Skip to content

Hacking groups launching ‘cyber proxy war’ over Ukraine attacks by Russia

February 25, 2022 – Published on VentureBeat

Russia’s unprovoked invasion of Ukraine is leading hacking groups worldwide to increase their activities — in some cases to support a side, or possibly just to capitalize on the chaos.

Since the invasion of Ukraine earlier this week, the Anonymous hacker collective, the Conti ransomware gang and a threat actor in Belarus are among those that appear to have gotten more active — or at least expressed intentions to be. Meanwhile, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a warning Thursday about a growing threat from an Iranian advanced persistent threat (APT) actor.

Anonymous has declared itself aligned with “Western allies” and said it would only target operations in Russia. The group has posted a number of claims on Twitter.

Also unsurprisingly, Conti — believed to be a state-sponsored group operating out of Russia responsible for hundreds of ransomware attacks in recent years — threw its support behind the Russian side.

In the midst of the Russian attacks on Ukraine on Thursday, CISA posted a warning about MuddyWater, a state-sponsored Iranian APT. The group has been observed “conducting cyber espionage and other malicious cyber operations targeting a range of government and private-sector organizations across sectors — including telecommunications, defense, local government, and oil and natural gas — in Asia, Africa, Europe, and North America,” CISA wrote in a post.

The timing of the disclosure “is interesting with the Ukraine cyberattacks and conflict playing out in parallel,” said Drew Schmitt, principal threat intelligence analyst for GuidePoint Security.

The disclosure suggests the possibility “this could be Iran stepping up operations based on a distracted world view,” though that’s not definitive, Schmitt said.

Read More HERE.