New Delhi: The cyberwar between Russia and Ukraine has intensified, with Russia using a new destructive malware to permanently destroy data on systems belonging to Ukrainian organisations.
Russia’s invasion of Ukraine has led to hacking groups increasing their activities globally. While Russia-backed hackers have already hit several Ukrainian government websites and banks, a leading hacking group, Anonymous, has declared itself aligned with “Western allies”, targeting operations in Russia.
“The Anonymous collective is officially in cyber war against the Russian government,” the group tweeted.
According to the IBM Security X-Force team, they have obtained a sample of the new and destructive ‘HermeticWiper’ malware being deleted on Ukrainian systems.
“HermeticWIper is the second newly-seen destructive malware family observed in the past two months targeting organisations in Ukraine, and reportedly other countries in eastern Europe,” they said in a statement.
“Destructive cyber-attacks will likely continue to be leveraged against civilian targets in support of hybrid operations. In addition, X-Force believes it is likely that cyber-attacks will continue to escalate and expand in parallel with the scope of the ongoing conflict,” the IBM team noted.
Meanwhile, Anonymous claimed it has “leaked the database of the Russian Ministry of Defense website”.
The hacker group tweeted on Friday that it has access to “all private data of the Russian MOD.” (The tweet was subsequently taken down because it “violated the Twitter Rules”)
Conti, a state-sponsored group operating out of Russia, came out in support of Vladimir Putin’s actions.
Conti posted a message on its site on the Dark Web, saying that “the Conti Team is officially announcing full support for Russian government”.
“If anybody will decide to organise a cyberattack or any war activities against Russia, we are going to use our all possible resources to strike back at the critical infrastructures of an enemy,” the message said, according to reports.
Belarusian state-sponsored hackers are also targeting the private email addresses of Ukrainian military personnel amid Russia’s invasion of Ukraine.
Ukraine’s Computer Emergency Response Team (CERT-UA) said in a Facebook post that a mass phishing campaign is targeting the private accounts belonging to Ukrainian military personnel.
The Minsk-based group called ‘UNC1151’ has been found to be behind these activities. Its members are officers of the Ministry of Defence of the Republic of Belarus.
Reports surfaced that after attacking Ukrainian government websites and banks with massive cyber-attacks, Russia-sponsored hackers are now hitting the internet infrastructure in the country to silence the locals amid a full-blown war.
The cyber invasion already cut internet connectivity in some parts of the country after the invasion began on Thursday.
Russia had previously been linked to DDoS attacks against Ukrainian government sites but a full blackout would mean to disable telecommunications infrastructure at the network level, and silencing Ukrainians in the process.
At least two other hacker groups have announced that they are supporting Russia: The Red Bandits and CoomingProject.
With Russia going to war against Ukraine, hackers linked to the Iranian Ministry of Intelligence and Security called MuddyWater went active, exploiting bugs to conduct cyber espionage and other malicious attacks against organisations globally including in Asia, the US and the UK, cyber and law authorities warned.
“It is conducting cyber espionage and other malicious cyber operations targeting a range of government and private-sector organisations across sectors — including telecommunication, defence, local government, and oil and natural gas — in Asia, Africa, Europe and North America,” the agencies said in a statement.
MuddyWater is a subordinate element within the Iranian Ministry of Intelligence and Security (MOIS).