Skip to content

Illustration by Security Management

Ukraine and Russia Arrest Ransomware Actors as Talks Stall, and More Security News from Around the Globe

As COVID-19 cases continued to rise around the world, major activity was also ongoing in the security arena with ransomware actors arrested, sedition charges against alleged U.S. Capitol attack participants filed, cryptocurrency thefts analyzed, and more.

Here are some of the major stories that we’re paying attention to heading into the weekend:

Ukraine and Russia Make Moves in Cyber Space

While talks stalled between Western and Russian officials about the country’s increasingly aggressive posture and troop buildup on the border of Ukraine, activity in the cyber sphere was speeding ahead.

On Friday morning, Ukrainian officials confirmed that numerous government websites were defaced with “provocative messages” posted to the main pages of the sites Thursday night.

The Cyberpolice Department of the National Police of Ukraine said in a statement that website content had not been changed and no personal information was leaked. 

“In order to prevent the spread of the attack on other resources and localization of the technical problem, the work of other government sites was temporarily suspended,” the police said. As of press time, the police had not named individuals responsible for the defacements.

Meanwhile, both Ukrainian and Russian officials made arrests to shutdown ransomware gangs operating in their jurisdictions. CyberScoop reports that Ukrainian Cyberpolice arrested a 36-year-old man who worked with others to extort more than 50 companies across the United States and Europe for more than $1 million. 

“The group is also accused of providing virtual private network (VPN) services to other criminals for a fee,” according to CyberScoop. “VPNs are widely and legally used around the world to shield portions of internet traffic and obscure the end-user’s IP address. But police in Ukraine say this VPN service also allowed customers to download computer viruses, spyware, and other malware.” 

Across the border, Russia’s domestic intelligence service—FSB—said it detained and charged members of the REvil ransomware crime group at the behest of the United States. The raid that led to the arrests was broadcast on REN TV in Russia. 

“A source familiar with the case told Interfax that the group's members with Russian citizenship would not be handed over to the United States,” Reuters reports. “The United States said in November it was offering a reward of up to $10 million for information leading to the identification or location of anyone holding a key position in the REvil group.”

Polish authorities previously arrested the alleged mastermind of REvil, Yaroslav Vasinskyi, on behalf of the United States. 

The arrests and detainments come during a week of talks between Western officials and Russian diplomats to prevent its forces from invading Ukraine. Russia is continuing to demand that Ukraine not be allowed to join NATO, while the United States and others demand that Russia withdraw troops built up on Ukraine’s border.

“Russian officials signaled on Thursday that they might abandon diplomatic efforts to resolve the security crisis surrounding Ukraine, bringing a whirlwind week of European diplomacy to an ominous end and deflating hopes that negotiators could forge a path toward easing tensions in Eastern Europe,” The New York Times reports.

“One senior Russian diplomat said that talks with the West were approaching a ‘dead end,’ while another said the Kremlin would wait until it received written responses to its demands from Washington and from NATO next week before deciding how to proceed.”

First Sedition Charges Filed in U.S. Capitol Attack Case

The FBI arrested the leader and founder of the Oath Keepers militia and 10 other individuals on seditious conspiracy charges for their alleged role in plotting to take control of the U.S. Capitol on 6 January 2021.

Elmer Stewart Rhodes III, 56, founded the Oath Keepers, which is a loosely organized collection of individuals focused on recruiting current and former military, law enforcement, and first-responder personnel. 

In an indictment released by the U.S. Department of Justice (DOJ), Rhodes is accused of conspiring with his co-defendants to oppose by force the execution of the laws governing the peaceful transfer of presidential power. Rhodes and his conspirators allegedly coordinated via encrypted communication applications to travel to Washington, D.C., with weapons in January 2021. 

Specifically, the defendants are charged with organizing teams willing to use force to transport firearms and ammunition to D.C.; recruiting members to participate; organizing trainings to learn paramilitary combat tactics; providing paramilitary gear, including knives, batons, camouflaged combat uniforms, tactical vests with plates, helmets, eye protection, and radio equipment, to the Capitol; breaching and attempting to take control of the Capitol to delay certification of the vote; using force against law enforcement officers; and continuing to plot after 6 January 2021 to oppose using force the lawful transfer of presidential power, according to the DOJ.

More than 725 individuals have been charged in connection with the 6 January 2021 attack on the U.S. Capitol, and the investigation into the incident remains ongoing. Thursday’s arrests mark the first time individuals who allegedly breached the U.S. Capitol have been charged with sedition, which carries a maximum penalty of 20 years in U.S. federal prison.

