Russia-Ukraine Conflict Cyber Resource Center
Find resources to help protect your organization from global cyberattacks related to the Russia-Ukraine conflict
ThreatLabz is actively monitoring the ongoing crisis
The impact from Russia’s invasion of Ukraine has extended beyond geopolitical warfare into a global cybersecurity threat that endangers critical infrastructure, supply chains, and businesses. CISA and other government agencies have issued alerts and guidance on the importance of preparing security infrastructure for an increase in destructive Russia-based cyberattacks.
Zscaler is dedicated to helping our global community of SecOps defenders navigate and prepare for these imminent threats.
Read ThreatLabz Security Advisory: Cyberattacks Stemming from the Russia-Ukraine Conflict for security recommendations and to learn more about how we protect our customers.
As your trusted security partner, protecting you from cyberthreats is our top concern
The Zscaler ThreatLabz research team is tracking threat actor groups and related attack campaigns in the wild. Drawing from more than 200 billion transactions and 150 million blocked threats daily, Zscaler Cloud telemetry provides real-time insight and allows us to ensure rapid detection coverage across our platform.
Check back often for new intel, research updates, and resources. The latest ThreatLabz updates offer actionable analysis of tactics and techniques used in targeted attacks against Ukraine, including:
ThreatLabz discovered a previously undocumented attack chain from this destructive wiper malware. Understand this signature attack chain and update your defenses with intel derived from seven unique samples.
ThreatLabz analyzed concurrent distribution of this apparent decoy ransomware with the delivery of HermeticWiper in Ukraine. Get the details behind this tactic to better understand how to prepare for the real threats that follow.
ThreatLabz analyzed the DDoS attack on the The Ukrainian Ministry Of Defense’s webmail server by a threat actor using DanaBot, a malware-as-a-service platform that was first discovered in 2018. Find out the full details.
ThreatLabz ransomware review analyzed the Russian-linked Conti ransomware group previously, but recently federal agencies including CISA, FBI, NSA, and USSS re-released an advisory warning that “Conti cyber threat actors remain active and reported Conti ransomware attacks against U.S. and international organizations have risen to more than 1,000.” Download the report to learn more about the group.
How you can prepare
We believe combining these actions with a proactive inspection and monitoring approach will help
you mitigate the risks associated with this developing situation.
Double down on the fundamentals with patching, incident response plans, and change documentation
Double down on the fundamentals with patching, incident response plans, and change documentation
- Have incident plans documented and clearly available to IT and SecOps.
- Patch all weak points in your infrastructure, and isolate or remove what you can't patch.
- Document, log, and review all actions, changes, and incidents to facilitate investigation and remediation.
Fully understand your attack surface, then protect it to minimize your risk
Fully understand your attack surface, then protect it to minimize your risk
- Use Zscaler Private Access to provide zero trust access to private apps in public clouds or your data center.
- If Zscaler Private Access is not an option, remove visibility of critical services from the internet or implement stringent access controls.
Consider all networks untrusted and operate with zero trust principles
Consider all networks untrusted and operate with zero trust principles
- Isolate or disconnect any links to untrusted or third-party networks.
- Expect unstable connectivity in high-risk locations.
- Enable access via overlay application paths (in Zscaler Private Access).
- Enforce daily reauthentication for users in impacted regions.
Deploy geolocation blocks against services and IPs hosted in heightened risk locations
Deploy geolocation blocks against services and IPs hosted in heightened risk locations
- Activate these blocks within egress points using Zscaler Internet Access so users cannot inadvertently access services and/or IPs hosted in heightened risk locations.
Enable TLS inspection for all potentially affected users for protection and insight
Enable TLS inspection for all potentially affected users for protection and insight
- Protect your sensitive information from nation-state attackers. Set controls to protect your key intellectual property, and set up DLP rules to identify and block IP exfiltration.
- Block all malicious payloads in a sandbox.
Employ the tenets of zero trust
A zero trust architecture relies on four key tenets to hide vulnerable applications from attackers, detect and block intrusions, and mitigate the damage of successful attacks. We recommend implementing zero trust strategies to protect your organization.
Eliminate the external attack surface
Make apps & servers invisible, impossible to compromise
Prevent compromise with full SSL inspection
Stop web app infections and exploit activity
Prevent lateral movement
Limit the blast radius with zero trust network access & integrated deception
Prevent data exfiltration
Stop data exfiltration attempts using inline DLP with SSL inspection