The analysis of the current scenario in cyberspace is not easy due to the presence of multiple threat actors and the difficulty of attributing the attacks.
Security group CyberKnow shared an interesting analysis about the group, their operations and the channels they are using to disclose their operations.
As reported in the following table published by CyberKnow, Russian and Belarussian APT groups (Gamaredon, SandWorm, GhostWrite), ransomware gangs like Conti and Stormous, and groups of alleged activists like are supporting Russia.
“Here we are, the third update of the Cyber group tracker for the Ukraine-Russia war and I continue to add more groups each day. I am still amazed about the number of groups. It seems with every attack new groups are entering the battle.” reads the post of CyberKnown.
“It continues to be congested and contested — this is an insight into what the global community can expect in any future conflict big or small.”
The level of entropy is maximum and could advantage information warfare operarations and false flag activities.
Recent data leaks of Conti gangs and Trickbot operation revealed support and relationship with the Russian intelligence, this is a scaring scenario because could rapidly extend the battlefield to international organizations operating on a global scale.
The activity of Anonymous and its affiliates could be exploited by nation-state actors to carry out parallel, independent and stealth operations that are advantaged by the pressure of the popular activist on Russian targets.
The attribution of these attacks is quite impossible for this important it is essential to share information on threat actors, this is the only way to dissolve this thick fog.
For real-time updates: https://twitter.com/Cyberknow20
(SecurityAffairs – hacking, Ukraine)