March 08, 2022

Mandiant Insight on Russia & Ukraine

Industry: Government, Energy & Utility, Financial Services, Media & Entertainment, Transportation | Level: Strategic | Source: Mandiant

Mandiant’s review of the conflict between Russia and Ukraine warns of retaliation by Russia against organizations that condemn Russia and/or support Ukraine. Entities on high alert involve industries in government, financial services, energy & utility, transportation and media & entertainment. Mandiant describes Russia’s offensive tactics as “controlled escalation” or “escalation management/dominance,” “in which Russian forces gradually increase pressure, either through kinetic or non-kinetic methods, while gauging the adversarial reaction to each step until the adversary is willing to agree to favorable terms for Russia.” Many threat actor groups aligned to Russia can help orchestrate cyber activity, Mandiant’s insight points to APT28, TEMP.Isotope and Sandworm as groups most likely to engage in espionage and/or disruptive or destructive attacks. Threat group, APT29 is unknown whether to be participating in destructive attacks, as the group is not known to have a “destructive mandate,” however with Russia’s offensive attacks, the group’s objectives may change. Threat actor, UNC3715 is used by Mandiant to track the group associated with the deployment of HermeticWiper (aka NEARMISS and FoxBlade), no attribution is made to a named actor group. Mandiant urges high-risk organizations to brace for attacks, with Russian retaliation varying with implications imposed in various sectors. Financial organizations could face retaliation based on growing sanctions. Attacks against the energy industry could be “due to Europe’s reliance on Russian energy supplies.” Several companies such as FedEx, UPS, Maersk, Sabre, Boeing and Airbus have halted operations in Russia for transportation, logistics and aviation. Russia may retaliate in response to their cease to support and operate in Russia.