• RUSSIA-UKRAINE UPDATES:

    We a providing free access to all our threat reports and related discussions for this and other widespread threats as a service to the industry and any impacted organizations. Access our Active Exploits Discussion/Recommendations forum. All related threat reports and discussion items will be posted to these threads.

    We all need to work together to help businesses better understand the threat landscape and prepare for attacks, current and future.
  • That's a wrap on the June Member Meetup! Stay tuned for the July registration links. Going forward we'll be holding 2 meetups every 3rd Wednesday to support our global membership.

    June Member Meetup
Today, the CompTIA ISAO issued the following advisory. This thread is being opened for any discussion or necessary response related to this matter.

Dear CompTIA ISAO Member,

We have heard a few members expressing concern about the increased tensions surrounding the potential for military conflict between Russia and Ukraine. Specifically, some members are rightly concerned that any armed conflict between these two nations could include cyberattacks against critical infrastructure, businesses, and even private citizens around the globe.

I am writing today to let you know that the CompTIA ISAO shares these concerns, and we have been closely monitoring this situation for several weeks now. While we do not have any information, non-classified or classified, to indicate any specific threat to our members, we do believe that we all need to be in a significantly heightened state of alert and to closely monitor your networks and those of our customers and supply chain partners for any sign of suspicious activity.

Recently my colleague and friend, Scott Algeier, executive director of the IT-ISAC, issued a statement to all IT-ISAC members. As you know, the CompTIA ISAO and IT-ISAC are partners, and as such, Scott and I have collaborated on a statement to members of the CompTIA ISAO. That statement follows:​
Joint Statement on Russia-Ukraine Geopolitical Tensions


With the heightened geopolitical tensions around the world, specifically between Russia and Ukraine, we wanted to take a moment to state the obvious—companies must take immediate steps to review and, if necessary, upgrade their cybersecurity and to prepare for potential consequences that might result from a nation-state sponsored cyberattack.

We cannot predict what will happen, but we know what has happened. Nation-state actors have a long history of attacking critical infrastructure, private enterprise, public institutions, and individual citizens. We regularly report on various nation-state actors who infiltrate supply chains, launch direct assaults, and steal core Intellectual Property.

If these actors use their capabilities against the industry in times of peace, we need to be prepared for them to deploy these capabilities during a time of conflict. We must prepare for the likelihood that they will hit us even harder than they have in the past.

The military and intelligence communities have a process called the "preparation of the battlefield." Those who served in the military know more about this exercise than we do. But essentially, the exercise looks at desired outcomes one would want to achieve and then walks backward from there to identify what information and actions were needed to get to that outcome. I need to know A, B, and C, to achieve Y.

We must assume that our adversaries have done a “preparation of the battlefield” on us. For years these actors have been probing our defenses, understanding our interconnections, and learning our interdependencies.

Companies should be prepared for:​
  • Disruptive attacks on their corporate networks.
  • Disruptive attacks on customer networks they secure.
  • Disruptive attacks on the networks of critical partners or suppliers that impact their own business.
  • Disruptive attacks on the critical infrastructure sectors that have cascading impacts on their own company and the geographic locations in which they, their customers, and their employees live and work.
  • Disruptive attacks on platforms used by individual citizens around the world.
It is not our intent to be overly alarmist. We do not have access to any information as to timing or targets. However, some analysts suggest that the time for diplomacy is rapidly ending, and the likelihood of armed conflict is increasing. We are not predicting that a nation-state adversary will launch a significant cyberattack. But it is prudent to prepare and plan for the possibility of disruptive cyberattacks.

As always, the CompTIA ISAO and the IT-ISAC teams will continue to provide updated reporting and share any new information we have with you. We encourage CompTIA ISAO members to continue with the strong, trusted collaboration that the Cyber Forum allows us to participate in. To that end, we are opening a thread in the Active Exploits Discussion/Recommendations forum today, which we will keep open until the current geopolitical tension around Russia and Ukraine resolve to a significant extent. Please post your concerns, questions, and any helpful information you may come across that may help others in this forum. If you detect new phishing or unusual behavior on the networks you manage, please post your findings to the Threat Submissions forum so our analysts may immediately investigate and report back.

