FutureFive New Zealand logo
Consumer technology news from the future
Story image

Native technologies used in Russia-Ukraine cyber attacks

By Shannon Williams
Thu 24 Mar 2022

Native technologies are being used in Russia-Ukraine cyber attacks, according to new analysis from Aqua Security.

The conflict between Russia and Ukraine is raging not only in the physical realm but also on the cyber front, where governments, hacktivist groups, and individuals are trying to play their part. 

Russian cyber warfare: Wiper malware

According to Team Nautilus, part of Aqua Security, the military campaign was preceded by a sophisticated cyberattack launched by Russia against multiple Ukrainian organisations. It included highly destructive malware called IsaacWiper and HermeticWizard, which are new variants of the wiper malware. The malware attack, alongside the military campaign, aimed to make an impact on the conflict.

The malware was installed on hundreds of machines in Ukraine and was followed by a wave of distributed denial-of-service attacks. The new wipers can corrupt the data on a machine and make it inaccessible. In addition to the worm ability of spreading across a local network to infect more machines, they can also launch a ransomware attack and encrypt files on the compromised machine.

"To our knowledge, this new wiper attack is targeting only Windows systems," Aqua Security says. 

"According to internal Team Nautilus research, most cloud native environments (96%) are based on Linux. Thus, we assess that the risk to cloud native environments from this type of wiper malware is low," it says. 

"However, Russias cyber arsenal might include similar tools that are designed to attack Linux environments."

Hacktivists step in

As the Russia-Ukraine conflict unfolded, it attracted the attention of global threat actors such as the hacktivist group Anonymous. 

Anonymous regularly launches cyberattacks in support of its social and political ideals as well as against governments and their resources. In this case, Anonymous has declared cyberwar on Russia and called for hackers around the world to target Russian organisations and government.

Cloud native technologies used in cyber campaigns

"The attacks got our attention, and we at Team Nautilus tracked recent events to get an overview of the cyberattacks that have taken place. We gathered data from public repositories that contain code and tools aimed to target either side," the company says.

"Among the repositories, we analysed container images in Docker Hub as well as popular code libraries and software packages, including PyPI, NPM, and Ruby. We searched for specific names and text labels that called for an active action against either side.

"We investigated types of activities on these public sources. About 40% of the packages we observed were related to denial-of-service (DoS) activity aimed at disrupting the network traffic of online services. Other public repositories provided information to Ukrainian and Russian citizens or tools to block user networks from the conflict area," it says.

"We also saw activity with a banner that can be added to a website in support of Ukraine. Moreover, there were sources that suggested doxing, which is publicly revealing personal information of high-ranking individuals. Finally, one resource collected donations to Ukrainian citizens."

Analysis of container images in Docker Hub

Next, Team Nautilus analysed the container images abagayev/stop-russia:latest and erikmnkl/stoppropaganda:latest, which were uploaded to Docker Hub. The main reason for studying them was that together they gained more than 150K pulls, it says.

"These container images have published instructions and source code on GitHub, including a list of targets with Russian website addresses. Among other things, the guidelines explained how to initiate an attack and what tools to download, allowing non-professionals to launch an attack on their own," the company says.

"As we see, the repositories have played a major role in the ongoing virtual conflict, making cloud native tools widely available to a less technical audience. This once again shows that today you don't have to be a skilled hacker to take part in cyber war."

To analyse the container images, Team Nautilus scanned them with Aqua's Dynamic Threat Analysis scanner. It executed the container images in a secure sandbox, which allowed them to gain more insights into these tools and their impact.

  • The container image abagayev/stop-russia:latest contains a DoS attack tool that targets financial data and service providers in Russia.
  • The container image erikmnkl/stoppropaganda:latest contains a DDoS attack tool over TCP protocol through multiple connection requests. Its used to initiate the attack and targets multiple service providers in Russia.
  • Both container images also included attack tools that initiate DNS flood carried out over the UDP protocol, sending a large number of DNS requests to UDP in port 53, and aimed against Russian banks.

Attacks in the wild

"As part of our research efforts, we regularly deploy honeypots, i.e., misconfigured cloud native applications based on Docker and Kubernetes or other widely used applications such as databases," Aqua Security says. 

"We analysed the data recorded by our honeypots with a focus on attacks that launched DDoS attacks in the wild and collected only IP addresses that belonged to Russia and Ukraine.

"Based on the data accumulated in our honeypots, we found that 84% of the targets were affiliated with IP addresses in Russia and only 16% in Ukraine," it says. 

"Further sector segmentation of the organisation metadata linked to the IP addresses shows that network and media organisations were the prime targets and were attacked most often."

Aqua Security says the Team Nautilus findings highlights the significant role that the cyber domain can play in a modern geopolitical conflict. 

