As War Rages in Ukraine World Braces for Russian APT Attacks

As War Rages in Ukraine World Braces for Russian APT Attacks

U.S. Marine Corps M777 towed 155 mm howitzers are staged on the flight line prior to being loaded onto a U.S. Air Force C-17 Globemaster III aircraft at March Air Reserve Base, California, April 22, 2022. The howitzers are part of the United States’ efforts alongside allies and partners to identify and provide Ukraine with additional capabilities. (U.S. Marine Corps photo by Cpl. Austin Fraley)

The War in Ukraine has now entered into its 4th month and the attacks have not been limited to conventional warfare, as Russia-based cyberattacks have devastated the Ukrainian economy and are also targeting the allies of the embattled nation. 

Several weeks ago, a joint advisory from cyber agencies in Canada, the US, Australia, New Zealand, and the United Kingdom, warned organizations around the world of the cyber dangers presented by Russia. At that time, it was thought that a new wave of attacks targeting the allies of Ukraine would materialize in earnest, and thus far, some attacks have already been reported.

When examining the threat posed by Russia, we must examine state-sponsored Advanced Persistent Threat Groups (APTs). These groups are thought to be supported by the Kremlin and are among the most dangerous APT Groups in the world:

  • Fancy Bear, which is also known as APT28 is a Russian APT specializing in Cyber-Espionage. They are also known by the names Pawn StormSofacy Group, SednitTsar Team, and STRONTIUM. This group has a long, infamous history of attacks going all the way back to 2014. Among the more prominent attacks they have carried out are for a six-month-long cyber-attack on the German parliament that began in December 2014, the 2014 to 2017 attacks on prominent journalists in Russia, the United States, Ukraine, Moldova, and the Baltics, the April 8th, 2015, attack against the French television network TV5Monde, and the spear phishing attacks against email addresses associated with the Democratic National Committee in the first quarter of 2016.
  • Cozy Bear, also known as APT29, CozyCar, CozyDuke, Dark Halo, The Dukes, NOBELIUM, Office Monkeys, StellarParticle, UNC2452, and YTTRIUM, is though to be associated with either the Russian Federal Security Service (FSB) or SVR. Among their most prolific attacks are the phishing attack against the Pentagon email system, effectively shutting down the entire Joint Staff unclassified email system, the 2016 spear phishing attacks against US-based think tanks and non-governmental organizations, and of course, perhaps the most wide-ranging cyber-attack of all time, the SolarWinds attack.
  • Sandworm, also known as Unit 74455, Telebots, Voodoo Bear, and Iron Viking was responsible for the December 2015 attack against the Ukrainian power grid, and more recently, in February of 2022, Sandworm allegedly released the Cyclops Blink malware. In 2020, several members of the group were indicted by a US Grand Jury for cybercrimes. Russian officers, Yuriy Andrienko, Sergey Detistov, Pavel Frolov, Anatoliy Kovalev, Artem Ochichenko, and Petr  Pliskin, were all charged with conspiracy to conduct computer fraud and abuse, conspiracy to commit wire fraud, wire fraud, damaging protected computers, and aggravated identity theft. 
  • Berserk Bear , which is also known as Crouching YetiDragonflyDragonfly 2.0DYMALLOYEnergetic BearHavexIRON LIBERTYKoala, or TeamSpy is composed of “FSB hackers,” either directly employed by the FSB or Russian civilian hackers coerced into working with the FSB hackers while still working as for-profit freelancing hackers. This group has a history of targeting utilities infrastructure, responsible for the delivery of water or energy, making them among the most dangerous APT group in the world.

The threat from APT Groups is not limited to Russian based attacks, as there are dozens of APT Groups associated with China, North Korea, Iran, and many other countries. Should the current war expand to include additional nations, then the possibility of cyber attacks carried out by APT groups from other countries only increases. The recent expanded cooperation agreement between Russia and China also factors into this possibility of expanded cyberwarfare.  

Julio is a business and political strategist, the Editorial Director for Reactionary Times, and a political commentator and columnist. Julio’s writing focuses on cybersecurity and politics. Websites including Newsmax, Townhall, American Thinker and BizPacReview have published Julio’s work.

Back To News

As War Rages in Ukraine World Braces for Russian APT Attacks