Russian Hackers Use Western Networks to Attack Ukraine
Russian hackers have been identified using presence inside the networks of organizations located in the UK and the US to launch attacks against Ukraine. The campaign was revealed in a recent report by Lupovis, a Scottish security firm. The firm set up a series of decoys on the web to attract Russian threat actors so the firm could observe their tactics. This included several fake honeyfile documents leaked to cybercrime forums. The documents were spoofed by Lupovis to contain fake usernames, passwords, and other information. This part of the operation was designed to lure Russian threat actors into engaging with the decoys.
Other decoys were designed to mimic Ukrainian political and governmental sites. According to Lupovis, roughly 50-60 human actors interacted with the five decoys set up and many of these actors reached the honeypots within just a minute of their lunch. This means that threat actors are actively looking to compromise Ukrainian entities on a regular and consistent basis. The most concerning finding, Lupovis states, is that Russian cybercriminals have been able to compromise the networks of global organizations and are now using this presence to launch attacks against Ukrainian entities.