German wind turbine operators have reportedly been confronted with a fault in the satellite connection of their systems. Dominik Bertrams, MD of wind farm operator Tobi Windenergie Verwaltungs GmbH, yesterday announced on Twitter the remote monitoring and control of thousands of wind turbines had failed. With the outage having occurred between 5 a.m. and 6 a.m. on Thursday – when the Russian army invaded Ukraine – Bertrams suspected a cyberattack by Russian hackers. The reason for the failure has not yet been clarified.    Read more about it here.

Russia’s invasion of Ukraine has taken place both on and offline, blending physical devastation with escalating digital warfare. Ransomware gangs and other hacking groups have taken to social media to announce where their allegiances lie. Many of the pronouncements from these groups include threats against critical government infrastructure. Some collectives are state-sponsored while others are decentralized — but all are able to take down computer systems and breach organizations.    Read more about it here. 

The BlackCat ransomware group, aka ALPHV, has claimed responsibility for the recent cyberattack on Swissport that caused flight delays and service disruptions. The €3 billion revenue firm, Swissport, has a presence across 310 airports in 50 countries and provides cargo handling, maintenance, cleaning, and lounge hospitality services. Tuesday, BlackCat (ALPHV) ransomware group posted a small set of sample files that the group claims to have obtained from Swissport. The threat actor has announced they are willing to sell the entire 1.6 TB "data dump" to a prospective buyer.   Read more about it here.

Vladimir Putin’s attack on Ukraine has been met with fierce resistance throughout the country’s towns and cities. As Russian forces have moved closer to Kyiv, lawyers, students, and actors have taken up arms to defend their country from invasion. They are not the only ones: Volunteers have also flocked to join a Ukrainian volunteer “IT Army” that’s fighting back online. At around 9 pm local time on February 26, Ukraine’s deputy prime minister and minister for digital transformation, Mykhailo Fedorov, announced the creation of the volunteer cyber army. Read more about it here.

The defacement of multiple Ukrainian government websites last week may have been intended as cover for a destructive malware attack that failed to execute or has yet to be unleashed, some security experts warn. The defacements occurred Thursday night and Friday morning - local time in Ukraine - as approximately 100,000 Russian troops remained massed on the country's border. On Saturday, Microsoft reported that it had found multiple attempts to infect Ukrainian government sites with a type of destructive malware it had never seen before, and that the first attack attempts appear to have begun Thursday.   Read more about it here.

Alerting the Thales group in early January, the Lockbit ransomware group released stolen data to the French group. The French group said the stolen files were copied from a code repository server hosting low-sensitivity data. In early January, the group behind the Lockbit ransomware claimed responsibility for an attack on the Thales group. It gave the French company until 13 January to pay a ransom or else the gang promised to publish stolen data.   Read more about it here.

The German government said on Tuesday that a Chinese cyberespionage group known as APT27 has repeatedly attacked German companies over the past few months using vulnerabilities in software like Microsoft Exchange and Zoho SelfService. The attacks, which have been taking place since at least March 2021, have aimed to install a version of the HyperBro malware inside corporate networks for the purpose of intelligence collection from infected hosts, the Federal Office for the Protection of the Constitution (BfV) said in a press release.  

A large-scale ransomware attack has disrupted operations at oil terminals in Belgium, Germany and the Netherlands. This massive attack crippled IT systems affecting dozens of terminals affecting oil storage and transport around the world, including Oiltanking in Germany, SEAInvest in Belgium and Evos in the Netherlands. This cyberattack has also resulted in difficulty loading and unloading refined product cargoes at six oil storage terminals in the Amsterdam-Rotterdam-Antwerp refining hub, according to news reports. Read more about it here.

Airport services giant Swissport is restoring its IT systems after a ransomware attack struck late last week, delaying flights. The Zurich-headquartered firm operates everything from check-in gates and airport security to baggage handling, aircraft fuelling and de-icing and lounge hospitality. It claims to have provided ground services to 97 million passengers last year and handled over five million tons of air freight. Swissport took to Twitter on Friday to warn its IT infrastructure had been hit by ransomware and apologize for any impact on service delivery.   Read more about it here.