Friday, September 20, 2024

Vogon Today

Selected News from the Galaxy

StartMag

Microsoft, Russian cyber attacks by Cadet Blizzard underway against Ukraine

1 year ago babelfish

Microsoft, Russian cyber attacks by Cadet Blizzard underway against Ukraine

According to Microsoft, hackers from Cadet Blizzard, a group associated with the Russian military intelligence service, the GRU, are behind a wave of cyberattacks that have hit Ukrainian government agencies

Ongoing Russian cyber attacks against Ukraine.

Microsoft's intelligence teams have been tracking a wave of cyberattacks by an actor we call Cadet Blizzard associated with the Russian GRU. These attacks, which began in February 2023, targeted government agencies and IT service providers in Ukraine.

That's what Tom Burt, corporate vice president of security and customer trust at the Redmond-based tech giant, said in a blog post .

“We can now also attribute the destructive WhisperGate attacks on Ukraine detected by Microsoft in January 2022 before the invasion of Russia to Cadet Blizzard,” Microsoft said.

Since the outbreak of war, Moscow has launched large numbers of cyber attacks against Ukraine. Most notable was the attack on the computer systems of Viasat, a commercial satellite communications service used by the Ukrainian government and military, on the day of the invasion.

Russia has historically used cyber dominance to project power, Defense News notes, adding that a report by the International Institute for Strategic Studies in 2021 placed the country in the second tier of its ranking of cyber powers, next to China but behind the United States.

All the details.

THE CADET BLIZZARD GROUP

The ongoing digital warfare is attributed to a group dubbed "Cadet Blizzard," allegedly active since 2020, he said in the post. The company also linked the group to destructive data-wiping attacks that plagued Ukraine before the invasion of China Russia in February 2022.

“Although not the most successful Russian actor, Cadet Blizzard has seen some recent success,” Burt argues in the post. "Microsoft's unique visibility into their operations has motivated us to share information with the security ecosystem and customers to increase visibility and protections against their attacks."

THE OPERATIONS

Cadet Blizzard activity increased between January and June of 2022, dissipated, and resurfaced in early 2023.

According to Microsoft, Cadet Blizzard typically violates its objectives by using stolen credentials to gain access to Internet servers located on an organization's network perimeters. Once inside, try to maintain access by using widely available tools called web shells, which can be purchased as ready-to-use and customized kits. It then uses legitimate commands, not malware, to move laterally through its targets' networks gaining access to more information or disrupting the networks if it so chooses. This way, it hides itself in legitimate network traffic, making its activities harder to detect.

NOT ONLY UKRAINE IN THE SIGHT

Finally, in addition to targeting Ukraine, Cadet Blizzard is focusing efforts on NATO members who are funneling military aid to Eastern Europe, Microsoft said.

This is a machine translation from Italian language of a post published on Start Magazine at the URL https://www.startmag.it/cybersecurity/microsoft-attacchi-cyber-russi-a-opera-di-cadet-blizzard-in-corso-contro-lucraina/ on Thu, 15 Jun 2023 10:03:06 +0000.