Russia-Ukraine Conflict Cyber Resource Center
Find resources to help protect your organization from global cyberattacks related to the Russia-Ukraine conflict
ThreatLabz actively monitors new and emerging threats
The impact of Russia’s invasion of Ukraine has extended beyond geopolitical warfare into a global cyberthreat that endangers critical infrastructure, supply chains, and businesses. The CISA and other government agencies have issued alerts and guidance on the importance of preparing security infrastructure for an increase in destructive Russia-based cyberattacks.
Zscaler is dedicated to helping our global community of SecOps defenders navigate and prepare for these threats.
Read ThreatLabz Security Advisory: Cyberattacks Stemming from the Russia-Ukraine Conflict for security recommendations and to learn more about how we protect our customers.
As your trusted security partner, protecting you from cyberthreats is our top concern
The Zscaler ThreatLabz research team is tracking threat actor groups and related attack campaigns in the wild. Drawing from more than 370 billion transactions and 9 billion blocked threats daily, Zscaler cloud telemetry provides real-time insight and allows us to ensure rapid detection coverage across our platform.
Check back often for new intel, research updates, and resources. The latest ThreatLabz updates offer actionable analysis of tactics and techniques used in targeted attacks against Ukraine.
ThreatLabz discovered a previously undocumented attack chain from this destructive wiper malware. Understand this signature attack chain and update your defenses with intel derived from seven unique samples.
ThreatLabz analyzed concurrent distribution of this apparent decoy ransomware with the delivery of HermeticWiper in Ukraine. Get the details behind this tactic to better understand how to prepare for the real threats that follow.
ThreatLabz analyzed the DDoS attack on the The Ukrainian Ministry Of Defense’s webmail server by a threat actor using DanaBot, a malware-as-a-service platform that was first discovered in 2018. Find out the full details.
ThreatLabz analyzed the Russian-linked Conti ransomware group before it disbanded following the invasion of Ukraine. Conti source code has since fueled new strains like ScareCrow, Meow, Putin, and Akira. ThreatLabz also observed BlackBasta using a negotiation script nearly identical to Conti. Learn more about the enduring impact of Conti.
- Have incident plans documented and clearly available to IT and SecOps
- Patch all weak points in your infrastructure, and isolate or remove what you can't patch
- Document, log, and review all actions, changes, and incidents to facilitate investigation and remediation
- Use Zscaler Private Access™ to provide zero trust access to private apps in public clouds or your data center
- If Zscaler Private Access is not an option, remove visibility of critical services from the internet or implement stringent access controls
- Isolate or disconnect any links to untrusted or third-party networks
- Expect unstable connectivity in high-risk locations
- Enable access via overlay application paths (in Zscaler Private Access)
- Enforce daily reauthentication for users in impacted regions
- Activate these blocks within egress points using Zscaler Internet Access™ so users cannot inadvertently access services and/or IPs hosted in heightened risk locations
- Protect your sensitive information from nation-state attackers by setting up controls to protect your key intellectual property and DLP rules to identify and block IP exfiltration
- Block all malicious payloads in a sandbox
Employ the tenets of zero trust
A zero trust architecture relies on four key tenets to hide vulnerable applications from attackers, detect and block intrusions, and mitigate the damage of successful attacks. We recommend implementing zero trust strategies to protect your organization.
Make apps and servers invisible, impossible to compromise
Stop web app infections and exploit activity
Limit the blast radius with zero trust network access and integrated deception
Stop data exfiltration attempts using inline DLP with TLS inspection