Russian Invasion Into Ukraine

The unjust invasion of Ukraine by Russia commenced on February 23rd, 2022.  Reports of a wide scale DDoS attack crippled most of all Ukraine, with Internet communications, and the power grid affected.

Battlefield Prep

Cyber operations began today with government web site defacement/clone leaving behind a malware virus.  The payload was in the form an "Download this Petition to return property to citizens of Ukraine" link which appeared like a .PDF download.  However what the citizens of Ukraine received was a nasty piece of Malware (in the form of a windows control panel executable extension) which has already been seen and used against Ukraine in April 2021 and against the government of Georgia, when Russia invaded that country back in 2008.

Defaced Ukraine Government web page screenshot.

As more citizens turned to the Ukrainian government websites for updated information, more systems were compromised, which increased the reach and strength of the next phase in the attack, the Distributed Denial of Service Attack (DDoS).  Systems which were compromised were orchestrated to focus their collective bandwidth to take down Ukrainian government systems and infrastructure.   Further hindering an Ukrainian response effort to a Russian incursion into east Ukraine.

Russian GRU Hackers Attributed to Cyber Attacks

Domains of the cloned Ukrainian government sites appear to be the same used in the 2021 Ukrainian attacks.  These attacks were attributed to Russia's military Intelligence (GRU) cyber warriors, aka Fancy Bear. (APT 28)

To make matters worst, Bleeping Computer has reported the siting of "wiper" malware being used in attacks on Ukraine.  Wiper malware is a type of malware which destroys system information making the data unrecoverable, crippling the system.

Current State (As of time of publication)

  • Reported Wagner group mercenaries have arrived from Russian-controlled Crimea
  • Unconfirmed - The entire Ukrainian Navy has been reported lost
  • Critical infrastructure has been attacked by Russian military air and ground strikes.
  • Ukraine Parliament has adopted law declaring a state of emergency.
  • Missile attack on Ukrainian military base in Kharkiv City.

See Also:

Attack on Ukrainian Government Websites Linked to Russian GRU Hackers - bellingcat
An attack on Ukrainian Government institutions and their websites has been linked to Russian GRU hackers, an investigation by Bellingcat and The Insider has found.
Fancy Bear and Cozy Bear: What are the hacking operations used by Russian intelligence?
The National Cyber Security Centre has accused Russian cyber spies of trying to steal coronavirus research from Britain.
New data-wiping malware used in destructive attacks on Ukraine
Cybersecurity firms have found a new data wiper used in destructive attacks today against Ukrainian networks just as Russia moves troops into regions of Ukraine.
Ukraine 🇺🇦
UkraineUpdates regarding Vladimir Putin’s invasion and impending attack on/of Ukraine. Live Feeds: Twitter accounts to follow: https://twitter.com/ignis_fatum
Russian Mercenaries Have Covertly Entered Separatist Areas of Ukraine - Odu News
SLAVIANSK, Ukraine — Russian mercenaries with experience fighting in Syria and Libya have covertly t

Subscribe to Independent Computing

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe