The US Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory about stepped-up Russian 'disruptive' actions right after Ukraine detected a cyberattack on government websites. The US Cybersecurity and Infrastructure Security Agency has issued an advisory urging organizations to increase cybersecurity vigilance today, the anniversary of Russia’s invasion of Ukraine, in the wake of a cyberattack against several Ukrainian government websites.“The United States and European nations may experience disruptive and defacement attacks against websites in an attempt to sow chaos and societal discord,” the CISA advisory said.The cyberattack in Ukraine, detected yesterday, hit the websites of a number of central and local authorities, “modifying the content of some of their webpages,” according to a statement from the State Service of Special Communication and Information Protection of Ukraine.“Apparently, on the eve of the anniversary of the full-scale invasion, Russia is attempting to stay visible in cyberspace where it acts, traditionally, as a terrorist state by attacking civilian targets,” the Ukrainian state agency said. The attack did not cause critical system interruptions, and most of the affected information resources were quickly recovered, the agency said.The websites were breached using a backdoor planted in December 2021, according to the Computer Emergency Response Team of Ukraine (CERT-UA), which discovered the attacks after investigating a web shell on one of the hacked websites that the threat actors used to install malware. The web shell was used to install several backdoors (dubbed CredPump, HoaxPen, and HoaxApe) a year ago, and created an index.php file in the root web directory, which modified the content of the affected sites, CERT-UA said.Ukraine cyberattack attributed Russia-aligned Ember Bear groupCERT-UA attributed the cyberattack to the Ember Bear threat group, also known as UAC-0056, or Lorec53. Ember Bear is thought to be a cyberespionage group that has operated organizations in Eastern Europe since early 2021.“Based on the set of signs, we can make a preliminary conclusion that the violation of the normal operation mode of the investigated web resources was carried out by the UAC-0056 group,” CERT-UA said.Russian government-backed attackers ramped up cyberattacks beginning in 2021 during the run-up to the invasion, according to a report from Google’s Threat Analysis Group week. In 2022, Russia increased the targeting of users in Ukraine by 250% compared to 2020, and the targeting of users in NATO countries increased over 300% in the same period, Google said.“We assess with high confidence that Russian government-backed attackers will continue to conduct cyberattacks against Ukraine and NATO partners to further Russian strategic objectives,” the report said. The report also said that Moscow will increase disruptive and destructive attacks in response to developments on the battlefield that fundamentally shift the balance toward Ukraine “These attacks will primarily target Ukraine, but increasingly expand to include NATO partners,” Google said in the report. Russian or Russia-aligned groups have increasingly been targeting nations that have shown support to Ukraine. On Tuesday this week, Mike Burgess, director general of the Australian Security Intelligence Organisation (ASIO), said in a speech that a Russian spy ring whose members were posing as diplomats in Australia was dismantled. The spies were highly trained and used sophisticated tradecraft to try to disguise their activities, and have been expelled from the country, he said.A report Friday in the Sydney Morning Herald said that the spy ring had been operating for 18 months before being dismantled.In its advisory, CISA said that it maintains cybersecurity resources including Shields Up, which it describes as “one-stop webpage that provides resources to increase organizational vigilance and keep the public informed about current cybersecurity threats.” Related content news analysis DHS unveils one common platform for reporting cyber incidents Ahead of CISA cyber incident reporting regulations, DHS issued a report on harmonizing 52 cyber incident reporting requirements, presenting a model common reporting platform that could encompass them all. By Cynthia Brumfield Sep 25, 2023 10 mins Regulation Regulation Regulation news Chinese state actors behind espionage attacks on Southeast Asian government The distinct groups of activities formed three different clusters, each attributed to a specific APT group. By Shweta Sharma Sep 25, 2023 4 mins Advanced Persistent Threats Cyberattacks feature How to pick the best endpoint detection and response solution EDR software has emerged as one of the preeminent tools in the CISO’s arsenal. Here’s what to look for and what to avoid when choosing EDR software. By Linda Rosencrance Sep 25, 2023 10 mins Intrusion Detection Software Security Monitoring Software Data and Information Security feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Data and Information Security IT Leadership Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe