#OpRussia Resurgence Continues Amidst Ukrainian Tension
Target: Russian governmental and major organisations
Attack Vector: Data leaks. But DDoS attacks and site defacement are also likely in the future
Threat Actor: @AnonyInfo, @SambaCry
Summary: In April BT Security Threat Intelligence observed the return of the #OpRussia campaign targeting the Russian government and major companies. This is largely in relation to events on the ground including Russia’s increasingly aggressive foreign policy. The upcoming FIFA World Cup has been touted as a likely factor in the return of the campaign, with diplomatic relations between Russia and the West currently at a low point.
In late May several attacks were observed by @AnonyInfo_ against various sites. In addition, Russia has been particularly aggressive in recent weeks against Ukraine, a nation which already has been sharing a prickly relationship with Moscow in recent years. With Ukraine becoming increasingly pro-EU, this corrosive relationship could pave the way for further attacks under the #OpRussia banner.
Risk assessment summary: This threat is assessed as 3d MODERATE. Russia has been engaging in increasing cyber espionage campaign activity, with the VPN Filter malware in Ukraine in May a key example which could potentially trigger a response in hacktivist activity. The hacktivist activity observed in May is significant as it signals the #OpRussia campaign is here to stay after resuming, with the World Cup impending in June, further attacks are likely.
The risk is also at a significant level. @AnonyInfo have been seen to carry out DDoS attacks as well as data leaks and much of their capability is still to be displayed in this campaign. The high amount of threat actors active in this campaign means the use of shared resources could lead to damaging compromises of systems and sites.