As always, thank you for being an engaged member of the CompTIA ISAO.​
spacer-long.png

CompTIAISAO%20copy%202.png
MJ Shoer
Chief Community Officer,
Executive Director,
CompTIA ISAO
spacer-long.png
IT-ISAC-NAVY-LOGO.png

Scott Algeier
Executive Director,
IT-ISAC
 
Last edited:

INFORMATIONAL TLP: Green Govt Agencies and Banks in Ukraine Targeted in DDoS Attacks​

We are sharing the headline of this report that our cyber analysts have issued. CompTIA ISAO members may click the link to access the full report. Unfortunately, we are unable to share the full report publicly as it may contain protected sources, restricted threat intelligence of analysis that has been created specifically for our members. For more information about the CompTIA ISAO, please click here.
 
Last edited:

INFORMATIONAL TLP: Green The Ukraine Cyber Crisis: We Should Prepare, But Not Panic​

We are sharing the headline of this report that our cyber analysts have issued. CompTIA ISAO members may click the link to access the full report. Unfortunately, we are unable to share the full report publicly as it may contain protected sources, restricted threat intelligence of analysis that has been created specifically for our members. For more information about the CompTIA ISAO, please click here.
 
Last edited:

INFORMATIONAL Severity: High TLP: Green Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive​

We are sharing the headline of this report that our cyber analysts have issued. CompTIA ISAO members may click the link to access the full report. Unfortunately, we are unable to share the full report publicly as it may contain protected sources, restricted threat intelligence of analysis that has been created specifically for our members. For more information about the CompTIA ISAO, please click here.
 
Last edited:
  • Like
Reactions: Matt Ritchie

INFORMATIONAL TLP: Green Ukrainian DDoS Attacks Should Put US on Notice–Researchers

We are sharing the headline of this report that our cyber analysts have issued. CompTIA ISAO members may click the link to access the full report. Unfortunately, we are unable to share the full report publicly as it may contain protected sources, restricted threat intelligence of analysis that has been created specifically for our members. For more information about the CompTIA ISAO, please click here.
 
Last edited:

INFORMATIONAL Severity: High TLP: Green New Wiper Malware Targeting Ukraine Amid Russia's Military Operation

We are sharing the headline of this report that our cyber analysts have issued. CompTIA ISAO members may click the link to access the full report. Unfortunately, we are unable to share the full report publicly as it may contain protected sources, restricted threat intelligence of analysis that has been created specifically for our members. For more information about the CompTIA ISAO, please click here.
 
Last edited:

Update: Russia-Ukraine Conflict

With the Russian invasion of Ukraine now underway, we felt it essential to update you on our recent joint statement with our partners at the IT-ISAC and what we are seeing and doing as a result of these events.

First and foremost, know that the CompTIA ISAO and our partners are closely monitoring this rapidly unfolding situation. We are reviewing reports of increased cyberattacks across Russia, Ukraine, the EU, and the UK that are initially thought to be connected to this conflict. The pace, severity, and geographic scope of these attacks will likely increase in the coming days, but as you know, anything is possible, and much of what is unfolding is unpredictable.

In an effort not to overwhelm our members with real-time information that may not directly impact you or your customers, we are trying our best only to send alerts that have a direct impact, be they informational or actionable.

With all of this said, I do want to remind you of a few things and share some additional resources should you wish to monitor this situation more directly.

We want to reiterate that it remains essential for your organization and your customers to continue to be prepared for any of the following possibilities:
  • Disruptive attacks on your corporate networks.
  • Disruptive attacks on customer networks you secure.
  • Disruptive attacks on the networks of critical partners or suppliers that impact your business and your customers.
  • Disruptive attacks on the critical infrastructure sectors that have cascading impacts on your company and the geographic locations in which you, your customers, and employees live and work.
  • Disruptive attacks on platforms used by individual citizens around the world.
Please actively monitor the Concerns/Attacks Related to Geopolitical Tensions between Russia and Ukraine thread in the Active Exploits Discussion/Recommendations forum on the Cyber Forum. We update this thread with any new resources to help you monitor and respond to this unfolding conflict.

