Rapid7: Cybersecurity updates in Russia and Ukraine


Cyber ​​attacks are a particular problem in the Russia-Ukraine conflict, with the potential to affect individuals and organizations well beyond the physical front lines. With events rapidly evolving, we aim to provide a single channel through which to share the most important cyber-related developments from the conflict with the security community every day.

Every business day, we will update this blog at 5:00 p.m. EST with what we believe to be the most important updates in terms of cybersecurity and threat intelligence related to the Russia-Ukraine war. We hope this blog will make it easier for you to stay up to date on these events during an uncertain and rapidly changing time.

March 3, 2022

Additional sanctions: The US Treasury announced another round of sanctions against Russian elites and many organizations it described as outlets for disinformation and propaganda.

Public order: The Russia-Ukraine conflict is adding momentum to cybersecurity regulatory measures. This also includes recently

  • Incident Reporting Act: Citing the need to defend against potential retaliatory attacks from Russia, the US Senate passed legislation requiring owners and operators of critical infrastructure to report significant cybersecurity incidents and ransomware payments to CISA. The US House of Representatives is now considering expediting this bill, meaning it could soon become law.
  • FCC Request on BGP Security: “[E]especially given Russia’s escalating actions in Ukraine,” the FCC invites comment on vulnerabilities threatening the Border Gateway Protocol (BGP), which is central to the Internet’s global routing system.

CISA Threat Notice: CISA recently repeated that there is currently no concrete, credible threat against the United States. It also references its Shields Up recommendation for resources and updates related to the Russia-Ukraine conflict.

Threat Intelligence update

  • A hacking group linked to Anonymous claims to have hacked a branch of the Russian military and Rosatom, the Russian state-run nuclear energy company.

Hacktivist group Anonymous and its affiliate hacked and leaked access to the phone directory of the Military Prosecutor’s Office of the Southern Military District of Russia, as well as documents from the Rosatom State Atomic Energy Corporation.

Available in Threat Library as: OpRussia 2022 (for Threat Command customers who want to learn more)

  • A threat actor supporting Russia claims to have hacked and leaked sensitive information related to Ukraine’s military.

Threat actor Lenovo claims to have hacked a branch of Ukraine’s military and leaked confidential information about its soldiers. The information was leaked to an underground Russian hacking forum.

Source: XSS forums (discovered by our dark web threat hunters)

  • A group linked to Anonymous hacktivists has taken down the popular Russian news website lenta.ru

As part of the OpRussia cyberattack campaign, an anonymous hacktivist group called “El_patron_real” took down one of Russia’s most popular news websites. lenta.ru. As of Thursday afternoon, March 3rd, the website is still down.

Available in the Threat Library as: El_patron_real (for Threat Command customers who want to learn more)

Additional reading:


Get the latest security stories, expertise and news today.

Subscribe to


About Author

Comments are closed.