Over the past week, TRM analysts have been reviewing dark web forums to gauge threat actor sentiment on the current conflict in Ukraine. In general, threat actors are concerned about the potential impact of the new sanctions on their ability to conduct illegal activity, including cryptocurrency.
The dark web is also a safe place for hacker collectives to coordinate attacks against sites or chat channels associated with Russia and Ukraine. These attacks often result in leaks of sensitive information belonging to the other side, as well as disinformation campaigns.
Hacktivists on the Dark Web
There are many hacktivists on the dark web, a hidden network of internet sites accessible only with special software. These websites are not indexed by search engines and can be used for highly illegal activities, such as drug trafficking, fraud, and pedophilia. Hidden wiki url
In some cases, hacktivists use their exploits to convey political dissatisfaction with a government or corporation. They may also conduct attacks for monetary gain. They might steal data to sell on darknet markets, or they might share it with opposing governments or corporate competitors.
While the motivations of hacktivists can vary, their methods are usually highly damaging to their targets. They often use information leaks, doxing, and website vandalism to convey their message.
Doxing involves exposing information about an individual, such as their personal details or the contents of their email accounts. It's not always dangerous, but it can be harmful if the targeted person has a dubious past.
It can cause people to distrust that individual or a company, which can lead to them avoiding the organization. It can also affect a business's productivity.
Some hackers may choose to focus on a single group or country, such as the United States or Russia. Others might target several countries or organizations to express their dissatisfaction with a political or social issue.
Regardless of their goals, hacktivists use the same exploits and tools to conduct their activities. Some use Distributed Denial of Service (DDoS) tools to flood a target with thousands of connection requests and packets per minute, preventing them from functioning properly.
Other attacks can result in malware or ransomware being installed on a business's computers. The resulting damage can cost a business millions of dollars in lost revenue and productivity.
There are many other ways in which attackers use the dark web to conduct illicit activity. They might use phishing scams to trick people into giving them access to their systems. They might also install malware or ransomware on targeted computers to extort money from victims.
To protect yourself from threats, make sure to install an endpoint security program that includes identity monitoring and antivirus protections. Then, be sure to keep your computer updated with the latest antivirus patches and antimalware protections.
Cyber Intelligence Collection
In the world of cyber security, threat intelligence is an important part of the defense equation. It helps protect your assets and personnel by providing vital context data that enables your cybersecurity team to detect and respond to attacks before they become a major problem.
There are many ways to generate cyber intelligence. At Europol, we take a multi-pronged approach to collecting and assessing all available information to produce a comprehensive view of the current state of cybercrime in Europe.
One way to do this is by employing a sophisticated data analysis tool that combines thousands of threat intelligence feeds into a single feed. This enables efficient characterization, categorization and alert generation.
It also allows us to quickly share critical news with the CSIRT community. This has allowed us to be one of the first to identify and address major cyber incidents that could have serious implications for our customers, their business models and the general public.
The best way to generate this kind of data is to identify and document the sources that define your organization’s cyber security landscape. Then, assign the right roles and responsibilities within your team to collect, assess and deliver the best possible intelligence on threats. This will enable your IT team to create a more comprehensive cyber resilience strategy. Among the best sources of cyber intelligence are your own network, DNS, proxy and endpoint anti-malware logs.
Influence Operations
Influence operations are a form of propaganda that can be conducted through social media or other online platforms. They can be used to undermine trust, increase polarization and threaten democratic processes. In the recent war in Ukraine, Russia has been using cyber influence to deceive and sway people on both sides of the conflict.
A growing body of research has explored how the use of information weapons can reshape international relations. RAND researchers have developed strategies and policy frameworks to help military leaders, governments and policymakers counteract this threat.
Many discussions about influence operations focus on a single aspect, such as the use of false or misleading information to deceive a particular audience. However, to understand how these campaigns operate, it is essential to consider the broader context in which they are carried out.
To examine these activities, we need to look at the actors that conduct them and the methods they employ. We also need to assess the effects of these efforts on individuals and groups.
This requires an interdisciplinary approach that brings data scientists, policy analysts, law students, and journalists together for the purpose of studying these activities. For example, Stanford Law School’s Internet Observatory and Carnegie Mellon University’s Center for Informed Democracy & Social - Cybersecurity are among the many academic institutions conducting research on influence operations.
As in cybersecurity, understanding how influence operations work requires a socio-technical approach that analyzes how people interact with content on social media. A model based on the Cyber Kill Chain can be used to conceptualize the process of an influence operation as interlinked stages that seek alternative actions from a target audience.
In order to combat coordinated influence operations, tech platforms have taken proactive steps to policing their sites of harmful content and malicious behavior. They have developed a variety of content moderation tools to detect and remove inauthentic accounts and pages.
However, bad actors have become more sophisticated in their methods in recent years. They have been able to blur the line between genuine human conversation and deceptive online behavior, which makes it harder for bot-detecting algorithms to differentiate between legitimate and malicious accounts.
Scams
In recent months, the dark web has seen a surge in scams involving the Ukraine war. Cybercriminals are seeking to make money off the sympathy of people who are willing to donate to help Ukraine victims.
One of the most popular scams involves sending out phishing emails to individuals who are seeking to donate to charity. These phishing attacks involve fake chatboxes, mock-up donation verifiers and other techniques designed to trick donors into sending cash.
Another scam targets organizations in the manufacturing sector for malware via an email titled “REQ Supplier Survey”. In this attack, the victim is asked to fill out a survey that asks for details about their back-up plans in response to the Ukraine war. Once the recipient opens this survey, they are redirected to a Discord link that deploys a malicious payload.
As a result of the Russia-Ukraine war, hackers have been using the dark web to sell military-grade weapons that were reportedly sent to Ukraine by the United States and other Western countries. These weapons are being resold on the dark web to terrorists in Ukraine and elsewhere for use against Ukrainian security forces.
The dark web is also a popular destination for drug sales, particularly cathinones, the white synthetic stimulants that mimic cocaine and MDMA. These drugs are especially prevalent in Russia, eastern Europe and the Balkans where they are relatively cheap and easy to manufacture locally.
Some Ukrainians are even buying and selling weaponry on the dark web, according to a report from Russian state TV. However, some of the weapons supposedly being sold on the dark web are actually fakes, according to an investigation by the BBC.
In other cases, pro-Kremlin accounts are advertising anti-tank weapons that they claim were given to the Ukrainian military by the US and other Western countries. These weapon listings on the dark web appear genuine and are being sold for realistic prices, but some experts believe they are fakes.
As the Ukraine war continues to escalate, scammers have been taking advantage of social media platforms like Twitter to reach victims and solicit donations. Various scams are being run on the social media platform, including crypto currency scams, which ask for bitcoin donations in order to help Ukraine victims.