"As technology advances, experienced threat actors can create and distribute simple automated tools that allow less skilled individuals to participate in cyber war," it says.

"These advances also allow individuals and organised hacking groups to influence the conflict, using their knowledge and resources. We can see how emerging technologies are relevant in these efforts and can have an impact."

Related stories
Top stories
Story image
Apple
Apple previews new features for users with disabilities
Apple says new software features that offer users with disabilities new tools for navigation, health and communication, are set to come out later this year.
Story image
Gaming
PNY launches XLR8 Gaming EPIX memory products in A/NZ
PNY has launched its XLR8 Gaming EPIC-X RGB™ DDR4 Silver 3200MHz and 3600MHz memory products in Australia and New Zealand.
Story image
WolfVision
WolfVision announces new range of visualisers
WolfVision has announced a new range of visualisers to help meet multiple industry demands for remote learning and educational solutions.
Story image
PaaS
New digital traffic light system to tackle construction defects
Smarter Defects Management launches its PaaS digital system and says it will revolutionise managing defects in the construction industry.
Story image
Gaming
Game review: Weird West (PlayStation 4)
There have been many games released over the years based on the wild west era, but Weird West is one of the most unique.
Story image
Wireless
Hands-on review: Steelseries Aerox 9 Wireless and Aerox 5 gaming mice
Steelseries offered two interesting mice for review, the Aerox 9 Wireless, aimed at MMO/MOBA players, and the Aerox 5, a wired mouse for multi-genre use.
Story image
Gaming
Mastercard users can now use rewards points in gaming
Mastercard has launched Mastercard Gamer Xchange (MGX), allowing APAC consumers to convert their rewards points into gaming currency.
Story image
Mobility
Hands-on review: STM laptop bags
The advent of hybrid working has meant we need laptop bags. We got our hands on two of the most popular laptop bags from STM.
Story image
Gaming
Game review: MLB The Show 22 (PS5)
Historically the MLB The Show series has been exclusive to PlayStation consoles, but now the franchise is expanding.
Booster
Booster Innovation Fund. A fund of Kiwi ingenuity – for Kiwi investors.
Link image
Story image
Wireless
Sony to bring new 1000X series WH-1000XM5 headphones to the market
Sony has announced the newest edition of its award-winning wireless headphones, with the 1000X series WH-1000XM5 noise-cancelling model.
Story image
i-PRO
i-Pro announces newest solutions as rebranded enterprise
i-PRO APAC Oceania has introduced its newest high-resolution mid-range cameras, with combined edge AI analytics and resolutions of up to 4K.
Story image
E-waste
NZ’s first and only e-waste sorting machine launched
Computer Recycling launches e-waste shredder and MSS optical sorting machine BLUBOX, which is able to sort out a tonne of e-waste per hour
Story image
Malware
Vulnerabilities in Lenovo laptops expose users to UEFI malware
Researchers at ESET have discovered three vulnerabilities affecting various Lenovo consumer laptop models.
Story image
Online shopping
A/NZ shoppers plan to spend less, be more selective
For retailers, 2022 is set to be a year of introspection as shoppers across Australia and New Zealand indicate they plan to spend less.
Story image
Logitech
Logitech releases new mouse with ergonomic and sustainable focus
Logitech has announced the Logitech Signature M650 Mouse and the Signature M650 for Business Wireless Mouse, both with new ergonomic features and capabilities.
Story image
Wireless
Hands-on review: Technics EAH-A800 Noise Cancelling Wireless Headphones
Designed in Osaka, Japan, these headphones just exude quality. They aren’t heavy, but they feel well built and solid.
Story image
Gaming
Hands-on review: The A500 Mini Retro Gaming Console
Retro Games, the UK outfit responsible for a range of retro gaming devices from joystick to full-sized Vic-20s and C64 emulators, have launched their A500 Mini Retro Gaming Console.
Story image
Gaming
Study reveals Minecraft the hardest mobile game ever
According to a study by Mozillion, Minecraft: Pocket Edition tops the list as both the most searched for game and the one players need help with and try to cheat the most.
Story image
Microsoft
Microsoft backing Māori and Pacific wāhine in tech industry
A new initiative focused on getting Māori and Pacific wāhine into the tech industry and backed by Microsoft, NZTech and the government is calling for tech companies to get involved.
Story image
Music
Hands-on review: JBL Partybox 110 Bluetooth speaker
My first review in a long time is sure to create a lot of noise, if the experience in my household has been anything to go by.
Story image
Review
Hands-on review: Amazon Kindle Paperwhite Signature Edition
