More than three weeks into Russia’s war of choice against Ukraine, fears of cyberattacks on the country’s critical infrastructure have been replaced by widespread death, destruction, and devastating upheaval across the country. The United Nations estimates that 6.5 million people have been displaced, in addition to 3.2 million who had already fled Ukraine. Mariupol, once a thriving city of 430,000 along the country’s southern coast, has been reduced to rubble. Russia has killed more than 100 children during its assault so far.
As the war rages on, we investigated one of the weapons Russia appears to have recently deployed against Ukraine: an AI-powered “suicide drone.” Russia’s reported use of the KUB-BLA drone raises the specter of autonomous weapon systems deciding who dies during warfare. This week also saw what may be the first use of a deepfake to spread misinformation during wartime. The deepfake, of a robotic Volodymyr Zelensky calling on Ukrainians to surrender to Russia, was deeply unconvincing. The Ukrainian president quickly refuted its authenticity, while Facebook, Twitter, and YouTube raced to remove the video from their platforms, potentially providing a how-to guide for responding to sophisticated misinformation in the future.
While we have yet to see Russia wage damaging cyberattacks against Ukraine’s critical infrastructure since it invaded the country in late February, malware used by Russian government hacker group Sandworm, dubbed Cyclops Blink, has spread further than previously known. Researchers at TrendMicro discovered that a version of the malware can infect Asus routers.
Speaking of Russia-linked hackers, we took a deep dive into some 60,000 pages of leaked chats and files swiped from the Conti ransomware group. Our findings revealed the internal machinations of the gang’s oddly businesslike hierarchy, its plans to launch a crypo payment platform and a social network (with dreams of starting an online casino), and what its links to Russia’s military hackers really look like.
The Lapsus$ collective, meanwhile, is adding “chaotic energy” to the world of cybercrime. As we found in our dive into the group's activities—which include targeting high-profile companies like Samsung and Nvidia—its tactics differ from ransomware gangs like Conti, using phishing attacks and data theft to extort its victims rather than encrypting their systems and demanding payment. And while the group claims it's not politically motivated, some experts remain unsure about Lapsus$'s ultimate aim.
Lastly, we dove into Big Tech’s big plans to finally (finally!) kill off the password. After a decade of work on the problem, the FIDO Alliance—whose members include Amazon, Meta, Google, Apple, and more—believes it has discovered the missing piece to make ditching our passwords easy.
Of course, that’s not all. For all the big security stories we didn’t have a chance to cover this week, click the headlines below. (And yes, a lot of them have to do with Russia.)
The TSA’s Efforts to Protect US Pipelines Are Falling Short
The Transportation Security Administration isn’t just in charge of airport security. The agency is also tasked with protecting US oil and gas pipelines—and it’s not going well. Thanks to understaffing and strict federal requirements, the TSA is reportedly struggling to meet its pipeline-security mandate. The TSA’s focus on protecting this critical infrastructure follows the May 2021 attack on Colonial Pipeline, but its mission has become all the more crucial as the specter of worst-case-scenario attacks by Russia or other nation-state actors looms large.
Google Names Hacker Intrusion Group Exotic Lily
Google’s Threat Analysis Group (TAG) on Thursday said it uncovered a new group of “financially motivated” attackers that it believes breaks into targeted systems and then sells that access to other malicious actors, including Russian cybercrime groups like ransomware gangs Wizard Spider (aka UNC 1878) and Conti. Dubbed Exotic Lily by Google researchers, the group appears to be located in Central Europe and has targeted a wide range of victims, with a focus on cybersecurity, health care, and IT firms. To dupe these targets, Exotic Lily’s members use phishing attacks concealed through spoofed domains, fake email addresses, and fake profiles on social media and other platforms, according to TAG.
Anonymous Hackers Target a Russian Pipeline Company—and Evoke Hillary Clinton
Vigilante hackers have been on a tear against Russian targets since the first days of Vladimir Putin’s war against Ukraine. But it’s the newly reinvigorated Anonymous hacktivist collective that’s caused the most ruckus. Late this week, Anonymous claimed to have stolen 79 GB of emails from Transneft, a state-controlled Russian pipeline company, which were revealed by the transparency journalism outlet Distributed Denial of Secrets. Clearly having a bit of fun, the Anonymous hacktivists dedicated their intrusion to Hillary Clinton, who appeared to call on Anonymous to hack Russian targets during a February 25 appearance on MSNBC.
Germany: Don’t Use Kaspersky Antivirus
Acting out of an abundance of caution, Germany’s Federal Office for Information Security (BSI), warned local companies against using Kaspersky’s antivirus software on the grounds that the company would be compelled to spy on users for the Kremlin. Echoing the US government's murky foundation for banning Kaspersky products in 2017, BSI's warning does not appear to be based on any specific intelligence, and the company asserted as much in response to BSI’s warning. “We believe that peaceful dialogue is the only possible instrument for resolving conflicts,” the company said in a statement. “War isn’t good for anyone.”
More Great WIRED Stories📩 The latest on tech, science, and more: Get our newsletters!Jacques Vallée still doesn’t know what UFOs areWhat will it take to make genetic databases more diverse?TikTok was designed for warHow Google's new tech reads your body languageThe quiet way advertisers track your browsing👁️ Explore AI like never before with our new database🏃🏽♀️ Want the best tools to get healthy? Check out our Gear team’s picks for the best fitness trackers, running gear (including shoes and socks), and best headphonesMost PopularBusinessThe End of Airbnb in New York
Amanda Hoover
BusinessThis Is the True Scale of New York’s Airbnb Apocalypse
Amanda Hoover
CultureStarfield Will Be the Meme Game for Decades to Come
Will Bedingfield
GearThe 15 Best Electric Bikes for Every Kind of Ride
Adrienne So