Recorded Future publishes cyber threat analysis encompassing cybercrime, Russian state activities, and Ukraine conflict

Hey there, Bay Area folks! So, get this, there’s this thing that’s been happening in the world of cybersecurity lately. If you’re into healthcare and cyber safety, you might find this interesting.

So, it seems like Russian intelligence, military, and law enforcement services are kinda in cahoots with cybercrime threat actors. I mean, we all know what’s been going on in Ukraine. It’s murky, it’s horrid, and it’s downright sketchy. We’ve got some cybersecurity folks who think it’s more than likely these agencies have an actual relationship with these cyber criminals—either they’re working together indirectly or they’re actively recruiting.

You know, the gadgets and gizmos they’re using—the tricks, tools, and traps, if you will—are so slick they offer these state-sponsored bad guys a cloak of “plausible deniability”. Basically, they can say “not us” and yet, in all likelihood, they’re operating right from the shadows.

It’s no secret that the Ukrainian war has been causing a lot of ripples in the world of cybercrime. This whole situation in Ukraine doesn’t just have a horrible humanitarian and geopolitical impact; it’s also affecting the cybersecurity world in a big way. Turns out, cyber criminal industries have been undergoing some serious transformation.

They’ve traced these relationships between certain Russian cyberspaces and these influential officials in Russian law enforcement or intelligence services which are loosely based on unspoken agreements. The relationships are, let’s say, rather flexible. It’s as if they’re operating on the same wavelength, you know?

And then, there’s this group called KillNet who’s been hitting the headlines recently. This group, which has tied itself to the Russian cause, has been targeting entities right here in the good old U.S. of A. They’ve been marking their hits through social media, stirring up trouble through what they call “patriotic interest”. They could very well be allowing the Russian government to hide behind this smokescreen. Trust me, cyber diplomacy sure is a lot more complicated than it sounds.

We’ve already seen large-scale Distributed Denial-of-service attacks (DDoS), website defacements, phishing scams, you name it. So many Ukrainian entities, both in the private and government sectors, are facing attacks. Good folks are struggling right now and all this shady cyber warfare is making things a lot grimmer.

On the home front, things seem to be heating up too. They claimed responsibility for a DDoS attack on the Library of Congress! It’s the first verified attack of its kind on a U.S. federal entity. And if that’s not enough, they’ve taken aim at other U.S. entities too. It’s all fun and games until the home court is threatened, huh?

And finally, it looks like Russian intelligence services have a pretty old bond with the cybercrime ecosystem, one that looks like it might stick around for a while. It’s sort of a you scratch my back, I’ll scratch yours situation. And with the conflict dragging on and their forces coming up short, Russia seems to be depending on this bond even more.

I ain’t no fortune teller, but if we keep seeing these ‘hacktivist’ entities like KillNet and Xaknet around, something tells me Russia will continue to use them to subtly carry out operations against us and our allies while keeping their hands clean. It’s a scary thought, but in this new world, preparedness is key, isn’t that right?

On a more hopeful note, last week saw some diplomacy in action and plans are being set into motion for info sharing, increased awareness, and a robust crisis response for when things get squirrely. We’re definitely in need of all the cooperation we can get. After all, knowing is half the battle, right?

And that’s the skinny! Till next time, stay safe out there and remember, we’re all in this together!

by Morgan Phisher | HEAL Security