In almost every respect it works like a book, apart from the fact that it weighs next to nothing, fits in my hand perfectly, and is soothing on my eyes.
Story image
Collaboration
TikTok launches community-inspired effect capability
TikTok has announced the launch of its Effect House feature to allow its users to create and share Community Effects.
Story image
Jabra
Jabra reveals its latest portable headset Engage 55
Jabra has launched the Engage 55, the newest product in Jabra's Engage series designed for ultimate call security and quality.
Story image
Gaming
Hands-on review: 32GB PNY XLR8 Gaming MAKO 6000MHz DDR5 memory kit
PNY’s XLR8 Gaming MAKO DDR5 memory modules are designed to get the most out of systems based on Intel’s 12th generation Alder Lake CPUs.
Story image
NFT
Emirates to launch NFTs and experiences in the metaverse
"Emirates has embraced advanced technologies to improve business processes, enhance our customer offering, and enrich our employees' skills and experiences."
Story image
Review
Hands-on review: MSI MPG Z690 Carbon WIFI motherboard
It’s all change with Intel’s 12th generation CPUs. We have a new chipset in the 600-series, a new socket with the LGA 1700, and new DDR5 memory.
Story image
Review
Hands-on-review: Creative Outlier Air V3
Creative is back with the third version of its affordable Outlier Air wireless earbuds range - aptly named the ‘V3’. And this time, they come boasting ambient mode and active noise reduction.
Story image
Microsoft
Microsoft unveils adaptive accessories for disability access
Microsoft is introducing an expansive Inclusive Tech Lab to give people with disabilities greater access to technology through new software features and adaptive accessories.
Story image
Gaming
Game review: Lego Star Wars: The Skywalker Saga (Xbox Series X)
The Lego Star Wars games have always been popular with both kids and adults as they are a cute way to relive the famous movies.
Story image
Gaming
Game review: Tiny Tina’s Wonderlands (PC)
Tiny Tina’s Wonderlands is a spin-off that joins Borderlands, Borderlands 2, Borderlands 3, and Borderlands: The Pre-Sequel.
Story image
Sustainability
Can bots succeed where humans have failed in sustainability?
People want businesses to turn talk into action, and believe technology can help businesses succeed where people have failed.  
Story image
Artificial Intelligence
Tell-tale hints before volcanic eruptions found using AI
Researchers have pinpointed precursors to volcanic eruptions, in data collected before explosions including the deadly 2019 Whakaari surge that killed 22 people.
Story image
Dynabook
Dynabook A/NZ announces new Portégé X40L-K hyperlight laptop
Dynabook A/NZ has unveiled the all-new Portégé X40L-K, a hyperlight 14.0" modern laptop utilising cutting-edge, high-performance computing power.
Story image
Norton
Hands-on review: Norton Anti Track 19 software
We get hands on with Norton's new privacy tool that was introduced in March 2022.
Story image
Design
Dynabook launches new Tecra A40-K and A50-K models
Dynabook has announced two new additions to its Tecra range, with both said to help promote flexible working solutions while also reducing the strain on IT managers.
Story image
D-Link
D-Link launches new G415 Smart Router as part of EAGLE PRO AI range
D-Link A/NZ has announced the launch of its new G415 AX1500 4G Smart Router as part of the new EAGLE PRO AI Series.
Story image
Poly
Poly introduces new smart devices and announces Amazon e-store in Australia
Poly is introducing two new pro-grade devices to the market and announcing its first official Australian e-store on Amazon.
Story image
Review
Hands-on-review: GoPro Hero 10
I have a long history with GoPro; I still remember getting my first camera when I was 16, using it to film Parkour and the day I lost it down a dingey crag. 
Story image
Sustainability
The AI Forum helps NZ pave the way with AI sustainability practices
Non-profit organisation The AI Forum is helping Kiwis learn about addressing climate change issues through the use of AI technology.
Story image
Gaming
Hands-on review: Ghostwire Tokyo (PS5)
Although a bit of a tonal departure for Bethesda, Ghostwire Toyko is a good-looking and eerie action game that is aimed at a very select audience.
Story image
Corsair
Hands-on review: Corsair 32GB Vengeance 5200MHz DDR5 DRAM kit
Corsair’s Vengeance 5200MHz DDR5 DRAM offers PC users an entry-level upgrade to the new memory standard allowing them to get a little bit more out of their new Alder Lake CPUs.
Story image
Gaming
Hands-on review: Intel Core i7-12700 CPU
Intel’s middle-of-the-road 12th generation Core i7-12700 offers performance at a lower price than the pricey Core i9 for users that are not fussed by overclocking.
Story image
IDC
IDC finds 3.9% decline in worldwide tablet shipments
Preliminary data from IDC's Worldwide Quarterly Personal Computing Device Tracker has found tablet shipments reached 38.4 million units during Q1 2022, a year-over-year decline of 3.9%.