MODIFICAREA PEISAJULUI AMENINȚĂRILOR CIBERNETICE DATORITĂ IMPLICĂRII GRUPĂRILOR DE CYBERCRIME ÎN RĂZBOIUL RUSO-UCRAINEAN
A year after the start of the Russia-Ukraine war, the threat landscape influenced by cybercrime groups has seen further changes, and while some groups have declared allegiance to the Russian government, others have split over ideological differences or remained apolitical, opting to capitalize on g...
Saved in:
| Main Author: | |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
”Mihai Viteazul” National Intelligence Academy Publishing House
2023-01-01
|
| Series: | Intelligence și Cultura de Securitate |
| Subjects: | |
| Online Access: | https://www.animv.ro/wp-content/uploads/2024/03/2023_ICS_Claudia-Alecsandra_GABRIAN.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841526786324692992 |
|---|---|
| author | Claudia-Alecsandra GABRIAN |
| author_facet | Claudia-Alecsandra GABRIAN |
| author_sort | Claudia-Alecsandra GABRIAN |
| collection | DOAJ |
| description | A year after the start of the Russia-Ukraine war, the threat landscape influenced
by cybercrime groups has seen further changes, and while some groups have declared allegiance to the Russian government, others have split over ideological differences or remained apolitical, opting to capitalize on geopolitical instability for financial gain.
Affiliates of these cybercrime groups are actively involved in operations targeting entities and critical infrastructures of Ukraine, as well as countries that have declared their support for Ukraine, posing a threat to supporting states.
This paper aims to highlight how financially motivated cybercrime actors
capitalize on geopolitical instability and how they aid and abet Russian state interests, either by accident or on purpose. The objectives of the paper are to identify those cybercrime groups that use the ransomware attack or advanced persistent threat methods to carry out major cyber-attacks and how they changed their attack method after the outbreak of the conflict. The research methods used are qualitative, through document analysis and netnography, and the interpretation of the results is a justification of the involvement of cybercrime groups in this war. Netnography is used to analyse how these
cybercrime groups discuss on public forums and groups, such as on Telegram, where they share all the information between members.
In the NIS Directive are mentioned 7 sectors of economic activity that should be
insured a common high level of security of networks and IT systems. In the main results of this research, we identify that cybercriminals groups attack all these main sectors, such as energy, transport, banking, infrastructures, health, and digital infrastructures. There were identified changes in malware-as-a-service and ransomware-as-a-service attacks, as well as changes in cybercriminal tactics and methods to orchestrate an attack. Also, when we refer to ransomware, LockBit, and CL0P groups are currently the most important cybercrime groups that carry out major cyber-attacks on countries from Europe. The information used in the research comes from open sources, mainly oriented toward those
originating from the Russian language and those found in the public groups of the affiliates of these groups. |
| format | Article |
| id | doaj-art-2cefab131d7d4e2e8a31585216c98174 |
| institution | Kabale University |
| issn | 2971-8139 2972-1350 |
| language | English |
| publishDate | 2023-01-01 |
| publisher | ”Mihai Viteazul” National Intelligence Academy Publishing House |
| record_format | Article |
| series | Intelligence și Cultura de Securitate |
