Cyberattacks: How Russia Intensified Its Ukraine TargetingEset's Jean-Ian Boutin Details Russia-Aligned Wiper, Phishing and Ransomware Trends
When Russia launched its all-out invasion of Ukraine on Feb. 24, 2022, Moscow-aligned hackers who had been targeting the country for the past decade followed suit. "Since the beginning of the conflict, what we saw is really an intensification," said Jean-Ian Boutin, director of threat research at Eset.
The firm has been working closely with Ukrainian organizations on defense, in part by tracking the tactics, techniques and procedures being used by Russia-aligned hackers.
Since at least 2014, attackers had been hitting government, finance and other organizations in Ukraine especially hard, and they doubled down on those attacks, Boutin said. When the conflict intensified, those hackers "really used all the prior accesses that they had into organizations to launch these wiper attacks," he said. "So this is something that we still see today: They are trying to use these wipers. The organization will have a hard time to operate normally, because all of their systems have been completely rendered useless."
In this video interview with Information Security Media Group at RSA Conference 2023, Boutin discusses:
- How ransomware, wipers and phishing attacks are being used by Sandworm and other Russia-affiliated groups;
- What's surprising about the tactics and targets being used - and also not used - as part of Russian cyber operations;
- Predictions for how nation-state cyber operations and cyberespionage attacks will evolve.
For 12 years, Boutin has probed malware trends, reverse-engineered binaries and developed effective countermeasures for emerging threats. With almost two decades of industry experience, he also has served as a member of the scientific advisory committee at Smart Cybersecurity Network. He has presented at multiple security conferences, including RSA Conference, Black Hat, REcon, BlueHat, Virus Bulletin and ZeroNights.