How Cybercriminals are Taking Advantage of the Russian-Ukraine Situation
06
September

Introduction

Cybercriminals are always in search of an opportunity that can help themselves enrich. A mischievous situation for one person can be an opportunity for the other. This statement looks a bit bitter but this is how it works. When someone is fired from the job, it is an opportunity for someone else to fill that place and make his career. During natural disasters, like earthquakes and tsunamis, people’s expensive things are there on the roads, presenting an effortless opportunity for robbers.

Similarly, war is a mischievous situation for countries dealing with war, but it is presenting an opportunity for hackers to achieve their goals with less effort. Many threat actors emerge to take financial benefits, exploiting the chaotic situation. Important official databases and records are being offered by threat actors in exchange for money. According to incidents reported by researchers, HermeticWiper was the most prevalent malware.

The premise of the Russia-Ukraine war:

There is always been tension between the two nations since the 2014 Ukrainian revolution. The situation escalated when the Ukrainian president Volodymyr Zelensky urged US president Joe Biden to join NATO. This angered Russia and made them send troops for training exercises near the Ukraine border. The US started hyping the deployment of Russian troops and president Biden warned of severe consequences if Russia invaded Ukraine. Russia wanted the west to guarantee no NATO military activities in eastern Europe. This is not the first time that there is a tension between two states. Ukraine has been invaded by Russia in 2014. To stop the armed conflict in east Ukraine, Russia and Ukraine signed the Minsk peace. But the conflict never stopped.

Activities Observed on the Dark Web

Many other activities are observed by researchers during the Russia-Ukraine situation on the dark web where malicious entities are actively taking advantage of the situation.

  • A Malicious actor was observed asking $160 for access to a subdomain of the Ukrainian agriculture exchange. The Malicious Actor claimed to have access to shell and databases. He further mentioned access to payment and contract information. That level of access can cause a lot of damage. Someone can resell the data or deploy some kind of ransomware to ask for money.
  • Five databases named “gov.ua” are offered by Malicious actors on the dark web for sale. These databases contain personal information for Ukrainian citizens that are allegedly harvested from Government websites. Two databases are also suspected to be sold.
  • Another dark web forum user offered over 70 administrator accounts of a Ukrainian bank. The same Threat actor also shared 220 email addresses along with vulnerabilities in the energy sector.

These threat actors, according to researchers, appeared to be of high credibility as they are endorsed by other users as well.

Conti Threat Actor Supporting Russia

Conti is one the most prominent names in the cyber world. Conti is Ransomware as a Service. Conti assured its full support to Russia in the month of Feb, 2022. Conti also stated to strike back at anyone against Russia in a message on the Conti News website leak.

The Conti softened its tone a bit for some unknown reason after a very bold initial statement. Some researchers tried to justify the change in tone by stating that the change might be due to disagreement of subgroups of Conti with the narrative of Conti.

Following are the screenshots of the message by conti

Conti News

Conti News

Conclusion

Cyber Attacks are emerging as the fifth domain of conflict after land, air, sea and space. Some cyber attacks are meant to damage reputation and remove critical information of the opponent, while others are meant to take financial gains in form of ransoms. Cyber activities has been increased a lot due to this whole Russia-Ukraine war situation as it presents an opportunity to malicious entities. Countries dealing with war situations should take care of their digital security needs more than ever.

Avail our Digital Niche and Super Niche Skills

Decades of experience and unparalleled ethics combine to deliver expertise and knowledge to our clients.