MODIFICAREA PEISAJULUI AMENINȚĂRILOR CIBERNETICE DATORITĂ IMPLICĂRII GRUPĂRILOR DE CYBERCRIME ÎN RĂZBOIUL RUSO-UCRAINEAN

MODIFICAREA PEISAJULUI AMENINȚĂRILOR CIBERNETICE DATORITĂ IMPLICĂRII GRUPĂRILOR DE CYBERCRIME ÎN RĂZBOIUL RUSO-UCRAINEAN

A year after the start of the Russia-Ukraine war, the threat landscape influenced by cybercrime groups has seen further changes, and while some groups have declared allegiance to the Russian government, others have split over ideological differences or remained apolitical, opting to capitalize on g...

Full description

Saved in:
Bibliographic Details
Main Author: Claudia-Alecsandra GABRIAN
Format: Article
Language:English
Published: ”Mihai Viteazul” National Intelligence Academy Publishing House 2023-01-01
Series:Intelligence și Cultura de Securitate
Subjects:
cyber-attacks
cybercrime groups
cyber threats
ransomware
telegram
Online Access:https://www.animv.ro/wp-content/uploads/2024/03/2023_ICS_Claudia-Alecsandra_GABRIAN.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:A year after the start of the Russia-Ukraine war, the threat landscape influenced by cybercrime groups has seen further changes, and while some groups have declared allegiance to the Russian government, others have split over ideological differences or remained apolitical, opting to capitalize on geopolitical instability for financial gain. Affiliates of these cybercrime groups are actively involved in operations targeting entities and critical infrastructures of Ukraine, as well as countries that have declared their support for Ukraine, posing a threat to supporting states. This paper aims to highlight how financially motivated cybercrime actors capitalize on geopolitical instability and how they aid and abet Russian state interests, either by accident or on purpose. The objectives of the paper are to identify those cybercrime groups that use the ransomware attack or advanced persistent threat methods to carry out major cyber-attacks and how they changed their attack method after the outbreak of the conflict. The research methods used are qualitative, through document analysis and netnography, and the interpretation of the results is a justification of the involvement of cybercrime groups in this war. Netnography is used to analyse how these cybercrime groups discuss on public forums and groups, such as on Telegram, where they share all the information between members. In the NIS Directive are mentioned 7 sectors of economic activity that should be insured a common high level of security of networks and IT systems. In the main results of this research, we identify that cybercriminals groups attack all these main sectors, such as energy, transport, banking, infrastructures, health, and digital infrastructures. There were identified changes in malware-as-a-service and ransomware-as-a-service attacks, as well as changes in cybercriminal tactics and methods to orchestrate an attack. Also, when we refer to ransomware, LockBit, and CL0P groups are currently the most important cybercrime groups that carry out major cyber-attacks on countries from Europe. The information used in the research comes from open sources, mainly oriented toward those originating from the Russian language and those found in the public groups of the affiliates of these groups.
ISSN:2971-8139
2972-1350

Similar Items