This post is also available in:

日本語 (Japanese)

Українська (Ukrainian)

In the last month, Talos has seen a shift in activity in response to the unjust invasion of Ukraine. This post is meant to serve as our executive overview of the situation and provide you with the most up-to-date information and security content from Talos. As with any highly fluid or dynamic situation, we are doing our best to provide our customers with highly accurate and timely intelligence and information.

Content related to Ukrainian activity:

Please note that indicators of compromise (IOCs) related to the activity are available in the HermeticWiper and WhisperKill blogs.

General guidance

Our  general and primary guidance for companies and individuals alike continues to echo the recommendations from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) "Shields Up" guidance.

Talos is proud of not only our team's cybersecurity response but also a volunteer OSINT force of over 500 motivated Cisco teammates.  Even more are undertaking humanitarian refugee relief efforts to make life just a little safer and easier in a part of the world many have never been. Teams have set aside their normal tasks, and now watch over Ukrainian networks, others have focused on caring for and protecting refugees and still, others have turned their obsession with social media into a critical component of our open-source intelligence work.