Russia is poised to launch prolonged cyber retaliatory efforts against the US and NATO countries as a result of the imposition of economic sanctions amid the country's invasion of Ukraine, The Register reports.
Despite the threats of Russian cyberattacks, only 50% of ExtraHop clients have been heeding the Cybersecurity and Infrastructure Security Agency's warning about potential attack spillovers associated with the ongoing invasion, said ExtraHop CEO Patrick Dennis. Dennis emphasized that Russia has leveraged cyberattacks, including distributed denial-of-service attacks against Ukrainian defense and banking sites and the compromise of Viasat internet modems, to accompany its physical warfare efforts.
"Once Russia decided to go kinetic, cyber is not the thing that's going to necessarily fall to the top of the pile. So there could be a stockpile of cyberattacks that's left to happen that the Russians have queued up to execute after this campaign finishes," Dennis said.
Other state-sponsored threat groups have also been empowered to launch their own attacks due to the Russian cyberattack threat, Dennis added.
As part of its latest attacks discovered in June, Tropic Tropper exploited several known Microsoft Exchange Server and Adobe ColdFusion vulnerabilities to distribute an updated China Chopper web shell on a server hosting the Umbraco open-source content management system.
More than 50 Alibaba-hosted command-and-control servers have been leveraged to facilitate the distribution of the backdoor, which impersonates the Java, bash, sshd, SQLite, and edr-agent utilities.
Angola and the Democratic Republic of Congo, which is a new Intellexa client, may have leveraged new Predator infrastructure to enable spyware staging and exploitation, according to an analysis from Recorded Future's Insikt Group.