TITLE: A new espionage campaign by a hacking group with suspected ties to Russia spotted targeting Ukraine, Europe, India

CONTENT: The group, known as Winter Vivern, is “highly creative” and operates with limited resources, carefully selecting targets for attacks, according to an analysis by cybersecurity company SentinelOne. The hackers’ activities appear to support the interests of the Russian and Belarusian governments, especially in relation to the ongoing war in Ukraine, the report says.

Winter Vivern recently targeted various government agencies and private businesses, including telecom companies supporting Ukraine, SentinelOne said. The list includes Polish government agencies, the foreign ministries of Ukraine and Italy, and individuals in the Indian government.

It is unclear how successful the group's attacks were and what damage they caused. SentinelOne did not respond Thursday morning to The Record's request for comment.

The research report said that organizations directly or indirectly involved in the war should be vigilant against the group’s cyberattacks.

EXCERPT: Russia-aligned ‘Winter Vivern’ APT group spotted targeting Ukraine, Europe, India

LINK:

TOPIC: Cyberconflict and warfare

TREND: N/A

PROCESS: N/A

DATE: 16 March, 2023

COUNTRY: Global

TITLE: Upcoming South Korea’s ‘strategic command’ to oversee cyber units

CONTENT: Speaking at a security forum, Ryoo Moo-bong, deputy defense minister for defense reform, detailed key features of the command that Seoul has been seeking to launch next year to counter evolving North Korean nuclear and missile threats.

South Korea's military plans to task its envisioned "strategic command" with overseeing space and cybersecurity units, and those running F-35 stealth jets and submarines, a defense ministry official said. The command is designed to take charge of the Cyber Operations Command, units for missile, space and electromagnetic spectrum operations as well as those operating F-35 jets and submarines. Ryoo also highlighted the need to improve cyberspace and electromagnetic capabilities, which can be used to neutralize threats from hostile missiles even before their launch.

EXCERPT: South Korea's military plans to task its envisioned "strategic command" with overseeing space and cybersecurity units, and those running F-35 stealth jets and submarines, a defense ministry official said

LINK:

TOPIC: Cyberconflict and warfare

TREND: N/A

PROCESS: N/A

DATE: February 9, 2023

COUNTRY: South Korea

TITLE: The US and UK issue joint cyber sanctions against a cybercrime gang Trickbot

CONTENT: In a joint press release, the United States and United Kingdom announce “historic joint cyber sanctions against the seven individuals who are part of Russia-based cybercrime gang Trickbot”. This action represents the very first sanctions of their kind for the U.K., and result from a collaborative partnership between the U.S. Department of the Treasury’s Office of Foreign Assets Control and the U.K.’s Foreign, Commonwealth, and Development Office; National Crime Agency; and His Majesty’s Treasury to disrupt Russian cybercrime and ransomware.

EXCERPT: The US and UK coordinate actions in issuing sanctions against a cybercrime gang Trickbot that are described as the first major move of a “new campaign of concerted action”

LINK:

TOPIC: Cyberconflict and warfare

TREND: N/A

PROCESS: N/A

DATE: February 9, 2023

COUNTRY: Global

TITLE: Russian telecommunications regulator Roskomnadzor blocks access toCIA, FBI websites for 'spreading false information'

CONTENT: Russian telecommunications regulator Roskomnadzor blocked access to the U.S. State Department’s Rewards for Justice website on Friday, alongside the sites for the Central Intelligence Agency and the Federal Bureau of Investigation.

"Roscomnadzor has restricted access to some resources that are owned by government organizations of hostile countries for dissemination of materials that are aimed at the destabilization of the social and political situation in Russia," the agency told TASS in a statement.

The agency acted based on Federal Law #149 On Information, Information Technologies and Protection of Information, it said.

The websites were found to contain materials that "contain inaccuracies in socially important information and discredit the Russian Federation’s armed forces," Roscomnadzor said.

EXCERPT:

Russian agency says it blocked access to CIA, FBI websites which were found to include materials that "contain inaccuracies in socially important information and discredit the Russian Federation’s armed forces"

LINK:

TOPIC: Cyberconflict and warfare

TREND: N/A

PROCESS: N/A

DATE: January 27, 2023

COUNTRY: Russian Federation

TITLE: The US-EU cooperation in fields of Cyber Resilience

CONTENT: US Secretary of Homeland Security Alejandro N. Mayorkas and European Commissioner for Internal Market Thierry Breton, released the joint statement on the cooperation between the US and the EU in the fields of Cyber Resilience.

In the context of the EU-US Cyber Dialogue, the US Department of Homeland Security (DHS) and the European Commission's Directorate-General for Communications Networks, Content and Technology (DG CNCT) intend to launch dedicated workstreams in the fields of:

• Information Sharing, Situational Awareness, and Cyber Crisis Response;
• Cybersecurity of Critical Infrastructure and Incident Reporting Requirements; and
• Cybersecurity of Hardware and Software.

The workstreams are expected to invite and involve as appropriate other relevant institutions and agencies working on cyber issues, including the European External Action Service, the Directorate-General for Defence, Industry, and Space, and the U.S. Department of State. In addition, a cyber fellowship led by DHS and DG CNCT is expected to be launched with a pilot that will involve an exchange of cyber experts in 2023.

The statement further quotes, “Today, we discussed the initial deliverables, which include:

• Deepening structured information exchanges on threats, threat actors, vulnerabilities, and incidents to support a collective response to defend against global threats to include crisis management and support of diplomatic responses.
• Finalizing a working arrangement between ENISA and CISA to foster cooperation and sharing of best practices.
• Collaborating on the topic of cyber incident reporting requirements for critical infrastructure, including guidelines and templates.
• Collaborating on the cybersecurity of software and hardware.
• Exploring how we can work together to better protect civilian space systems.”

The first deliverables from these workstreams are expected to be reported on at the 9th EU-US Cyber Dialogue, foreseen in the second half of 2023.

EXCERPT:

The US and EU will launch workstreams in the fields of Cyber Resilience to establish deeper cooperation and more structured cybersecurity information exchanges on threats between the US DHS and EU DG CNCT as well as other relevant agencies.

LINK: [https://www.dhs.gov/news/2023/01/26/joint-statement-united-states-secretary-mayorkas-and-european-union-commissioner]

TOPIC: Cyberconflict and warfare, Network security

TREND: N/A

PROCESS: N/A

DATE: January 26, 2023

COUNTRY: US, EU