al3x@wannaCYbeR(security)~$ echo "Issue \x04"

Greetings, fellow cyber people, and welcome to the fourth issue of wannaCYbeR, a weekly newsletter dedicated to those who are just starting in cybersecurity. This week’s edition is going to be a little different than usual: on February 24th, the Russian military invaded Ukraine. Since then, the scenario has been rapidly evolving, and this issue will attempt to give a brief roundup of the main facts.

Mapping the Invasion

In a first-of-its-kind event, OSINT (Open Source Intelligence) researchers were able to foresee the Russian invasion of Ukraine by observing Google Maps, as Dr. Jeffrey Lewis reports on Twitter.

Speaking of maps, the Centre for Information Resilience (CIR) – a London-based nonprofit organization whose core mission is to identify, expose, and counter information operations – is mapping out “verified incidents” on Ukrainian territory, as CIR Director of Investigations, Benjamin Strick, reports.

"A first look at the map shows that there are a lot of pins. Each one represents an incident or event depicted through video, photo, or commercial satellite imagery and has undergone a rigorous verification process to identify where and when it was taken."

The map is constantly updated and publicly available on MapHub.

A Word on Sanctions and Business

The United States, the European Union, and other countries have announced significant sanctions against Russia that go from freezing Russian financial assets to imposing visa restrictions. While the U.S. Treasury declared that it will “prohibit American dollar transactions with the Russian central bank,” even Switzerland is following suit and abandoning its historical neutral stance. Countless companies have stopped doing business with Russia and many countries have closed their airspace to Russian aircraft.?

Official and Unofficial Cyberwar

The Ukrainian Vice Prime Minister and Minister of Digital Transformation, Mykhailo Fedorov, announced on Twitter the creation of an “IT army” to fight on the cyber front of the invasion.

In the meantime, Curated Intelligence has been working with cybersecurity analysts around the world to create a GitHub repository that collects useful threat information for everyone working on the ground in Ukraine. It includes an informative timeline of the cyber operations that have been going on since January 14.

The day after the invasion, the hacktivist group Anonymous declared cyberwar against Russia. Since then, the group has conducted a series of successful cyberattacks, one of which managed to leak data from the Russian Defense Ministry website. Several other attacks were launched against Belarusian government websites and banks while Russian TV was hacked to play Ukrainian songs.

NB65, a group affiliated with Anonymous, has shut down the Control Center of the Russian Space Agency 'Roscosmos', taking down the country's spy satellites.

On the other hand, the ransomware group Conti announced full support to the Russian government. However, the group soon backed up the statement, distancing itself from any government and saying that it will use its “full capacity to deliver retaliatory measures in case the Western warmongers attempt to target critical infrastructure in Russia or any Russian-speaking region of the world."

Interestingly enough, two days later, one of the group members believed to be of Ukrainian origin leaked a collection of private chats that were held between January 29 and February 27.

As an unusual side note, Russian soldiers are reportedly using Tinder to connect with Ukrainian locals. As soon as I read about it, I started wondering how many social engineers and infosec operatives have been posing as attractive Ukrainian women to try and collect intel.

Malware and Phishing Attacks

Cybersecurity researchers have reported new malware that has been circulating in the lead-up to the Russian invasion of Ukraine and targeting Ukrainian companies. WhisperGate was disclosed by Microsoft researchers, whereas analysts at SentinelOne discovered HermeticWiper. Details about both can be found in this CISA alert.

Proofpoint has reported an ongoing phishing campaign targeting European officials that was seemingly launched by nation-state actors. “The email included a malicious macro attachment which utilized social engineering themes pertaining to the Emergency Meeting of the NATO Security Council held on February 23, 2022. It also included malicious attachment which attempted to download malicious Lua malware named SunSeed and targeted European government personnel tasked with managing transportation and population movement in Europe."

MEME of the Week: Database Check

How You Can Help: Raise Awareness

Many people, especially those at the beginning of their hacking journey, are wondering how they can be helpful. Instead of attempting to join the Ukrainian “IT army” or hacktivist groups, you can do your part by simply raising awareness about digital security. In my case, I started typing out a personal digital security checklist I meant to circulate among friends and family. Then, I realized it could be useful way beyond my immediate circles and reshaped it into an article. There are people close to you who probably don’t understand why digital security is especially important now, so offer them your knowledge and your educational skills.

Free: SANS New2Cyber Summit 2022

On March 23 and 24, the SANS Institute will hold its annual New2Cyber Summit, an online event dedicated to people who want to break into cybersecurity, whether they are people who are just starting their careers or professionals who are considering a change.

Read the detailed agenda and register on SANS website.

That's all for this week. If you enjoyed the newsletter, please feel free to share it with your connections. Do you know of a great piece of content I should include??Don’t be shy, reach out!

P.S. In case you were wondering, I don't receive any compensation or sponsorship for the content I share. I do it just because I love to nerd out with other people on topics of common interest.