Hackers attack train network to stop Putin moving troops from Russia to Ukraine The hackers stopped trains in Minsk, Orsha, and Osipovichi by encrypting some systems, making it ‘impossible to buy tickets’ https://www.independent.co.uk/tech/hackers-attack-train-putin-troops-russia-ukraine-b2024907.html
Plus western financial applications no longer work... this is probably action from the companies related to sanctions.
The "long que" in the picture here is getting into the metro. That's how it looks around rush hour. I know, because I waited in that line many times. You have to put your metro card into the machine to go through. Has nothing to do with cash or Apple Pay, etc. If you're going to make a claim, at least show the right picture.
Facebook and Twitter remove disinformation and hacking campaigns targeting Ukraine NPR - https://tinyurl.com/2p8bb8zf Facebook parent company Meta says it has uncovered Russian efforts to undermine trust in the Ukrainian government and a separate attempt to hack Ukrainian military officials and journalists using its platform. "There's been a lot of speculation and interest on whether there are covert influence operations targeting public debate in Ukraine and to what degree we're seeing cyber hacking groups targeting individuals in Ukraine," said Nathaniel Gleicher, Meta's head of security policy. "This is a case where we're seeing both of those things." Meta says it alerted other social media companies to its findings. Twitter said on Monday that it also has removed accounts involved in the campaigns. Meta described the two campaigns on Facebook as small in scale and caught in the early stages. The first campaign involved a network of about 40 accounts, pages and groups on Facebook and Instagram, operated in Russia and Ukraine. They used fake personas, including computer-generated profile pictures, to masquerade as independent news outlets and posted claims about Ukraine being a failed state. The focus of the efforts appeared to be driving traffic to the network's own websites, Meta said, and the network posted across social media, including on Twitter, YouTube, Telegram and Russian social networks VK and Odnoklassniki. On Facebook and Instagram, it accumulated fewer than 5,000 followers across Facebook and Instagram. The company did not say how many people interacted with or saw its posts. "It's a sign that while these actors are trying to run these types of influence operations, they're getting caught sooner and they're not reaching the audiences that they would have reached even a few years ago," Gleicher said. Meta said it has removed the accounts and blocked the associated websites. The company says it found links to another network of fake accounts it removed in 2020 that involved people in Russia and the Donbas region of Ukraine as well as two Crimean media organizations now sanctioned by the U.S. government. Twitter banned more than a dozen accounts connected to the effort and blocked sharing of links. "Our initial findings indicate that the accounts and links originated in Russia and were attempting to disrupt the public conversation around the ongoing conflict in Ukraine," a Twitter spokesperson said. Separately, Meta said it has seen a surge in hacking attempts of Ukrainians in recent days. It tied some to a Belarusian-connected effort known in cybersecurity circles as "Ghostwriter," which has previously been blamed for cyberattacks in other European countries. Meta says Ghostwriter has been trying to hack the accounts of high-profile Ukrainians, including military officials, journalists and public figures, although it didn't identify any individuals. The hackers try to break into targets' email and social media accounts and post disinformation. "We detected attempts to target people on Facebook and post YouTube videos portraying Ukrainian troops as weak and surrendering to Russia, including a video claiming to show Ukrainian soldiers surrendering," said David Agranovich, Meta's director of threat disruption. Gleicher said the company has alerted the "handful" of Ukrainians who have been targeted recently and is blocking the domains the hackers use in their phishing attempts. Russia has long used fake accounts and bots to spread disinformation on social media, including during its 2014 campaign to annex Crimea and in the 2016 U.S. presidential election. Since then, Facebook and other tech companies have been quicker to root out this kind of inauthentic behavior, says Nina Jankowicz, a fellow at the Wilson Center who studies disinformation. At the same time, Russia's efforts to spread disinformation have become more overt, she said, through official government communications and pro-Kremlin state media coverage that gets "repackaged on platforms like TikTok and Instagram and YouTube." "It's less about fake identities, even ones that are convincing, and more about completely staged events that are supposed to create the pretext to justify this war," she said. Facebook, along with Google, has taken some steps in recent days to restrict Russian state media. Both companies are barring those outlets from making money from advertising on their platform and have blocked them entirely in Ukraine, at the request of the Ukrainian government. Those moves have angered the Russian government, which has accused the companies of censorship and said it would limit access to Facebook in the country. Jankowicz says that shows how the challenge for social media companies is evolving. "Takedowns [of fake accounts] only go so far," she said. "We also need to think about the broader picture: How do we get information to Ukrainians who need it right now? How do we make sure that Russians are hearing the truth? How do we make sure that this conflict is being covered and discussed in a way that is reflective of reality?"
Numerous western companies are under cyber attack today. Here is a local story about Bridgestone - a tire manufacturer. Wilson Bridgestone plant sends employees home amid cyberattack https://www.wral.com/wilson-bridgestone-plant-sends-employees-home-amid-cyberattack/20163430/ A Wilson Bridgestone Americas plant sent employees home Sunday in light of a company-wide cyberattack. Bridgestone Americas representatives said the company disconnected many of its manufacturing and retreading facilities in Latin America and North America from its network to prevent further impact after 'an information security incident.' The international corporation provided a statement to media: Bridgestone Americas is currently investigating an information security incident. Since learning of the incident in the early morning hours of February 27, we have launched a comprehensive investigation to quickly gather facts while working to ensure the security of our IT systems. Out of an abundance of caution, we disconnected many of our manufacturing and retreading facilities in Latin America and North America from our network to contain and prevent any impact. We are continuing to make progress on the investigation towards determining the scope and nature of the incident, and we will continue to work diligently to address any issues that may affect our operations, our data, our teammates, and our customers.