| spelling | doaj-art-2cefab131d7d4e2e8a31585216c981742025-01-16T10:59:26Zeng”Mihai Viteazul” National Intelligence Academy Publishing HouseIntelligence și Cultura de Securitate2971-81392972-13502023-01-0124156MODIFICAREA PEISAJULUI AMENINȚĂRILOR CIBERNETICE DATORITĂ IMPLICĂRII GRUPĂRILOR DE CYBERCRIME ÎN RĂZBOIUL RUSO-UCRAINEANClaudia-Alecsandra GABRIAN0Babeș-Bolyai UniversityA year after the start of the Russia-Ukraine war, the threat landscape influenced by cybercrime groups has seen further changes, and while some groups have declared allegiance to the Russian government, others have split over ideological differences or remained apolitical, opting to capitalize on geopolitical instability for financial gain. Affiliates of these cybercrime groups are actively involved in operations targeting entities and critical infrastructures of Ukraine, as well as countries that have declared their support for Ukraine, posing a threat to supporting states. This paper aims to highlight how financially motivated cybercrime actors capitalize on geopolitical instability and how they aid and abet Russian state interests, either by accident or on purpose. The objectives of the paper are to identify those cybercrime groups that use the ransomware attack or advanced persistent threat methods to carry out major cyber-attacks and how they changed their attack method after the outbreak of the conflict. The research methods used are qualitative, through document analysis and netnography, and the interpretation of the results is a justification of the involvement of cybercrime groups in this war. Netnography is used to analyse how these cybercrime groups discuss on public forums and groups, such as on Telegram, where they share all the information between members. In the NIS Directive are mentioned 7 sectors of economic activity that should be insured a common high level of security of networks and IT systems. In the main results of this research, we identify that cybercriminals groups attack all these main sectors, such as energy, transport, banking, infrastructures, health, and digital infrastructures. There were identified changes in malware-as-a-service and ransomware-as-a-service attacks, as well as changes in cybercriminal tactics and methods to orchestrate an attack. Also, when we refer to ransomware, LockBit, and CL0P groups are currently the most important cybercrime groups that carry out major cyber-attacks on countries from Europe. The information used in the research comes from open sources, mainly oriented toward those originating from the Russian language and those found in the public groups of the affiliates of these groups.https://www.animv.ro/wp-content/uploads/2024/03/2023_ICS_Claudia-Alecsandra_GABRIAN.pdfcyber-attackscybercrime groupscyber threatsransomwaretelegram |
| spellingShingle | Claudia-Alecsandra GABRIAN MODIFICAREA PEISAJULUI AMENINȚĂRILOR CIBERNETICE DATORITĂ IMPLICĂRII GRUPĂRILOR DE CYBERCRIME ÎN RĂZBOIUL RUSO-UCRAINEAN Intelligence și Cultura de Securitate cyber-attacks cybercrime groups cyber threats ransomware telegram |
| title | MODIFICAREA PEISAJULUI AMENINȚĂRILOR CIBERNETICE DATORITĂ IMPLICĂRII GRUPĂRILOR DE CYBERCRIME ÎN RĂZBOIUL RUSO-UCRAINEAN |
| title_full | MODIFICAREA PEISAJULUI AMENINȚĂRILOR CIBERNETICE DATORITĂ IMPLICĂRII GRUPĂRILOR DE CYBERCRIME ÎN RĂZBOIUL RUSO-UCRAINEAN |
| title_fullStr | MODIFICAREA PEISAJULUI AMENINȚĂRILOR CIBERNETICE DATORITĂ IMPLICĂRII GRUPĂRILOR DE CYBERCRIME ÎN RĂZBOIUL RUSO-UCRAINEAN |
| title_full_unstemmed | MODIFICAREA PEISAJULUI AMENINȚĂRILOR CIBERNETICE DATORITĂ IMPLICĂRII GRUPĂRILOR DE CYBERCRIME ÎN RĂZBOIUL RUSO-UCRAINEAN |
| title_short | MODIFICAREA PEISAJULUI AMENINȚĂRILOR CIBERNETICE DATORITĂ IMPLICĂRII GRUPĂRILOR DE CYBERCRIME ÎN RĂZBOIUL RUSO-UCRAINEAN |
| title_sort | modificarea peisajului amenintarilor cibernetice datorita implicarii gruparilor de cybercrime in razboiul ruso ucrainean |
| topic | cyber-attacks cybercrime groups cyber threats ransomware telegram |
| url | https://www.animv.ro/wp-content/uploads/2024/03/2023_ICS_Claudia-Alecsandra_GABRIAN.pdf |
| work_keys_str_mv | AT claudiaalecsandragabrian modificareapeisajuluiamenintarilorciberneticedatoritaimplicariigruparilordecybercrimeinrazboiulrusoucrainean |