This post is also available in:
In the last month, Talos has seen a shift in activity in response to the unjust invasion of Ukraine. This post is meant to serve as our executive overview of the situation and provide you with the most up-to-date information and security content from Talos. As with any highly fluid or dynamic situation, we are doing our best to provide our customers with highly accurate and timely intelligence and information.
Content related to Ukrainian activity:
- Current executive guidance for ongoing cyberattacks in Ukraine
- Threat Advisory: HermeticWiper
- Threat Advisory: Cyclops Blink
- Crowd-sourced attacks present new risk of crisis escalation
- Ukraine Campaign Delivers Defacement and Wipers, in Continued Escalation
- Cisco stands beside its customers in Ukraine
- ThousandEyes internet analysis of Ukraine
- Threat Advisory: Cybercriminals compromise users with malware disguised as pro-Ukraine cyber tools
- Threat Advisory: Opportunistic cyber criminals take advantage of Ukraine invasion
- Threat Advisory: CaddyWiper
- Threat Advisory: DoubleZero
Please note that indicators of compromise (IOCs) related to the activity are available in the HermeticWiper and WhisperKill blogs.
General guidance
Our general and primary guidance for companies and individuals alike continues to echo the recommendations from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) "Shields Up" guidance.
Talos is proud of not only our team's cybersecurity response but also a volunteer OSINT force of over 500 motivated Cisco teammates. Even more are undertaking humanitarian refugee relief efforts to make life just a little safer and easier in a part of the world many have never been. Teams have set aside their normal tasks, and now watch over Ukrainian networks, others have focused on caring for and protecting refugees and still, others have turned their obsession with social media into a critical component of our open-source intelligence work.