Cyber threat activity in Ukraine: analysis and resources
2022-3-1 10:21:1 Author: msrc-blog.microsoft.com(查看原文) 阅读量:17 收藏

Microsoft has been monitoring escalating cyber activity in Ukraine and has published analysis on observed activity in order to give organizations the latest intelligence to guide investigations into potential attacks and information to implement proactive protections against future attempts.

We’ve brought together all our analysis and guidance for customers who may be impacted by events in Ukraine into this single location for ease of consumption, all of which is linked below. In this blog, we’ve also included general security guidance for organizations to build cyber resilience. As the situation in the region develops, we will continue to publish new insights and add to this set of resources.

Microsoft has been notifying customers in Ukraine of activity, where possible, and closely coordinating with the government in Ukraine.  This support is ongoing.

We have also summarized information about what we are doing around protecting organizations in Ukraine from cyberattacks; protecting against state-sponsored disinformation campaigns; supporting humanitarian assistance; and protecting our employees: Digital technology and the war in Ukraine.

Published Microsoft analysis of malicious activity in Ukraine 

Phishing attacks on Ukrainian soldiers:

Recent disk wiping attacks:

Advanced threat actor ACTINIUM which has consistently pursued access to organizations in Ukraine or entities related to Ukraine affairs:

Destructive malware operation and malware family known as WhisperGate targeting multiple organizations in Ukraine:

OSINT (open source intelligence) articles around activity in Ukraine are published regularly into the RiskIQ Community. The full list is available here: RiskIQ Community articles on Ukraine activity.

Security guidelines and recommendations

We recommend that customers review their security posture and implement best practices to build resilience against today’s threats. Below are recommendations and links to resources:

  1. Cybersecurity hygiene: Organizations should harden all systems by following basic principles of cyber hygiene to proactively protect against potential threats. Microsoft recommends taking the following steps:
    • Enable multifactor authentication
    • Apply least privilege access and secure the most sensitive and privileged credentials
    • Review all authentication activity for remote access infrastructure
    • Secure and manage systems with up-to-date patching
    • Use anti-malware and workload protection tools
    • Isolate legacy systems
    • Enable logging of key functions
    • Validate your backups
    • Verify your cyber incident response plans are up to date
  2. Microsoft Security Best Practices: Microsoft customers can follow best practices that provide clear actionable guidance for security related decisions. These are designed to improve your security posture and reduce risk whether your environment is cloud-only, or a hybrid enterprise spanning cloud(s) and on-premises data centers: Microsoft Security Best Practices
  3. Protect against ransomware and extortion: Human-operated ransomware attacks can be catastrophic to business operations and are difficult to clean up, requiring complete adversary eviction to protect against future attacks. Follow our ransomware specific technical guidance to help prepare for an attack, limit the scope of damage, and remove additional risks: Human-operated ransomware

We continue to monitor activity and will update this page with more information as the situation develops.


文章来源: https://msrc-blog.microsoft.com/2022/02/28/analysis-resources-cyber-threat-activity-ukraine/
如有侵权请联系:admin#unsafe.sh