Categories
Security

Russia is starting to beat Ukraine at electronic warfare, analysts say

As the Russian war in Ukraine drags on, electronic warfare techniques may be giving Russian forces an edge, according to some intelligence analysts.

In the latest phase of the war, which is now entering a sixth month of combat, various observers have noted that Russian electronic warfare (EW) systems are playing a greater role.

The EW designation refers to a range of hardware and software systems that can jam, intercept, or locate enemy communications. In June, the Associated Press reported that these systems were starting to be used more in eastern Ukraine, where shorter supply lines allowed Russian troops to move the specialized EW equipment closer to the battlefield. Ukrainian officials told AP that GPS jamming of drone guidance systems presented a “pretty severe” threat to their effectiveness.

A new analysis published in Spectrum, a news publication produced by the Institute of Electrical and Electronics Engineers (IEEE), also argues that while EW did not play a decisive role in the invasion, it is now helping to tip the scales in Russia’s favor.

“Experts have long touted Russia as having some of the most experienced and best-equipped EW units in the world,” writes Bryan Clark, director of the Hudson Institute’s Center for Defense Concepts and Technology, for Spectrum. “So in the early days of the 24 February invasion, analysts expected Russian forces to quickly gain control of, and then dominate, the electromagnetic spectrum.

“But after nearly a decade of rehearsals in eastern Ukraine,” Clark continues, “when the latest escalation and invasion began in February, Russian EW was a no-show.”

However, Clark writes, now that Russian troops control more territory in Ukraine and increasingly resort to “siege tactics” around Ukrainian cities, EW is starting to come into play. In one example, Russian troops have reportedly been able to jam the radar communications of Ukrainian drones, preventing them from effectively identifying Russian artillery batteries. Meanwhile, interception techniques allow Russian forces to locate and target Ukrainian artillery, pressing home their significant numerical advantage in terms of firepower.

In addition to jamming measures, unofficial hacking efforts have also played a role in the conflict, including a number of anti-Russian groups operating under the guise of Anonymous.

Repost: Original Source and Author Link

Categories
Security

Ukraine says it stopped a Russian cyberattack on its power grid

An attack on Ukraine’s power grid was foiled by cybersecurity analysts and officials, as reported by Reuters. After investigating the methods and software used by the attackers, cybersecurity firm ESET says that it was likely carried out by a hacking group called Sandworm, which The Record reports allegedly has ties to the Russian government.

The group planned to shut down computers that controlled substations and infrastructure belonging to a particular power company, according to the Computer Emergency Response Team of Ukraine (or CERT-UA). The hackers meant to cut off power on April 8th while also wiping the computers that would be used to try and get the grid back online.

This attempted attack involved a wide variety of malware, according to ESET, including the recently discovered CaddyWiper. ESET also found a new piece of malware, which it calls Industroyer2. The original Industroyer was used in a successful 2016 cyberattack that cut off power in parts of Kyiv, according to the security firm, probably by the same group behind this month’s foiled attack. Industroyer isn’t widely used by hackers — ESET notes that it’s only seen it used twice (earlier this month and in 2016), which implies that it’s written for very specific uses.

CERT-UA says that the hackers were biding their time, initially breaching the company’s systems before March. ESET’s analysis shows that one of the main pieces of malware was compiled over two weeks before the attack was supposed to take place.

It’s unclear how the hackers initially got into the company’s network or how they gained access to the network that controls industrial equipment like the targeted substations. The analysis does show, however, that the hackers were planning on covering their tracks after the attack.

Ukraine and its infrastructure have been targeted by hackers since before the Russian invasion began. It’s likely that this won’t be the last attack on its power grid, but the country’s response to this incident shows that its cybersecurity defense strategy is capable of warding off complex attacks.

Repost: Original Source and Author Link

Categories
Security

Russian military reportedly hacked into European satellites at start of Ukraine war

American government officials told The Washington Post that the Russian military was responsible for a cyberattack on a European satellite internet service that affected Ukrainian military communications in late February.

The hack affected the KA-SAT satellite broadband network, owned by Viasat, an American satellite communications company. On February 24th, the day the Russian invasion of Ukraine began, the KA-SAT network was hit by outages that affected Ukraine and surrounding regions in Europe. A few days afterward, Viasat blamed outages on a “cyber event,” but did not release further details.

Though Ukrainian officials have not fully disclosed the impact, the outage is believed to have caused significant communications disruptions at the beginning of the war.

The NSA was reported to be collaborating on an investigation with Ukrainian intelligence services, but no results have been officially announced. However, anonymous officials reportedly told the Post that US intelligence analysts have now concluded that Russian military hackers were behind the attack.

A request for confirmation sent by The Verge to the Cybersecurity and Infrastructure Security Agency (CISA) had not received a response by the time of publication.

Officials from Viasat told Air Force Magazine that the attack was conducted through a compromise of the system that manages customer satellite terminals, and only affected customers of the KA-SAT network, a smaller broadband provider that Viasat bought last year from French satellite operator Eutelsat.

