Sniff those Ukrainian emails a little more carefully, advises Uncle Sam in wake of Belarusian digital vandalism

NotPetya started over there, don't forget


US companies should be on the lookout for security nasties from Ukrainian partners following the digital graffiti and malware attack launched against Ukraine by Belarus, the CISA has warned.

In a statement issued on Tuesday, the Cybersecurity and Infrastructure Security Agency said it "strongly urges leaders and network defenders to be on alert for malicious cyber activity," having issued a checklist [PDF] of recommended actions to take.

"If working with Ukrainian organizations, take extra care to monitor, inspect, and isolate traffic from those organizations; closely review access controls for that traffic," added CISA, which also advised reviewing backups and disaster recovery drills.

On Monday Ukraine attributed a headline-grabbing mass defacement of government websites to Belarus, the attacks having taken place late last week.

The CISA warning came after Microsoft published details of wiper ransomware deployed by a hitherto unknown criminal crew, later named as UNC1151 (aka Ghostwriter). Made to look like the most common threat facing businesses today, the malware merely deleted Windows boot records and encrypted files with common extensions such as .docx and .pdf; sending the equivalent of $10,000 in fake internet money to the address in the malware's ransom note wouldn't result in a helpful extortionist telling you how to recover your files.

Threat intel firm Prevailion published research into UNC1151 last year, speculating in September that it was "likely a state-backed threat actor," explaining: "Their operations typically display messaging in general alignment with the security interests of the Russian Federation; their hallmarks include anti-NATO messaging, intimate knowledge of regional culture and politics, and strategic influence operations (such as hack-and-leak operations used in conjunction with fabricated messaging and/or forged documents)."

Among other things Prevailion found were attempts by the Belarusians to target the French Defence Information and Communication Delegation" along with Polish government figures, "European iCloud users", Polish and Ukrainian B2C web services providers and social media platforms.

The CISA warning is a reminder that bears repeating; NotPetya began in Ukraine and swept around the world, causing headaches for IT departments that lasted for weeks afterwards. With Russia and its Belarusian proxy carrying out a cold war against Ukraine through cyber means, there's a heightened risk of contagion if a NotPetya-style worm gets out.

In years gone by smaller countries were said to cough when America caught a cold; today it's your networks getting infected if Ukraine catches a virus. ®


Other stories you might like

  • DuckDuckGo tries to explain why its browsers won't block some Microsoft web trackers
    Meanwhile, Tails 5.0 users told to stop what they're doing over Firefox flaw

    DuckDuckGo promises privacy to users of its Android, iOS browsers, and macOS browsers – yet it allows certain data to flow from third-party websites to Microsoft-owned services.

    Security researcher Zach Edwards recently conducted an audit of DuckDuckGo's mobile browsers and found that, contrary to expectations, they do not block Meta's Workplace domain, for example, from sending information to Microsoft's Bing and LinkedIn domains.

    Specifically, DuckDuckGo's software didn't stop Microsoft's trackers on the Workplace page from blabbing information about the user to Bing and LinkedIn for tailored advertising purposes. Other trackers, such as Google's, are blocked.

    Continue reading
  • Despite 'key' partnership with AWS, Meta taps up Microsoft Azure for AI work
    Someone got Zuck'd

    Meta’s AI business unit set up shop in Microsoft Azure this week and announced a strategic partnership it says will advance PyTorch development on the public cloud.

    The deal [PDF] will see Mark Zuckerberg’s umbrella company deploy machine-learning workloads on thousands of Nvidia GPUs running in Azure. While a win for Microsoft, the partnership calls in to question just how strong Meta’s commitment to Amazon Web Services (AWS) really is.

    Back in those long-gone days of December, Meta named AWS as its “key long-term strategic cloud provider." As part of that, Meta promised that if it bought any companies that used AWS, it would continue to support their use of Amazon's cloud, rather than force them off into its own private datacenters. The pact also included a vow to expand Meta’s consumption of Amazon’s cloud-based compute, storage, database, and security services.

    Continue reading
  • Atos pushes out HPC cloud services based on Nimbix tech
    Moore's Law got you down? Throw everything at the problem! Quantum, AI, cloud...

    IT services biz Atos has introduced a suite of cloud-based high-performance computing (HPC) services, based around technology gained from its purchase of cloud provider Nimbix last year.

    The Nimbix Supercomputing Suite is described by Atos as a set of flexible and secure HPC solutions available as a service. It includes access to HPC, AI, and quantum computing resources, according to the services company.

    In addition to the existing Nimbix HPC products, the updated portfolio includes a new federated supercomputing-as-a-service platform and a dedicated bare-metal service based on Atos BullSequana supercomputer hardware.

    Continue reading

Biting the hand that feeds IT © 1998–2022