks designed to disrupt Russia’s ability to sustain its military operations in Ukraine, four people familiar with the deliberations tell NBC News. However, the White House denied the report. Sources: NBC News, Reuters.

  • U.S. Software Exports: Ukraine's government is lobbying the Biden administration to cut Russia off from U.S. software updates, to ban Russian flights, and to block the supply of goods to Russia's civil aviation industry in an effort to rally support for drastic sanctions while the Kremlin pushes deeper into Ukrainian territory. Source: Reuters.

  • Russia Websites Targeted?: The websites of the Russian president, government and State Duma lower house of parliament were intermittently unavailable for users in Russia and Kazakhstan today. It was not immediately clear what had caused the problem. Source: Reuters.
  • UK Lending Concerns: Britain's biggest domestic lender Lloyds said it was on "heightened alert" for cyberattacks from Russia as the crisis in Ukraine has worsened. Source: Reuters.
February 23, 2022: Multiple updates...
  • Wiper Malware: New wiper malware has started targeting Ukrainian enterprises, according to ESET Research. The malware has also been seen in Lithuania and Latvia. Source: SC Media.
  • Air Traffic Control Cyber Concerns: Airlines should stop flying over any part of Ukraine because of the risk of an unintended shootdown or a cyberattack targeting air traffic control amid tensions with Russia. Source: Reuters.
  • Sandworm Malware Targets Linux Systems: U.S. and UK agencies detailed what they claim is another malware tool used by Russian APT hacking group Sandworm. Source: SC Media.
February 18, 2022: A top cyber official said that the United States has evidence for massive denial of service and SMS spam campaigns in Ukraine originating in Russia, while another official said at a separate event that the U.S. knew of "no specific credible threats to the U.S. homeland." Source: SC Media. January 11, 2022: A joint alert from the FBI, Cybersecurity Infrastructure and Security Agency, and the National Security Agency warns all critical infrastructure entities, including the healthcare sector, of ongoing targeted cyberattacks from Russian state-sponsored cyber operations. Source: SC Media.

Background: The Ukraine-Russia Crisis

Satellite imagery in November 2021 showed a build-up of Russian troops on the border with Ukraine, and Kyiv says Moscow has mobilized 100,000 soldiers along with tanks and other military hardware, Al Jazeera noted at the time. By December, U.S. President Joe Biden warned Russia of sweeping economic sanctions if Russia invaded Ukraine.
Jim Masters

Jim Masters is Managing Editor of MSSP Alert, and holds a B.A. degree in Journalism from Northern Illinois University. His career has spanned governmental and investigative reporting for daily newspapers in the Northwest Indiana Region and 16 years in a global internal communications role for a Fortune 500 professional services company. Additionally, he is co-owner of the Lake County Corn Dogs minor league baseball franchise, located in Crown Point, Indiana. In his spare time, he enjoys writing and recording his own music, oil painting, biking, volleyball, golf and cheering on the Corn Dogs.

You can skip this ad in 5 seconds