More than three weeks into Russia’s favored war against Ukraine, fears of cyber-attacks on the country’s critical infrastructure have given way to widespread death, destruction and devastating upheaval across the country. The United Nations estimates that 6.5 million people have been displaced, in addition to 3.2 million who had already fled Ukraine. Mariupol, once a thriving city of 430,000 inhabitants along the southern coast of the country, has been reduced to rubble. Russia has so far killed more than 100 children in its attack.
As the war continues, we examined one of the weapons that Russia appears to have recently deployed against Ukraine: an AI-powered “suicide drone.” Russia’s reported use of the KUB-BLA drone raises the specter of autonomous weapons systems that decide who dies in warfare. This week also saw what may be the first use of a deepfake to spread misinformation in wartime. The deepfake, of a robotic Volodymyr Zelensky calling on Ukrainians to surrender to Russia, was very inconclusive. The Ukrainian president was quick to disprove its authenticity, as Facebook, Twitter and YouTube rushed to remove the video from their platforms, potentially providing a guide to responding to sophisticated misinformation in the future.
While we haven’t seen Russia carry out malicious cyber attacks on Ukraine’s critical infrastructure since it invaded the country in late February, malware used by Russian government hacker group Sandworm called Cyclops Blink has spread further than previously known. TrendMicro researchers found that a version of the malware can infect Asus routers.
Speaking of hackers linked to Russia, we’ve taken a deep dive into some 60,000 pages of leaked chats and files stolen by the Conti ransomware group. Our findings revealed the internal machinations of the gang’s curious corporate hierarchy, its plans to launch a crypto payment platform and social network (with dreams of starting an online casino), and how the ties to Russian military hackers look real.
Meanwhile, the Lapsus$ collective is adding “chaotic energy” to the world of cybercrime. As we discovered during our dive into the group’s operations — including targeting high-profile companies like Samsung and Nvidia — ransomware gangs like Conti’s tactics differ, using phishing attacks and data theft to extort victims instead. encrypt their systems and demand payment. And while the group claims not to be politically motivated, some experts remain unsure about Lapsus$’s ultimate goal.
Finally, we delved into Big Tech’s grand plans to finally (finally!) kill the password. After a decade of working on the issue, the FIDO Alliance — whose members include Amazon, Meta, Google, Apple, and more — believe they’ve discovered the missing piece to make removing our passwords easy.
That’s not all, of course. Click on the headlines below for all the big security stories we didn’t get to cover this week. (And yes, a lot of that has to do with Russia.)
The Transportation Security Administration is not solely responsible for airport security. The agency is also charged with protecting U.S. oil and gas pipelines — and it’s not going well. Due to understaffing and strict federal requirements, the TSA is reportedly struggling to meet its pipeline security mandate. The TSA’s focus on protecting this critical infrastructure follows the May 2021 attack on Colonial Pipeline, but its mission has become all the more important as the specter of worst-case attacks by Russia or other nation-state actors looms large.
Google’s Threat Analysis Group (TAG) said Thursday it has discovered a new group of “financially motivated” attackers that it believes are breaking into targeted systems and then selling that access to other malicious actors, including Russian cybercrime groups such as ransomware gangs Wizard Spider ( also known as UNC 1878) and Conti. The group, dubbed Exotic Lily by Google researchers, appears to be based in Central Europe and has targeted a wide range of victims, with a focus on cybersecurity, healthcare and IT companies. To deceive these targets, Exotic Lily members use phishing attacks concealed by fake domains, fake email addresses and fake profiles on social media and other platforms, according to TAG.
Vigilante hackers have been targeting Russian targets since the early days of Vladimir Putin’s war against Ukraine. But it’s Anonymous’s revived hacktivist collective that has caused the most uproar. Late this week, Anonymous claimed to have stolen 79 GB of emails from Transneft, a state-controlled Russian pipeline company, which was disclosed by Distributed Denial of Secrets for transparency journalism. The anonymous hacktivists were clearly having a bit of fun and dedicated their raid to Hillary Clinton, who appeared to be calling on Anonymous to hack into Russian targets during a Feb. 25 appearance on MSNBC.
As a precaution, the German Federal Office for Information Security (BSI) warned local companies against using Kaspersky’s antivirus software because the company would be forced to spy on users for the Kremlin. Echoing the US government’s shady basis for banning Kaspersky products in 2017, BSI’s warning does not appear to be based on any specific information, and the company claimed so in response to BSI’s warning. “We believe that peaceful dialogue is the only possible tool to resolve conflict,” the company said in a statement. “War is not good for anyone.”
More great WIRED stories
This post Anonymous Calls on Hillary Clinton, TSA Pipeline Protections Battle
was original published at “https://www.wired.com/story/tsa-pipeline-hack-anonymous-hillary-clinton-roundup”