Disinfo operations orchestrated by Russia unsettle the portrayal of Ukraine

In recent times, the Cybersecurity and Infrastructure Security Agency (CISA) has warned of foreign influence operations creating false narratives about ongoing conflicts, particularly the war in Ukraine, and potentially targeting critical U.S. infrastructure.

One such example is the "Secondary Infektion" campaign, which spread claims that Ukraine and Poland were planning to deploy Polish troops to western Ukraine. This is just one instance of a broader trend where threat actors, often based in Russia or Belarus, use tactics such as defacing websites, publishing propaganda, and targeting individuals with false and misleading information.

These campaigns sometimes coincide with dangerous wiper attacks or malicious cyber activity. APT 28, a threat actor linked to Russia, used Telegram before the invasion to undermine public confidence in the Ukrainian government and weaken support from Western allies. Meanwhile, the Russian General Staff's Main Intelligence Directorate (GRU), a threat actor linked to APT 28, has been blamed by the Security Service of Ukraine for the 2016 attack on the U.S. Democratic National Committee.

Threat actors linked to Russia have also launched disinformation campaigns to support the country's war in Ukraine, according to Mandiant research. Similarly, the pro-People's Republic of China campaign "Dragonbridge," traced to 2019, shifted tactics to focus on Ukraine, claiming Pentagon-linked bioweapons labs were operating in Ukraine.

Corporate stakeholders are not immune to these threats, with many expressing concern about whether they are targets and wanting to better understand the risk calculus of their technology stacks. In the past week, Russian cyberattacks attributed to the hacker group APT29 (Midnight Blizzard) targeted US government institutions, media, universities, and nonprofit organizations. Amazon successfully thwarted these attacks, which aimed to steal sensitive information by compromising legitimate websites and using sophisticated authentication manipulations.

Microsoft last month issued an extensive report about how Russia has targeted television towers, launched phishing attacks against Ukraine military personnel, and conducted other operations to control information narratives. Ghostwriter, a suspected threat actor, published false information using compromised websites or social media accounts to foment distrust between Ukraine and Poland and discredit NATO's presence in the Baltic states.

It is crucial for all parties to remain vigilant and prepared against these cyber threats, ensuring the protection of critical infrastructure and maintaining the integrity of information during times of conflict.