More than three weeks into Russia’s war of choice against Ukraine, fears of cyberattacks on the country’s critical infrastructure have been replaced by widespread death, destruction, and devastating upheaval across the country. The United Nations estimates that 6.5 million people have been displaced, in addition to 3.2 million who had already fled Ukraine. Mariupol, once a thriving city of 430,000 along the country’s southern coast, has been reduced to rubble. Russia has killed more than 100 children during its assault so far.

As the war rages on, we investigated one of the weapons Russia appears to have recently deployed against Ukraine: an AI-powered “suicide drone.” Russia’s reported use of the KUB-BLA drone raises the specter of autonomous weapon systems deciding who dies during warfare. This week also saw what may be the first use of a deepfake to spread misinformation during wartime. The deepfake, of a robotic Volodymyr Zelensky calling on Ukrainians to surrender to Russia, was deeply unconvincing. The Ukrainian president quickly refuted its authenticity, while Facebook, Twitter, and YouTube raced to remove the video from their platforms, potentially providing a how-to guide for responding to sophisticated misinformation in the future.

While we have yet to see Russia wage damaging cyberattacks against Ukraine’s critical infrastructure since it invaded the country in late February, malware used by Russian government hacker group Sandworm, dubbed Cyclops Blink, has spread further than previously known. Researchers at TrendMicro discovered that a version of the malware can infect Asus routers.

Speaking of Russia-linked hackers, we took a deep dive into some 60,000 pages of leaked chats and files swiped from the Conti ransomware group. Our findings revealed the internal machinations of the gang’s oddly businesslike hierarchy, its plans to launch a crypo payment platform and a social network (with dreams of starting an online casino), and what its links to Russia’s military hackers really look like. 

The Lapsus$ collective, meanwhile, is adding “chaotic energy” to the world of cybercrime. As we found in our dive into the group’s activities—which include targeting high-profile companies like Samsung and Nvidia—its tactics differ from ransomware gangs like Conti, using phishing attacks and data theft to extort its victims rather than encrypting their systems and demanding payment. And while the group claims it’s not politically motivated, some experts remain unsure about Lapsus$’s ultimate aim.

Lastly, we dove into Big Tech’s big plans to finally (finally!) kill off the password. After a decade of work on the problem, the FIDO Alliance—whose members include Amazon, Meta, Google, Apple, and more—believes it has discovered the missing piece to make ditching our passwords easy.

Of course, that’s not all. For all the big security stories we didn’t have a chance to cover this week, click the headlines below. (And yes, a lot of them have to do with Russia.)

The Transportation Security Administration isn’t just in charge of airport security. The agency is also tasked with protecting US oil and gas pipelines—and it’s not going well. Thanks to understaffing and strict federal requirements, the TSA is reportedly struggling to meet its pipeline-security mandate. The TSA’s focus on protecting this critical infrastructure follows the May 2021 attack on Colonial Pipeline, but its mission has become all the more crucial as the specter of worst-case-scenario attacks by Russia or other nation-state actors looms large.

Google’s Threat Analysis Group (TAG) on Thursday said it uncovered a new group of “financially motivated” attackers that it believes breaks into targeted systems and then sells that access to other malicious actors, including Russian cybercrime groups like ransomware gangs Wizard Spider (aka UNC 1878) and Conti. Dubbed Exotic Lily by Google researchers, the group appears to be located in Central Europe and has targeted a wide range of victims, with a focus on cybersecurity, health care, and IT firms. To dupe these targets, Exotic Lily’s members use phishing attacks concealed through spoofed domains, fake email addresses, and fake profiles on social media and other platforms, according to TAG.

Vigilante hackers have been on a tear against Russian targets since the first days of Vladimir Putin’s war against Ukraine. But it’s the newly reinvigorated Anonymous hacktivist collective that’s caused the most ruckus. Late this week, Anonymous claimed to have stolen 79 GB of emails from Transneft, a state-controlled Russian pipeline company, which were revealed by the transparency journalism outlet Distributed Denial of Secrets. Clearly having a bit of fun, the Anonymous hacktivists dedicated their intrusion to Hillary Clinton, who appeared to call on Anonymous to hack Russian targets during a February 25 appearance on MSNBC.

Acting out of an abundance of caution, Germany’s Federal Office for Information Security (BSI), warned local companies against using Kaspersky’s antivirus software on the grounds that the company would be compelled to spy on users for the Kremlin. Echoing the US government’s murky foundation for banning Kaspersky products in 2017, BSI’s warning does not appear to be based on any specific intelligence, and the company asserted as much in response to BSI’s warning. “We believe that peaceful dialogue is the only possible instrument for resolving conflicts,” the company said in a statement. “War isn’t good for anyone.”


More Great WIRED Stories