Join online with today’s leading executives at the Data Summit on March 9th. Register here.
A former U.S. cyber command official told VentureBeat that while cyber-attack capabilities by Russia-affiliated hacker groups could be significant, global cyber efforts to counter Vladimir Putin’s unprovoked aggression against Ukraine may prove more.
Anonymous is the most visible group promising a cyber attack against Russia on behalf of Ukraine, but some of the most sophisticated hacker groups are known to evade as much attention as possible. Research published this week by a Chinese security firm suggests that the US-affiliated organization, known as the Equation Group, is in fact the “world’s leading cyber-attack group” – whose attack capabilities, inevitably linked to zero-day vulnerabilities, are inevitable. “Unbeaten.”
Meanwhile, in Ukraine itself, a Bloomberg report said today that a hacker group that is now being formed to retaliate against Russia has 500 members. And beyond Ukraine, “there are probably 100X worldwide hacktivists working against Russia because they are aggressive,” Christian Sorensen, lead of the former US Cyber Command’s operational planning team, told VentureBeat in an email.
Thus, while the Russian ransomware gang Conti, a Belarus-based group called UNC 1151, and several other hacker groups have promised to help Russia in its aggression against Ukraine, the cyber forces on the Ukrainian side will be the upper hand, Sorensen said. Said. (And there is a reason for that Suspicious Even some of Conte’s own affiliates are not really ready to support the Russian government in this situation. “
Looking ahead, “I think things will move forward against Western targets,” Sorensen said. “But Russia and Belarus will be further targeted by these groups.”
However, given this unfamiliar territory, it is difficult to predict exactly how things might evolve.
“It will be unprecedented,” said Marcus Fowler, senior vice president for strategic alliances and threats at Darktress. “We have not seen a conflict on this scale with such sophisticated offensive cyber capabilities on both sides.”
This week, before Russia’s invasion of Ukraine, the Chinese cybersecurity firm Pangu Lab posted research on a hacker group called the Equation Group – the name given to the group in 2015 by the Russian cybersecurity firm Kaspersky Lab.
The research concerns the back door, known as Bvp47, and Pangu argues that its findings suggest that an earlier claim about the group – that it is affiliated with the NSA – is true. (NSA has never commented on the claim.)
Although the backdoor was nearly a decade old, initially discovered in 2013, Pangu said it was “top-tier” – and there was evidence that the equation group was a “leading” cyber attack group.
“Equipped with 0-day vulnerabilities, its network attack capability was unbeatable, and its data acquisition under obscure control was with little effort,” Pangu Labs wrote in the research. “The equation group is in a strong position to compete at the national level cyberspace.”
All of this is consistent with Kaspersky’s assessment of the equation group in 2015, when the company’s research team wrote that the equation group “surpasses anything known in terms of technology complexity and sophistication” – and Kaspersky researcher told Ars Technica that the group’s skills and No “.
Sorensen, who is now the founder and CEO of the cybersecurity firm SiteGain, said the crippled research on Equation Group regarding its release in the midst of this week’s events is a “very interesting report, with extraordinary timing”.
And notably, in the report, “the research drew attention to a common thread from 10 years ago that also existed in the Equation Group report,” Sorensen said. “If those technical details are still being used, it could slow down or affect the performance of people using those tools. Further, it suggests that similarities between toolsets would be a tipoff for early attribution – and then sometimes Seen for 10 years or more and not reported.
With the events of recent days, “we are seeing very clear signs of increased cyber tensions,” said Stan Golubchik, founder and CEO of cybersecurity firm Contraforce. “We are seeing cyber warfare emerging entirely as the fifth domain.”
Ultimately, while it is not clear how much can be accomplished by anti-Russian cyber forces, there is now the possibility for people around the world to actively participate in the effort to thwart military aggression, Sorensen said.
“This is the new nature of cyber warfare,” he said.
“Whether approved or not, official or not, if people have or can get the right information, knowledge and desire – they can make an impact,” Sorensen said. “We’ll have to wait and see what they can do.”
Venturebeat’s mission Transformative Enterprise is about to become a digital town square for technology decision makers to gain knowledge about technology and transactions. Learn more