The Russian news websites not taken down by hackers are the opposition websites which are taken down by the government. Which leads to the question -- just where are Russians getting their news about the Ukraine war online? Russia blocks media outlets, others hacked over Ukraine war Russian authorities have blocked the websites of some Russian media outlets over their reporting of the invasion of Ukraine, while hackers transposed a message across the main pages of others condemning the war https://abcnews.go.com/Internationa...cks-media-outlets-hacked-ukraine-war-83157758
Summary: An insider in Conti releases their chat logs for the past year. The logs demonstrate the group is basically directed by Russian intelligence including the FSB. A ransomware group paid the price for backing Russia The Conti ransomware gang sided with Putin and had its chat logs leaked soon afterward https://www.theverge.com/2022/2/28/22955246/conti-ransomware-russia-ukraine-chat-logs-leaked As Russia’s invasion of Ukraine enters its fifth day, a coalition led by the US and Europe has mounted a coordinated response focused on financial sanctions and, increasingly, military aid. While the conflict grows in scale and intensity, organizations far beyond the apparatus of military and government are being drawn in — including ransomware groups active in Russia and Ukraine. That gravitational pull is particularly fraught in Russia, where the borders between hackers and the Russian intelligence services are sometimes porous, and one group in particular has been made to pay for its allegiance to the Putin regime. On Friday, the notorious ransomware gang Conti surprised many observers by explicitly casting its lot with Putin’s military agenda, declaring “full support” for the Russian government and threatening to mount attacks on critical infrastructure of any adversaries launching cyberattacks against Russia. Two days later, on February 27th, Conti’s posturing came to backfire spectacularly when an anonymous individual leaked a cache of chat logs from the organization, revealing a huge amount of previously unpublished information about the ransomware group’s internal workings. The leaked data contains over a year’s worth of chat logs from the open-source instant messaging service Jabber, containing messages between at least 20 chat handles presumed to belong to members of the gang. Among other things, these logs seem to confirm a chain of command linking Conti to Russian intelligence agencies. According to Christo Grozev, executive director of open-source intelligence research group Bellingcat, the chat logs show that members of Conti tried to hack a Bellingcat contributor on the orders of Russia’s main internal security service, the FSB. Russia has been widely criticized for harboring cybercriminal groups in the past, and with certain exceptions — notably the public takedown of the REvil hacker group by the FSB in January — they are largely allowed to operate with impunity provided they refrain from attacking domestic targets. But while proximity to the Russian government has been an advantage for cybercriminals in the past, there are some signs that the dynamics of the Ukraine invasion are turning it into a liability. Though the identity of the leaker has not been revealed, Alex Holden, the Ukrainian-born founder of cybersecurity company Hold Security, said that the logs had been leaked by a Ukrainian security researcher who had managed to infiltrate the Conti gang. “This is a Ukrainian citizen, a legitimate cybersecurity researcher, who is doing this as part of his war against cybercriminals who support the Russian invasion,” Holden said. Further details of the leaker’s identity could not be disclosed without risking his safety, Holden said. The Record also reports that the chat logs contain Bitcoin addresses where payments made to the Conti gang were received, and messages detailing negotiations between Conti and companies that had not disclosed a ransomware incident. Bill Demirkapi, a security researcher who published a version of the logs translated into English via Google, confirmed to The Verge that the logs contained details of Conti’s technical infrastructure, logistical operations, discussions of zero-day vulnerabilities, and details about internal tooling. Given the short timeline since the release of the logs, Demirkapi said, it was hard to assess the long-term impact it would have on the group. Although many of the most prolific ransomware groups are considered to be aligned with Russia, in practice, many of them are transnational entities and include a diversity of ethnicities and nationalities, said Chester Wisniewski, principal research scientist at Sophos. With international opinion overwhelmingly favoring Ukraine, many of them may have decided to steer clear of the conflict rather than declare support for the Russian invasion. “The polarizing nature of this conflict — which effectively seems to be the whole world versus Russia — means there’s way less [cybercriminal] activity than we expected,” Wisniewski said. “I think there’s a lot of sympathy for Ukraine among members of these different groups, and as a result they’re sitting it out.” LockBit, another ransomware group and effectively a competitor to Conti, released a statement on Sunday saying that the group would not target Western infrastructure, supposedly due to the international makeup of the organization. Rather than profess any support for Ukraine, the statement declared neutrality in the conflict. “For us it is just business and we are all apolitical,” the message posted by LockBit said. Though ransomware gangs (with the exception of Conti) have been reluctant to choose sides, certain hacktivist groups — which are by definition political — have rushed to join the cause. A hacktivist group operating from Belarus has claimed to be disrupting the movement of military units by shutting down railways in the country, after the Belarusian government launched missile strikes against Ukraine and agreed to support Russia by sending troops over the Ukrainian border. Separately, a Twitter account linked to Anonymous declared that the hacking collective was “officially in cyber war against the Russian government,” and the group claimed responsibility for a number of DDoS attacks and other hacks against Russian government websites and media channels. Though other groups with offensive hacking capabilities may be tempted to join the conflict, cybersecurity professionals have cautioned against escalation. Regardless of intent, cyberattacks can have unforeseen consequences, particularly if targets are tied to infrastructure or other critical services with applications beyond the military. “I’m worried about collateral damage from the ‘good guys,’ the vigilantes,” Wisniewski said. “Encouraging people to attack [cyber targets], that to me is a very dangerous situation ... it’s not just an innocent activity when you don’t know the side effects.”