Vaccine Mandates For Most Employers Fail to Pass Supreme Court Test

The U.S. Supreme Court ruled Thursday that the Biden administration cannot create widespread COVID-19 vaccination requirements for most employers, but can require jabs for healthcare workers.

In its highly awaited decision, the Court explained that the U.S. Occupational Safety and Health Administration (OSHA) exceeded its power when it required U.S. employers with more than 100 employees to require employees be vaccinated or undergo regular testing for COVID-19. The Court based its decision on the fact that OSHA, part of the U.S. Department of Labor, has the authority to create safety standards for the workplace but COVID-19 is not a specific workplace risk for most employees.

“Permitting OSHA to regulate the hazards of daily life—simply because most Americans have jobs and face those same risks while on the clock—would significantly expand OSHA’s regulatory authority without clear congressional authorization,” the Court wrote.

In a separate decision, however, the Court allowed requirements for healthcare workers at facilities that receive funds from Medicare and Medicaid to require employees be vaccinated against COVID-19 unless they had a medical or religious exemption. The requirement was issued by the U.S. Department of Health and Human Services (HHS).

“Because COVID-19 ‘is a highly contagious, dangerous, and—especially for Medicare and Medicaid patients—deadly disease,’ HHS determined that a vaccine mandate was necessary to protect patients because it would decrease the chances that health care workers would both contract the virus and pass it on to their patients,” according to SCOTUS Blog. 

The decision comes at a time when at least 80 percent of staffed hospital beds in 24 U.S. states were occupied by patients with the COVID-19 cases—many caused by the extremely contagious Omicron variant. 

Syrian Official Faces Justice

A former Syrian intelligence officer was sentenced to life in prison Thursday for overseeing the murder of 27 people and the torture of 4,000 others in a Damascus prison.

A German court handed down the sentence for Anwar Raslan, who was convicted of murder, grievous bodily harm, sexual assault, deprivation of liberty, and hostage-taking during his time as head of investigations at the Branch 251 of Syria’s General Intelligence Directorate.

“The trial, which began in April 2020, marked the first time Syrian victims had the chance to face in court an alleged perpetrator of crimes attributable to the Assad regime in that era,” The Washington Post reports. “Victims who spoke in court as witnesses described the case as a milestone but still just one step on the road to accountability.” 

Out, Bank Robberies. In, Cryptocurrency Theft

Getting away with an in-person bank heist is difficult these days. Instead, many are skipping the legwork and turning to stealing cryptocurrency instead—including North Korean hackers.

New reports shared on Thursday found that North Korean hackers stole nearly $400 million in cryptocurrency in 2021 in an effort to bypass sanctions that limit their access to financial institutions. The 2021 findings followed a similar trend in 2019 and 2020, where North Korean actors stole $316 million in assets, according to NBC news analysis. 

“Many cryptocurrencies have risen sharply in value in recent years, and software developers have created an entire ecosystem of projects and exchanges that allow users to trade one type of cryptocurrency for another, or from virtual money to cash,” NBC News reports. “While many major exchanges follow guidelines to collect information on users in order to counter money laundering, the internet is also rife with places that don’t bother, opening the door for malicious actors like North Korea's hackers.”

NSO Group Spyware Found on More Journalists’ Phones

Digital rights organizations published reports this week detailing findings that Israeli spyware developer NSO Group’s products were found on 37 devices belonging to 35 journalists and activists in November 2021. 

The Citizen Lab and Access Now published the report as part of their ongoing investigations into the use of NSO Group’s Pegasus spyware product. They launched the effort in September 2021 after independent journalists contacted a helpline after using Amnesty International Security Lab’s Mobile Verification Toolkit to detect Pegasus spyware. 

“Twenty-three of the infected devices belong to journalists connected to the Salvadoran news site El Faro,” WIRED reports. “Three other compromised devices belong to people associated with the publication Gato Encerrado. Both have published reporting critical of El Salvador's government and have faced retaliation, like being barred from various government press conferences and, El Faro has said, being subjected to invasive financial audits and accusations of tax evasion. Salvadoran president Nayib Bukele and his administration have been broadly hostile to the media; in early 2021, the Inter-American Commission on Human Rights granted precautionary measures for 34 El Faro journalists thought to be at risk of human rights violations as a result of their work.”

NSO Group is on the U.S. Commerce Department’s Entity List for developing and supplying spyware to foreign governments that use it to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers.