Putin and the Russian Army have just invade the Ukraine. This is Round Three, and may be for real this time, real as in Russian takes back the Ukraine and annexes an entire country.
The Russians have used Ukraine Rounds One and Two, and similar incursions against Georgia and other independent republics as practice. They have specialized in a new type of hybrid warfare that combine cyber-war with traditional military tactics like invasion.
One of the things all of us can expect to see is the Russian cyberoperations and cyber criminal groups working for Russia be begin cyberattacks against the west. Here is something weird I got in my inbox today. Not sure what it is or what any of this means, but I will share my conversation with a client about this phishing attack. You should be on the lookout for similar exploits, even crude ones like this.
To read the emails more easily, click on the images to open them in full screen.
Here is the original email
I replied to all to deliver a warning, and discovered that the address list is very short (only 10 targets) for this sort of exploit. Also, four of these email addresses came back as undeliverable
I also alerted Ryan Lundervold about this email since it was designed to look like it came from him.
HIs response lead me to investigate further
The email headers showed this email originated in Poland.
I came to the conclusion that is email was just a poorly executed cyber attack, a bit of clutter in the all the attacks originating from the Russian Federation and the GRU over the last few weeks and the next several weeks as this invasion progresses.
You should be on the lookout for similar exploits, even crude ones like this.