As tensions between Russia and Ukraine continue to heat up, security researchers and political analysts continue to search for signs of cyber-attacks. But while a few attacks have been reported, it’s impossible to credibly assign responsibility.
Ukrainian officials reportedly complained last week that a Crimea-based attack had jammed cell phones of government officials in the region. Hackers aligned with both Russia and Ukraine have defaced Websites and, in one case, stolen a cache of what appears to be data from the Russia government. And on March 8, a denial-of-service attack focused on Ukrainian communications networks, according to a Reuters report.
“There was a massive DoS attack on communication channels of the National Security and Defense Council of Ukraine, which was apparently aimed at hindering a response to the challenges faced by our state,” stated the Security and Defense Council, according to the Reuters report.
Yet, denial-of-service attacks will likely be the exception, not the rule if the conflict escalates, McCall Paxton, a security-operations-center analyst at Rook Security, told eWEEK.
“DDoSing isn’t always going to be the preferred attack method, because gathering intelligence is more important,” he said. “When it comes to nation-states playing games, intelligence is more powerful than a soldier on the field with a rifle.”
The smattering of reported cyber-activities came as tensions heightened in the northern shores of the Black Sea. Pro-Russian separatists took control of the regional parliament for Crimea, a peninsula that juts into the northern part of the Black Sea. The separatists declared that Crimea will join the Russian Federation, with the parliament planning to vote to ratify the move. On March 10, pro-Russian soldiers dressed in riot gear reportedly fired rubber bullets at activists trying to get into the region.
While other nations seek a diplomatic solution to the problem, air patrols from the North Atlantic Treaty Organization (NATO) will begin to fly over the region to observe, according to Reuters.
As attention focused on Russian cyber-operations, a number of security firms published research on a massive cyber-espionage network—alternately known as Ouroboros, Turla and Snake—that appears linked to Russia. The malware associated with the network shows signs of being an intelligence operation, according to German antivirus firm G-Data.
BAE Systems on March 7 published its research on the espionage network, which it dubbed “Snake,” saying that more than 50 organizations in nine countries have apparently submitted files to online malware analysis sites over the past five years. So far in 2014, Ukrainian sources have submitted 14 separate files, the greatest submission density to date. The complexity of the attack suggests a sophisticated adversary, according to the report.
“The threat described in this report really does raise the bar in terms of what potential targets, and the security community in general, have to do to keep ahead of cyber-attackers,” Martin Sutherland, managing director, BAE Systems Applied Intelligence, said in a statement. “As the Snake research clearly illustrates, the challenge of keeping confidential information safe will continue for many years to come.”
Snake is not the first Russia-linked malware discovered by security firms. In January 2013, Russian security firm Kaspersky Lab published research into an espionage network, dubbed “Rocra” or “Red October,” which infected government agencies, research institutions, embassies and other high-value political targets. The malware used exploits previously utilized in Chinese attacks, but appeared to be programmed by Russian developers.