Firms, individuals caught in the crossfire as hackers seek to profit from Russia-Ukraine war
Last week, a hacker group known as Lapsus$ leaked 200GB worth of confidential data from South Korean electronics firm Samsung. This is the same firm that had targeted American chipmaker Nvidia about a week ago and stolen employee credentials and proprietary information.
A thousand miles away, in Japan, carmaker Toyota had to suspend production operations after one of its suppliers, Kojima Industries, was hit by a cyberattack on February 28. The company supplies plastic parts and electronic components to Toyota.
While these may appear to be unrelated incidents, security experts point out that the Russia-Ukraine war has triggered a wave of cyberattacks targeting companies and individuals outside of the warring nations, reinforcing the suspicion that cybercriminals are trying to exploit the situation for their own gains.
Security experts caution that India too should be on the alert. The reason is that even if an attack occurs in another country, it can compromise its supply chain partners or business entities in India.
"While we have not observed any direct impact to Indian organisations yet, the correlations between technologies and infrastructure could mean that any organisation from a different region can become collateral and get caught in the crosshairs if the attacks occur at a large-scale," said Vicky Ray, principal researcher, Unit 42 at Palo Alto Networks, a cybersecurity company.
Ray attributed this to the dependence on shared infrastructure and interconnected and interdependent nature of technologies. For instance, a large-scale attack on a cloud hosting provider could impact all the businesses that are using its infrastructure across the world, he explained.
While companies are most likely to be targeted to extort money or access the treasure trove of data they hold, attackers have not spared individual users either. According to security experts, cybercriminals are also taking advantage of the situation to dupe individuals who are eager to donate to Ukraine's war efforts and provide aid to citizens in the war-torn country.
On March 4, cyber security firm CheckPoint Research detailed several phishing emails seeking donations in lieu of providing support for Ukraine. Many of these emails were found to be in non-Slavic languages, such as English, which indicates that the targets are no longer limited to the residents of the two warring countries.
Researchers at CheckPoint pointed out that attackers are asking for donations in cryptocurrencies, which is a common tactic used by hackers as it can be harder to trace the source of a hack. “The conflict is polarizing cyberspace. Hacktivists, cybercriminals, white hat researchers or even technology companies are choosing a clear side, emboldened to act on behalf of their choices,” said Lotem Finkelstein, head of threat intelligence at Check Point.
In addition to phishing emails, attackers are also active on instant messaging apps like Telegram, which surpassed a billion downloads globally in August last year. Over 200 million of the company’s users came from India, according to a report by analytics firm Sensor Tower at the time.
According to CheckPoint, about 4% of the groups on Telegram are geared toward donations to support Russia or Ukraine in the current conflict, and many of these are suspicious. Each of these groups on Telegram consist of tens of thousands of users, the company claimed.
To be sure, there are legitimate support groups on the platform too. CheckPoint added that many hackers are also using Telegram groups to plan attacks on Russian entities. Ukraine’s Vice Prime Minister, Mykhailo Fedorov, has even directed users towards Telegram channels for donations and to assist what the Fedorov called its “IT army”.
Finkelstein cautioned that people seeking to donate to Ukraine should first check the domain from which an email has been sent, look for any misspellings in it or the email to verify if the sender is genuine.