Real 'Cyber War': Espionage, DDoS, Leaks, and Wipers in the Russian Invasion of Ukraine

Presented at Black Hat USA 2022, Aug. 10, 2022, 3:20 p.m. (40 minutes)

The Russian invasion of Ukraine has included a wealth of cyber operations that have tested our collective assumptions about the role that cyber plays in modern warfare. The concept of 'Cyber War' has been subject to all kinds of fantastic aberrations fueled by commentators unfamiliar with the realities and constraints of real world cyber.

From the beginning of 2022, we have dealt with at least seven strains of wiper malware targeting Ukraine. The latest wiper was used to attack satellite modems with suspected spillover into critical infrastructure in Western Europe. Before this, nation-state wiper malware was relatively rare and this period of abundance is teaching us a great deal about the effects attackers can('t) have during military operations and what we should realistically expect in an era of hybrid warfare with cyber components.

Presenters:

• Juan Andrés Guerrero-Saade - Principal Threat Researcher, SentinelOne   as Juan Andres Guerrero-Saade
  Juan Andrés (JAG-S) leads research at SentinelLabs and is an Adjunct Professor of Strategic Studies at Johns Hopkins School of Advanced International Studies (SAIS). Juan Andrés was Chronicle Security's Research Tsar, founding researcher of the Uppercase team, and a stealth startup co-founder. Prior to joining Chronicle, he was Principal Security Researcher at Kaspersky's GReAT team focusing on targeted attacks and worked as Senior Cybersecurity and National Security Advisor to the Government of Ecuador. His joint work on Moonlight Maze is now featured in the International Spy Museum's permanent exhibit in Washington, DC. You can follow him on Twitter @juanandres_gs
• Tom Hegel - Senior Threat Researcher, SentinelOne
  Tom Hegel is a Senior Threat Researcher at SentinelLabs and focused on advancing cyber threat intelligence through his industry work, security publications, and humanitarian cybersecurity research which aims to help vulnerable communities, impacted businesses, and targeted individuals across many cultures. He is a successful publisher of numerous public disclosures on state-linked adversary groups, opportunistic crime groups, and various global events impacted by the technology threat landscape. Tom has investigated and provided aid against numerous targeted threat actors, and organized criminal groups, that have taken advantage of major global events to launch offensive campaigns against businesses and government agencies globally.

Links:

• https://www.blackhat.com/us-22/briefings/schedule/#real-cyber-war-espionage-ddos-leaks-and-wipers-in-the-russian-invasion-of-ukraine-27206

Similar Presentations:

• REcon 2023 / GRU’s toolkit: A deep dive into the disruptive arsenal
• BSidesDC 2016 / Cyber Threats and Russian Information and Electronic Warfare
• DEF CON 18 (2010) / Perspectives on Cyber Security and Cyber Warfare