Russia-Ukraine cyber conflict poses critical infrastructure at risk

While the Russia-Ukraine cyber conflict goes on, nation-state actors, crooks, and hacktivists continue to pose critical infrastructure at risk.

Critical infrastructure is a privileged target for almost any kind of threat actor, the ongoing Russia-Ukraine cyber conflict is posing them at risk.

Ongoing attacks could cause severe damages to multiple sectors, including transportation, communication, financial services, government facilities, nuclear reactors, and critical manufacturing.

“Recently attacks on Information technology (IT) networks connected to Operational Technology (OT) components and the devices responsible for controlling plant operations are being attacked by largescale cyber-attacks amid the Russian-Ukraine crisis.” reported researchers from Cyble. “State-sponsored attackers, Advanced Persistence Threat (APT) groups and numerous hackers’ communities have been actively targeting the critical infrastructure of their enemy country. This sudden surge in attacks is due to the geopolitical events of the current Russian – Ukraine conflict.”

Researchers collected information about the attacks on critical infrastructure amid the Russia-Ukraine cyber conflict from Computer Emergency Response Teams (CERT) all around the globe and public announcements of attacks made by threat actors.

Below is the timeline of recent cyber incidents on critical infrastructure:

On February 25, 2022, a group that uses the Twitter handle @LiteMods reported a DDOS attack on Russian energy giant Gazprom.

#Anonymous #OpRussia @GazpromEN has been taken offline in support of the people living in #Ukraine.We are legion. Expect Us! Check Host: https://t.co/KYWwZNyGt3 pic.twitter.com/J9OSdBLnzf— Anonymous (@LiteMods) February 25, 2022A telegram channel operated by a threat actor called “Against the West” claimed that they had breached Gazprom and on March 5, 2022, released the data allegedly stolen from Gazprom.On February 27, 2022, the hacker group Cyber Partisans hit the breached the Belarusian Railway’s data-processing network, , the group claims to have blocked all services and will deactivate them until Russian troops will leave the territory of Belarus.

⅓ We continue to help Ukrainians in their fight against Russian occupation forces. The Railways is under attack. The computer network is in a state of collapse. Manual control mode is enabled, which will slow down the movement of trains but will NOT create emergency situations— Belarusian Cyber-Partisans (@cpartisans) February 27, 2022
The monitoring system of the Belarusian Railway’s internal computer network. An outdated piece of crapware that runs on Windows XP… https://t.co/Ejs7tc8E0j pic.twitter.com/Mcj7Ltz31i— Belarusian Cyber-Partisans (@cpartisans) February 27, 2022On March 1st, 2022, a hacktivist group using the Twitter handle @GS_M4F14 claimed to have breached the Nuclotron-based Ion Collider facility (NICA). 

We now have Access to the #NICA Booster control system’s Nuclotron-based Ion Collider facility coming will be dumps of the Joint Institute for Nuclear Researchall based in #Russia #OpRussia #GhostSec #RussianUkrainianWar #nuclear #UkraineCrisis #Anonymous pic.twitter.com/t7JGJZGxv2— GSM (@GS_M4F14) February 28, 2022The same group also claimed to have stolen “SQLI dump, SMB leaks, FTP server dump, Private GitLab’s of JINR and Department of Russia.”

We, #Ghostsec, condemn #Russia actions and have decided to take the war to them and their infrastructure – which is terrible by the way. JINR + Department of Information.Data include FTP server’s owned and ran by them. Linkhttps://t.co/ohvlwNji7x#Russie_Ukraine pic.twitter.com/G14uhrlcVb— GSM (@GS_M4F14) March 6, 2022
Real Time – Nuclear Reactor – JINR Russia, Dubna Bypass Module and access monitoring systemhttp://159.93.95.20/u400/water.html – investigative process the damage to the platform would make it difficult for the SCADA operator to work correctly the plant located in Dubna. pic.twitter.com/t6fPX5pubu— kelvinsecurity (@Ksecureteamlab) March 1, 2022On March 6, the Twitter handle @JoanneHuggins6 reported to have hacked Russia SCADA systems and stopped them, the day after they also claimed to have hacked the water supply systems of Russia.

We hacked Russian SCADA system and shut it down:Волховский РПУ> Volkhov RPUБокситогорский РПУ> Boksitogorsk RPUЛужский РПУ> Luga RPUСланцевский РПУ> Slantsevsky RPUТихвинский РПУ> Tikhvinsky RPUВыборгское РПУ> Vyborg RPUWaiting for our next good news.#AnonGh0st #OpRussia pic.twitter.com/QuGEUswr1f— AnonGh0st (@JoanneHuggins6) March 6, 2022
We Hacked the second #Russian #SCADA system and shutdown all the systems, This is Russian water supply system.#AnonGh0st #OpRussia #FckPutin #FreeUkraine pic.twitter.com/HgbJYhyocg— AnonGh0st (@JoanneHuggins6) March 7, 2022“Cyber-attacks on critical infrastructure can result in loss of life, monetary and economic issues, or reputational damage. Moreover, they can spark significant events within the country that can impact the economy overall.” concludes the report. “Researchers at Cyble believe that the frequency of incidents concerning critical sectors will rise in the coming months. The amount of information available in the public domain concerning the techniques used in exploiting the critical infrastructure at this current time will allow numerous attacks by malicious hackers on countries due to geopolitical issues.”

Follow me on Twitter: @securityaffairs and Facebook

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}
Pierluigi Paganini

(SecurityAffairs – hacking, APT31)

The post Russia-Ukraine cyber conflict poses critical infrastructure at risk appeared first on Security Affairs.