You may also wish to reference the following CISA site dedicated to the Russian threat:

Russia Cyber Threat Overview and Advisories | CISA

Our team of analysts will continue to update you with essential Threat Reports related to this conflict as well as ongoing cybersecurity threats.

If you suspect any malicious activity, be it phishing or probing activities, please post your findings to the Threat Submissions forum so our analysts may quickly investigate and report back.

Finally, CISA has asked that companies increase their level of sharing with the government. We can help with this. If you have information you would like to share with CISA but are concerned about attribution, please post to the Threat Submissions forum. We will anonymize it and pass it to DHS. Information on how to share directly with CISA can be found here: Report Incidents, Phishing, Malware, or Vulnerabilities | CISA. If you choose to share directly with CISA, please also post that information as requested to benefit the entire CompTIA ISAO community.

Please do not hesitate to reach out to me or anyone on our team if we can assist in any way.

Thank You and Stay Safe,

MJ
 

INFORMATIONAL TLP: Green Ukraine Links Phishing Targeting Armed Forces to Belarusian Hackers​

We are sharing the headline of this report that our cyber analysts have issued. CompTIA ISAO members may click the link to access the full report. Unfortunately, we are unable to share the full report publicly as it may contain protected sources, restricted threat intelligence of analysis that has been created specifically for our members. For more information about the CompTIA ISAO, please click here.
 
Last edited:

INFORMATIONAL TLP: Amber Anonymous Hacking Group Declares “Cyber War” Against Russia​

We are sharing the headline of this report that our cyber analysts have issued. CompTIA ISAO members may click the link to access the full report. Unfortunately, we are unable to share the full report publicly as it may contain protected sources, restricted threat intelligence of analysis that has been created specifically for our members. For more information about the CompTIA ISAO, please click here.
 
Last edited:

INFORMATIONAL Severity: High TLP: White Destructive Malware Targeting Organizations in Ukraine

We are sharing the headline of this report that our cyber analysts have issued. CompTIA ISAO members may click the link to access the full report. Unfortunately, we are unable to share the full report publicly as it may contain protected sources, restricted threat intelligence of analysis that has been created specifically for our members. For more information about the CompTIA ISAO, please click here.
 
Last edited:

INFORMATIONAL TLP: Green Moscow Exchange Downed by Cyber-attack

We are sharing the headline of this report that our cyber analysts have issued. CompTIA ISAO members may click the link to access the full report. Unfortunately, we are unable to share the full report publicly as it may contain protected sources, restricted threat intelligence of analysis that has been created specifically for our members. For more information about the CompTIA ISAO, please click here.
 
Last edited:

INFORMATIONAL TLP: Amber Ukraine Situational Reporting

We are sharing the headline of this report that our cyber analysts have issued. CompTIA ISAO members may click the link to access the full report. Unfortunately, we are unable to share the full report publicly as it may contain protected sources, restricted threat intelligence of analysis that has been created specifically for our members. For more information about the CompTIA ISAO, please click here.
 
Last edited:

INFORMATIONAL TLP: Green Conti Ransomware's Internal Chats Leaked After Siding With Russia

We are sharing the headline of this report that our cyber analysts have issued. CompTIA ISAO members may click the link to access the full report. Unfortunately, we are unable to share the full report publicly as it may contain protected sources, restricted threat intelligence of analysis that has been created specifically for our members. For more information about the CompTIA ISAO, please click here.
 
Last edited:

INFORMATIONAL TLP: Green Meta: Ukrainian Officials, Military Targeted by Ghostwriter Hackers

We are sharing the headline of this report that our cyber analysts have issued. CompTIA ISAO members may click the link to access the full report. Unfortunately, we are unable to share the full report publicly as it may contain protected sources, restricted threat intelligence of analysis that has been created specifically for our members. For more information about the CompTIA ISAO, please click here.
 
Last edited: