By This week’s geopolitical digest does not bring good news. While we’ll try to focus only on the cybersecurity aspect, we cannot ignore the fact that rising tensions and the relentless beat of war drums are fueling an unprecedented surge of uncertanty in the world.
Israelian Cyber defense chief, Gaby Portnoy said:
When [Hamas’s military wing commander Mohammed] Deif and [Hamas leader in Gaza Yahya] Sinwar surprised Israel on Oct. 7, they succeeded in undermining the physical security of people in Israel. And at the same time, on the digital level, by the order of Iran’s supreme leader Ali Khamenei, cyberattacks by Iran and Hezbollah in the region and beyond started around the clock against Israel,
He also added:
The attack intensity is higher than ever before with Iranian and Hezbollah groups cooperating to attack Israel in every sector,
The intensity of cyberattacks against Israel has more than tripled since the outbreak of the Hamas attack on October 7. Iran and its proxies are increasingly joining hacking efforts.
And in the recent weeks, the surge increased exponentially, from hacktivism groups like OpIsrael and FreePalestine, Iranian-backed hacking group ATP 42, and other possible state-backed actors Cyber Toufan Al-aqsa.
Ukrainian hacker group, Blackjack is considered to have deployed the destructive ICS malware Fuxnet to disrupt critical infrastructure systems in Moscow. Industrial cybersecurity firm Claroty has analyzed the malware, explaining its capabilities and impact.
Blackjack, has a history of targeting Russian infrastructure, including ISPs, utilities, and military networks. Their most recent attack focused on Moscollector, a company responsible for Moscow’s underground water, sewage, and communication systems.
The hacking group claimed that they have disabled Russia’s industrial monitoring infrastructure, including a vast network of sensors and controllers. They further claimed to have wiped servers and disabling 87,000 sensors critical to systems like airports and gas pipelines.
While Blackjack’s claims are difficult to verify, Claroty’s analysis of Fuxnet reveals its destructive nature. Instead of damaging sensors directly, Fuxnet likely targeted sensor gateways, key communication hubs. Also the malware systematically deletes data, disables remote access, and attempts to physically destroy storage.
Google’s Mandiant security group marks Sandworm (aka APT44) as a the main player in Russia’s cyberwarfare against Ukraine. But despite its focus on Ukraine, Sandworm maintains a global mission, targeting nations of strategic interest to Russia across North America, Europe. Noteworthy the fact that this group is integrated within Russia’s Main Intelligence Directorate (GRU).
Sandworm claims a long history of high-profile attacks, including disabling Ukraine’s power grid (2022), the NotPetya ransomware outbreak (2017), and targeting the Pyeongchang Olympic Games (2018).
Within Ukraine, Sandworm’s attacks consist mainly on espionage, aiming to give Russian forces tactical advantages. They usually exploit routers and other edge infrastructure for initial access.
Despite their ‘impressive’ track record of devastating attacks, Sandworm’s hacking techniques remain a closely-guarded secret.