Russia-Ukraine cyber conflict poses critical infrastructure at risk

While the Russia-Ukraine cyber conflict goes on, nation-state actors, crooks, and hacktivists continue to pose critical infrastructure at risk.

Critical infrastructure is a privileged target for almost any kind of threat actor, the ongoing Russia-Ukraine cyber conflict is posing them at risk.

Ongoing attacks could cause severe damages to multiple sectors, including transportation, communication, financial services, government facilities, nuclear reactors, and critical manufacturing.

“Recently attacks on Information technology (IT) networks connected to Operational Technology (OT) components and the devices responsible for controlling plant operations are being attacked by largescale cyber-attacks amid the Russian-Ukraine crisis.” reported researchers from Cyble. “State-sponsored attackers, Advanced Persistence Threat (APT) groups and numerous hackers’ communities have been actively targeting the critical infrastructure of their enemy country. This sudden surge in attacks is due to the geopolitical events of the current Russian – Ukraine conflict.”

Researchers collected information about the attacks on critical infrastructure amid the Russia-Ukraine cyber conflict from Computer Emergency Response Teams (CERT) all around the globe and public announcements of attacks made by threat actors.

Below is the timeline of recent cyber incidents on critical infrastructure:

On February 25, 2022, a group that uses the Twitter handle @LiteMods reported a DDOS attack on Russian energy giant Gazprom.

A telegram channel operated by a threat actor called “Against the West” claimed that they had breached Gazprom and on March 5, 2022, released the data allegedly stolen from Gazprom.On February 27, 2022, the hacker group Cyber Partisans hit the breached the Belarusian Railway’s data-processing network, , the group claims to have blocked all services and will deactivate them until Russian troops will leave the territory of Belarus.

On March 1st, 2022, a hacktivist group using the Twitter handle @GS_M4F14 claimed to have breached the Nuclotron-based Ion Collider facility (NICA). 

The same group also claimed to have stolen “SQLI dump, SMB leaks, FTP server dump, Private GitLab’s of JINR and Department of Russia.”

On March 6, the Twitter handle @JoanneHuggins6 reported to have hacked Russia SCADA systems and stopped them, the day after they also claimed to have hacked the water supply systems of Russia.

“Cyber-attacks on critical infrastructure can result in loss of life, monetary and economic issues, or reputational damage. Moreover, they can spark significant events within the country that can impact the economy overall.” concludes the report. “Researchers at Cyble believe that the frequency of incidents concerning critical sectors will rise in the coming months. The amount of information available in the public domain concerning the techniques used in exploiting the critical infrastructure at this current time will allow numerous attacks by malicious hackers on countries due to geopolitical issues.”

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, APT31)

[adrotate banner=”5″]

[adrotate banner=”13″]