As the conflict between Russia and Ukraine rages on, Russia has had to deal with a multitude of sanctions. Recently, Netflix has decided to stop future projects and productions there. Since the invasion started, Russia has also been infiltrated by hacker armies through cyber attacks.
Russian government institutions, banks, etc. have been compromised.
Allegedly, the United States has thrown their hacker hats into the ring to show support with Ukraine.
Let’s break down Russia’s war on the Internet.
Telegram and Fake News
Cybercriminals and “hacktivists” are using Telegram to plan, leak data, and spread fake news about the ongoing conflict between Russia and Ukraine.
The number of Telegram users has shot up tremendously in the past week, with as many as several hundred a day.
Telegram has always been a popular messaging platform for hackers. Multiple anti-Russia hacker groups have peaked at 200k+ users, and that number is growing.
For example, the “IT Army” – who is backed by the Ukrainian government, has over 270,00 members. They have been conducting several DDoS attacks against Russian sites.
While groups like IT Army have actual goals in mind, many of the hacker groups are just low-level grifters. Cybersecurity researchers at Check Point noted that “many of the hacktivist groups are more focused on building self-reputation and receiving credit for supporting Ukraine."
These grifters have also set up Telegram channels to “raise funds for Ukraine” as a way to pocket some free crypto.
Telegram has said they may consider restricting certain channels to prevent hackers from misusing its platform carry out these cyber attacks.
DDoS Bombs Away
The Russian government released a huge list of nearly 20,000 IP addresses and almost 200 domains that it believes were behind a series of distributed denial-of-service (DDoS) against them.
DDoS attacks render websites inaccessible by flooding them with traffic. If responded to quickly, they can be easy to remove and recover from.
What’s interesting about these attacks is some of the domains point to countries well outside of Russia.
The FBI and CIA are included in this list, as well as media outlets like USA Today and Ukraine’s Korrespondent magazine.
To defend against this, the Russian government has recommended certain websites use Russia-based DNS servers, change passwords immediately, and disable external plugins for websites.
While Russia is invading Ukraine, multiple hacker groups are joining in the conflict, especially in cyberspace.
Security group CyberKnow shared a list of known groups that are working to defend their home country.
Ransomware gangs like Conti and Stormus, and many more groups like them, have aimed at Ukrainian government sites and popular media outlets.
The United States believes that Russia is planning some big to retaliate from these cyberattacks.
The Dept. of Homeland Security issued a warning to businesses to be on “high alert” for Russian cyberattacks.
The European Central Bank has alerted several banking institutions across Europe to beef up their security.
However, Russia still has not launched full-scale cyber attack since the invasion began.
Russia could be keeping its tools close to its chest. Russia has used DDoS and malware in the past, but these attacks are smaller and easier to recover from. It's also possible they may not have the technical resources to complete a hack of a huge scale.
The combined efforts of the U.S. and many other countries and companies to beef up cyber defenses have helped prevent some of these attacks.
Russia’s cyber warfare may not be strong enough right now. Or they could be waiting for the perfect time to strike back.
Wrapping Up: Protecting Yourself from Cyber Attacks
As this conflict continues, it’s clear that there is a goal to disrupt and divert the attention of people from across the world.
To protect yourself from potential cyber attacks or scams, do not press on unfamiliar links, especially in times of crisis.
Cybercriminals love to exploit situations like this to try to steal credentials, private details, and other personal information by sending out malware or phishing links.
Always verify the source of news feeds and seek truth from reliable sources that you can trust.