Leonardo’s Security Operation Centre (SOC) issued its quarterly report on attacks, threat actors and vulnerabilities recorded between the beginning of July and the end of September 2022. SOC’s analysis revealed some common features during this period:
- Together with the Ukraine conflict, other politically motivated attacks on states were reported
- Russian disinformation campaigns continue: the case of Finnish linguistic minorities
- Changes in activity of certain Threat Actors.
Cyber-attacks give ‘voice’ to political tensions and protests
The Russia-Ukraine war continues to see intense threat actor activity, from both sides, but politically motivated cyber-attacks are not purely limited to the conflict. More specifically, two internationally renowned events that were accompanied by significant and large-scale cyber offensives hit world political headlines. The first was the surprise visit of the speaker of the US House of Representatives, Nancy Pelosi, to Taiwan in early August. Her visit, which reignited tensions between Taiwan, the US and China, led to attacks on various Taiwanese institutions by Chinese threat actors.
Then, in September, the death of Masha Amini, a symbol of the battle for women’s rights in Iran, triggered a vast Anonymous operation, dubbed #OpIran, which targeted the Tehran government’s official websites.
Does misinformation also hinder social integration?
The Ukraine conflict is still subject to constant disinformation campaigns on social media and in Q3, Russian propaganda not only intensified but also became more sophisticated. In particular, a major fake news campaign sought to trigger panic about an imminent Russian invasion of Finland. This time, the victims were the Arab linguistic minorities living in the country, targets considered more suspicious of official Finnish news due to their poorer grasp of the language. On the Helsinki government’s request, several social media platforms - TikTok and Twitter first - stepped up their efforts to counter the misinformation campaign.
Leading threat actors abandon ransomware for cryptojacking
In recent months, companies, institutions and individuals have fallen victim to increasingly frequent ransomware attacks. However, some threat actors are abandoning this type of attack because, as authorities have become more aware of them, stricter laws have been introduced to prevent victims paying ransoms to attackers. In this way, governments attempt to prevent malicious collectives from using ransom proceeds to carry out attacks, including those on sensitive national security targets.
Among these was the developer AstraLocker, which released its decryptors to the public to allow victims to restore encrypted files and has now decided to turn its attention to other malicious activities. In fact, the threat actor’s new focus appears to be cryptojacking, namely the illegal installation of software onto victims’ devices that uses their computing resources to mine cryptocurrencies.