Big Tech fights Russia: Google details cyber struggle to defend Ukraine

Google is working around the clock with other tech giants to fight Russian cyber actors who are waging a digital war against Ukraine, launching the same ransomware attack that previously hit the United States. It states that it is defending some of the

The tech giant issued a “fog of war” report on Thursday that said the Ukrainian government was under “almost constant digital attacks” from Russia.

“We have observed a significant increase in the intensity and frequency of Russian cyber operations designed to maximize access to victim networks, systems and data to achieve multiple strategic objectives. ,” the report said. “For example, GRU-backed attackers can use access to steal sensitive information and expose it to the public to advance their narrative, or use the same access to conduct devastating cyberattacks and information manipulation campaigns. I do.”

Google said it has disrupted government-backed attackers to protect people from exploitation and has informed users of products such as Gmail that they have been targeted when the company sees fit.

The US government is one of the companies working with technology companies to benefit Ukraine. The intelligence community turns to technology companies, including Microsoft, to help fight Russian cyber attackers.

Rob Joyce, director of cybersecurity at the National Security Agency, told The Washington Times that his agency will use “cooperation of power” with cybersecurity and information technology service providers to have a significant impact on Ukraine. The Times reported this week that it said it had identified and eradicated a malicious cyber operation.

Such partnerships emerged in 2021, after devastating breaches across the United States, when cybercriminal gangs deployed ransomware against computer networks and extorted payments from victims.

Google said Thursday that it had sighted a cyber attacker on the digital battlefield in Ukraine, and the NSA warned against attacking US infrastructure in 2021. United States and International Organizations.

The Conti ransomware gang split along political and geographic lines during last year’s Russian invasion. Google said some former members of Conti have repurposed their technology to target Ukraine under the banner of the attacker identified as UAC-0098.

“In early 2022, attackers shifted their focus to targeting Ukrainian organizations, the Ukrainian government, European humanitarian organizations and non-profit organizations,” the report states. “The group’s targets ranged widely from European NGOs to untargeted attacks on Ukrainian government agencies, organizations and individuals.”

According to Google’s report, the attackers showed strong interest in the Ukrainian hospitality industry, including launching multiple direct cyberattack campaigns against the same hotel chain.

The company estimates that Russian government-backed cyber attackers will increase phishing campaigns targeting users in Ukraine by 250% in 2022 compared to the 2020 baseline, and will target NATO countries by 2022. reported a 300% increase in phishing campaigns.

The findings of Google’s report, produced by the Threat Analysis Group, cybersecurity team Mandiant, and Google Trust & Safety, appear to be in line with observations by other cybersecurity experts.

Christian Sorensen, CEO of cybersecurity firm SightGain, said he has seen the ransomware operators’ techniques overlap with the efforts of Russian cyber actors in Ukraine. Sorensen, formerly with the U.S. Cyber ​​Command, said companies need to start preparing for the problem now.

“The vast majority of effective techniques, effective malicious techniques, are not new,” Sorensen said. “They are not off-the-shelf zero-days or novelties.”

Google said it has not seen an increase in reports of ransomware attacks against US and allied critical infrastructure networks in response to the Ukraine conflict. He pointed out that the U.S. response to the ransomware attack on Line was one potential reason why the U.S. seemed a less desirable target.

In response to that ransomware attack, the Biden administration’s Joint Cyber ​​Defense Collaborative was established in August 2021 to team up with government agencies such as the NSA and the Pentagon to combat hackers and cyber attackers. . Microsoft and Google are members of the consortium.

The government describes the role of cooperative enterprises as defensive rather than offensive, with a focus on preventing attacks and limiting damage.

Stewart Baker, a former NSA general counsel and policy director for the Department of Homeland Security, said the adversaries private companies could take against cyberattack intruders found in their networks. He said there are many actions.

Baker, now an attorney at the private firm Steptoe & Johnson, said companies that try to go off-network to fight cyber attackers risk serious felony charges, but it’s an acceptable practice. lines are subject to change at government direction.

“There is a line,” said Mr. Baker. “It may not be as bright as everyone wants.”

As the anniversary of the war in Ukraine approaches next week, Google said it expects Russia to increase its devastating and devastating cyberattacks. The tech company said it would continue to work with others to defend itself against Russian aggression.

“This level of collective defense among governments, businesses and security officials around the world is unprecedented in its scope,” says Google’s report.