Resource Center

Russia's Invasion of Ukraine Cyber Resource Center

Find resources to help protect your organization from global cyberattacks related to Russia's invasion of Ukraine

ThreatLabz actively monitors new and emerging threats

The impact of Russia’s aggression and invasion of Ukraine has extended beyond geopolitical warfare into a global cyberthreat that endangers critical infrastructure, supply chains, and businesses. The CISA and other government agencies have issued alerts and guidance on the importance of preparing security infrastructure for an increase in destructive Russia-based cyberattacks. 

Zscaler is dedicated to helping our global community of SecOps defenders navigate and prepare for these threats. 
  
Read ThreatLabz Security Advisory: Cyberattacks Stemming from Russia's invasion of Ukraine for security recommendations and to learn more about how we protect our customers.

THREATLABZ RESEARCH

As your trusted security partner, protecting you from cyberthreats is our top concern

The Zscaler ThreatLabz research team is tracking threat actor groups and related attack campaigns in the wild. Drawing from more than 400 billion transactions and 9 billion blocked threats daily, Zscaler cloud telemetry provides real-time insight and allows us to ensure rapid detection coverage across our platform.

 

Check back often for new intel, research updates, and resources. The latest ThreatLabz updates offer actionable analysis of tactics and techniques used in targeted attacks against Ukraine.

HermeticWiper malware

ThreatLabz discovered a previously undocumented attack chain from this destructive wiper malware. Understand this signature attack chain and update your defenses with intel derived from seven unique samples.
 

PartyTicket ransomware

ThreatLabz analyzed concurrent distribution of this apparent decoy ransomware with the delivery of HermeticWiper in Ukraine. Get the details behind this tactic to better understand how to prepare for the real threats that follow.
 

DanaBot DDoS attack

ThreatLabz analyzed the DDoS attack on the The Ukrainian Ministry Of Defense’s webmail server by a threat actor using DanaBot, a malware-as-a-service platform that was first discovered in 2018. Find out the full details.
 

Conti ransomware

ThreatLabz analyzed the Russian-linked Conti ransomware group before it disbanded following the invasion of Ukraine. Conti source code has since fueled new strains like ScareCrow, Meow, Putin, and Akira. ThreatLabz also observed BlackBasta using a negotiation script nearly identical to Conti. Learn more about the enduring impact of Conti.
 

How to Stay Prepared
Double down on the fundamentals with patching, incident response plans, and change documentation
  • Have incident plans documented and clearly available to IT and SecOps
  • Patch all weak points in your infrastructure, and isolate or remove what you can't patch
  • Document, log, and review all actions, changes, and incidents to facilitate investigation and remediation
Fully understand your attack surface, then protect it to minimize your risk
  • Use Zscaler Private Access™ to provide zero trust access to private apps in public clouds or your data center
  • If Zscaler Private Access is not an option, remove visibility of critical services from the internet or implement stringent access controls
Consider all networks untrusted and operate with zero trust principles
  • Isolate or disconnect any links to untrusted or third-party networks
  • Expect unstable connectivity in high-risk locations
  • Enable access via overlay application paths (in Zscaler Private Access)
  • Enforce daily reauthentication for users in impacted regions
Deploy geolocation blocks against services and IPs hosted in heightened risk locations
  • Activate these blocks within egress points using Zscaler Internet Access™ so users cannot inadvertently access services and/or IPs hosted in heightened risk locations
Enable TLS inspection for all potentially affected users for protection and insight
  • Protect your sensitive information from nation-state attackers by setting up controls to protect your key intellectual property and DLP rules to identify and block IP exfiltration
  • Block all malicious payloads in a sandbox
TENETS OF ZERO TRUST

Employ the tenets of zero trust

A zero trust architecture relies on four key tenets to hide vulnerable applications from attackers, detect and block intrusions, and mitigate the damage of successful attacks. We recommend implementing zero trust strategies to protect your organization.

Eliminate the external attack surface
Eliminate the external attack surface

Make apps and servers invisible, impossible to compromise

Prevent compromise with full TLS inspection
Prevent compromise with full TLS inspection

Stop web app infections and exploit activity

Prevent lateral movement
Prevent lateral movement

Limit the blast radius with zero trust network access and integrated deception

Prevent data exfiltration
Prevent data exfiltration

Stop data exfiltration attempts using inline DLP with TLS inspection