As the intensity of the war increased in Ukraine, so did a wave of cyberattacks around the world. The targets were mostly large companies and individuals.
Last week, for instance, a hacker group known as Lapsus$ leaked 200GB worth of confidential data from South Korea’s Samsung Electronics. A week ago, the same cybercriminals targeted US chipmaker Nvidia, stealing staff credentials and proprietary information.
In Japan, Toyota Motor Corp. suspended car production after one of its suppliers, Kojima Industries, was attacked on 28 February.
The incidents seem unrelated at first glance, but cybersecurity experts said the pattern of attacks reinforce the suspicion that criminals are trying to exploit the Russia-Ukraine war to make illegal gains.
Security experts caution that India, too, should be on alert as the attacks, even if in another country, can easily compromise its supply chain partners or business entities, given global interconnectedness.
“While we have not observed any direct impact on Indian organizations yet, the correlations between technologies and infrastructure could mean any organization from a different region can become collateral and get caught in the crosshairs,” said Vicky Ray, principal researcher, Unit 42 at Palo Alto Networks, a cybersecurity company.
Ray attributed this to the dependence on shared infrastructure and the interconnected and interdependent nature of technologies. For instance, a large-scale attack on a cloud hosting provider could impact all businesses using its infrastructure across the world, he said. While firms are most likely to be targeted to extort money or access the treasure trove of data they hold, attackers have not spared individual users either. According to security experts, cybercriminals are also taking advantage of the situation to dupe individuals eager to donate to Ukraine’s war efforts and provide aid to citizens in the war-torn country.
On 4 March, cybersecurity firm CheckPoint Research detailed several phishing emails seeking donations for Ukraine.
Researchers at CheckPoint said attackers are seeking donations in cryptocurrency, making it harder to trace the source of a hack. “The conflict is polarizing cyberspace. Hacktivists, cybercriminals, white hat researchers or even tech firms are choosing a clear side, emboldened to act on behalf of their choices,” said Lotem Finkelstein, head of threat intelligence at CheckPoint.
In addition to phishing emails, attackers are active on instant messaging apps like Telegram, which surpassed a billion downloads globally in August last year. Over 200 million of the app’s users came from India, according to a report by analytics firm Sensor Tower at the time.
About 4% of the groups on Telegram are soliciting donations to support Russia or Ukraine, and many of them appear suspicious, CheckPoint said. Each of these groups on Telegram consists of tens of thousands of users, it added.
To be sure, there are legitimate support groups, too. CheckPoint said many hackers are also using Telegram groups to plan attacks on Russian entities. Ukraine’s vice prime minister, Mykhailo Fedorov, has even directed users towards Telegram channels for donations and to help what Fedorov called the “IT army”.
Finkelstein cautioned that people seeking to donate to Ukraine should first check the domain from which an email has been sent and look for any misspellings in it or the email to verify if the sender is genuine.
Never miss a story! Stay connected and informed with Mint.
our App Now!!