At the outset of the conflict, commentators feared that Russia could launch widespread and destructive cyberattacks. While one perspective holds that such attacks have failed to materialize, the slow release of additional information gives credence to the suggestion that many attacks may have occurred in the shadows.

In the aftermath of the hack, CISA and the FBI issued a joint cybersecurity advisory to satellite communications providers, warning that the agencies were aware of possible threats to US and international networks, and advising companies to report any indications of malicious activity immediately.

As the war in Ukraine continues — and US opposition to Russia grows in the form of sanctions — the Biden administration has issued increasingly serious warnings about the possibility of Russian cyberattacks on US infrastructure.

On Monday, President Biden advised US businesses to take added precautions against hacking, citing “evolving intelligence” that Russia was preparing to target the US with cyberattacks. Then on Thursday, the Department of Justice unsealed indictments against four Russians accused of mounting state-sponsored cyberattacks against the US, publicly releasing details of a highly sophisticated hacking campaign involving supply-chain software compromises and spear-phishing campaigns against thousands of employees of companies and US government agencies.

Repost: Original Source and Author Link

Categories
Game

Cryptofarm with thousands of PS4 Pros raided in Ukraine

The Security Service of Ukraine or SBU has discovered and raided a cryptocurrency mining farm that allegedly stole electricity from the country’s power grid. But instead of findings computers, the agency found racks with thousands of PS4 Pros stacked vertically side-by-side. As reported by Kotaku, the Ukrainian authorities confiscated over 5,000 gaming-related devices — 3,800 of which were consoles — from a warehouse right next to (and formerly owned by) the Vinnytsiaoblenergo energy distribution company. 

It’s the largest cryptofarm the SBU has discovered so far, and the agency believes it’s being operated by people living in the cities of Kyiv and Vinnytsia. Apparently, the operators used special electricity meters to prevent authorities from discovering the theft, which amounted to as much as US$257,000. “At the same time,” the SBU wrote in its announcement, “the illegal withdrawal of electricity could lead to more global consequences — entire neighborhoods of Vinnytsia could be left without electricity.” 

Vinnytsiaoblenergo denied any involvement in a statement sent to the Kyiv Post: “The equipment used for cryptocurrency mining has never operated on premises owned by our enterprise.” It also said that it didn’t find any evidence of electric theft and that the SBU’s findings “does not correspond to reality.” While it’s unclear at the moment whether the facility truly stole electricity or not, the SBU has published images of the PS4 Pros it found at the warehouse, which you can see below. As Kotaku notes, 3,800 consoles mean an investment of around US$1,500,000, assuming all of them are PS4 Pros.

CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90

SBU

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.

Repost: Original Source and Author Link

Categories
Security

US charges six Russian intelligence officers with hacking Ukraine, 2018 Olympics, and Skripal investigation

The Justice Department has charged six Russian intelligence officers with involvement in an extensive hacking campaign, including the notorious Petya ransomware attacks that targeted Ukraine in 2015. According to the indictment, the efforts also targeted the country of Georgia, the French elections, the 2018 winter Olympics, and investigations into the poisoning of former Russian military officer Sergei Skripal.

Many of the specific incidents in the indictment have been previously reported, but no law enforcement agency has publicly charged Russia’s GRU with orchestrating the attacks. Russia’s primary military intelligence agency, the GRU has previously been associated with a wide range of cyberattacks dubbed “Fancy Bear” by private-sector researchers. In this case, prosecutors even pin the operation down to a specific GRU building located at 22 Kirova Street in Moscow, which the indictment refers to as “the Tower.”

The indictment follows previous prosecutions concerning GRU campaigns against the 2014 Olympics or the Democratic National Committee during the 2016 campaign. One of the six defendants, Anatoliy Kovalev, was also named in the DNC indictments. But Monday’s indictment reaches further, alleging an international campaign of cyberattacks and political influence campaigns to further Russian national interests.

The most devastating of the attacks came against Ukrainian power grids in 2015. The first attack compromised internal networks at all three of the country’s major energy distribution companies, rendering computers inoperable and leaving more than 200,000 people without power in the dead of winter. The following year, a subsequent attack was launched against the country’s Ministry of Finance and State Treasury Service.

As with previous indictments against foreign hackers, Russia is unlikely to extradite the defendants, and it is unlikely that they will ever stand trial. Nonetheless, the new prosecution is a significant milestone in the ongoing efforts to hold the GRU accountable for its digital attacks.

The indictment is the result of more than two years of investigation by the FBI, a point that was emphasized by agents who worked on the case. “The exceptional talent and dedication of our teams in Pittsburgh, Atlanta and Oklahoma City who spent years tracking these members of the GRU is unmatched,” said Michael Christman, FBI special agent in charge of the Pittsburgh field office, in a statement. “These criminals underestimated the power of shared intelligence, resources and expertise through law enforcement, private sector and international partnerships.”

Repost: Original Source and Author Link