Incident Response Blog: Cyber Incidents in Ukraine

As Russian forces take military action in Ukraine, cybersecurity companies are reporting various cyber attacks targeting organizations within Ukraine, such as government agencies and critical infrastructure companies, and organizations outside of the country that provide services to Ukraine. Additionally, the U.S. government has warned organizations to prepare for any cyber incidents that may have consequences for critical infrastructure in the U.S. (link: https://www.cisa.gov/shields-up).

Members of the Cyber Threat Alliance stand ready to respond and collaborate on any and all cyber incidents related to this activity. CTA members are providing advice to their customers on how to prepare via their blogs and providing technical analyses of the malware used in these attacks and DDoS attacks targeting websites. CTA members are also sharing pre-release blog posts with CTA’s Early Sharing program to ensure that industry response efforts are aligned with the most up-to-date understanding of this threat.

Throughout this event, CTA will use this blog to provide links to CTA member posts regarding cyber incidents in Ukraine and how their customers can be prepared. As new materials and insights are made available, we will update this blog post.

Avast

Check Point

Cisco

Fortinet

McAfee

Morphisec

Netscout

Palo Alto Networks

Rapid7

Reversing Labs

Scitum

SecurityScorecard

SonicWall

Sophos

Symantec

TEHTRIS

Author: Neil Jenkins, CTA