Russian invasion: live blog of current cyber actions to track

Feb 24, 2022

In a national address last night, which coincided with a UN Security Council meeting, Russian President Putin announcedthat Russia will carry out "a special military operation" in Ukraine in order to "demilitarize and de-Nazify" Ukraine.

What we know about the Russian invasion:

• Putin called on Ukrainian soldiers to put down their weapons, and he warned against outside interference: "A couple of words for those who would be tempted to intervene. Russia will respond immediately and you will have consequences that you never have had before in your history." Link with updates
• There are several reports of shellings and explosions in multiple Ukrainian cities, including Mariupol, Kramatorsk, Kharkiv, and Kiev.
• Russia reportedly has started intense artillery and rocket fire from Belgorod.
• There are intermittent reports of mobile / internet outage in DPR & LPR.

Cyber actions the IronNet threat analyst team is currently tracking

• DDOS attacks over the last couple days
• Pre-positioned Wiper malware in Ukraine with spillover into Latvia and Lithuania (ESET)
• Blink Malware (CISAReport)
• GO Lang Ransomware roaming in Ukraine (Avast)
  
  

Collective Defense for Cyber

At the core of the National Atlantic Treaty Organization (NATO) is the notion of collective defense.

"The principle of collective defense is at the very heart of NATO's founding treaty. It remains a unique and enduring principle that binds its members together, committing them to protect each other and setting a spirit of solidarity within the Alliance."

In warfare that knows no boundaries-cyber warfare-we feel strongly at IronNet that this concept must extend to cyber defense. For all its promise and prosperity, digital transformation has opened an attack surface akin to a digital infinity pool. Today there is no Atlantic theater or Pacific theater, however. In cyberspace, we are one theater. We must secure it together.

Our hearts go out to the citizens of Ukraine as the once-imminent Russian attack became a reality last night. As Putin demonstrated in the 2015 cyber attack on the Ukrainian power grid, there is a potential concomitant war brewing in cyberspace. While critical infrastructure is comparatively well protected, Russia is a nation-state with unlimited resources, a pool of moonlighting cyber criminals, and highly-organized threat groups that have been engaging in cyber target practice for years.

Long gone are the martial elements of fortresses, foxholes, and field battles. Just as aerial combat changed the very fabric of war during WW2, cyber has forever transformed war as we know (knew) it. In the face of announced and imminently expected sanctions, Putin could turn his eye toward U.S. and European power grids, pipelines, and the financial infrastructure as retribution.

It is in this context that the IronNet threat analyst team is currently tracking the cyber actions noted above.

Updates on Russian attack implications on cyber

In the spirit of IronNet's mission, Collective Defense for cybersecurity, we will update this blog with any real-time information we learn about and related threat intelligence. Our goal is to bring together companies and organizations across the private and public sectors to defend as a unified force.

About Ironnet

Founded in 2014 by GEN (Ret.) Keith Alexander, IronNet Cybersecurity is a global cybersecurity leader that is revolutionizing how organizations secure their networks by delivering the first-ever Collective Defense platform operating at scale. Employing an extraordinarily high percentage of former NSA cybersecurity operators with offensive and defensive cyber experience, IronNet integrates deep tradecraft knowledge into its industry-leading products to solve the most challenging cyber problems facing the world today. Follow IronNet on Twitter and LinkedIn.

Back to IronNet Blog