Events in cyberspace remain focused on the current Russo-Ukrainian war, which generates a significant amount of events. Both pro-Ukraine and pro-Russian factions have launched attacks with various degrees of sophistication against organizations of both countries. Involvement from Russian state-sponsored threat actors has reportedly been affected by the disruption of Command-and-Control (C2) servers controlled by Russia’s Main Intelligence Directorate (GRU).  Hacktivists and cybercriminals from both sides remain active in targeting companies and individuals.

While the war is stealing the focus from other events, both Chinese and North Korean threat actors have been active in April 2022. At least one (1) Chinese-based threat actor has been observed using vulnerabilities to expand their infrastructure while the Lazarus group has reportedly stolen around 620 million worth of Ethereum.

Cyber-Related Events from the Russo-Ukrainian War

  • On March 28, 2022, the Russian Commission on Telecommunications and IT acknowledged a network equipment shortage caused by Western sanctions. This shortage caused an increase of 40% in the prices of IT equipment;

Chinese Cyber Operations

Lazarus’ Major Crypto Heist

  • On March 29, North Korean state-sponsored threat actor APT38, a.k.a Lazarus Group was able to steal millions worth of cryptocurrency. The group leveraged a form of a trojanized decentralized finance (DeFi) wallet application for Windows and MacOS. Using this decoy application and social engineering techniques, the hackers were able to steal $620 million USD in Ethereum (ETH). The FBI later released a statement to confirm the attribution to the group. 
  • On April 14, 2022, a report was released describing the Lazarus Group’s activity against companies in the chemical industry in an ongoing operation called Operation Dream Job. This attack used fake job offers to lure their victims into clicking malicious links. According to Symantec, “The Lazarus group is likely targeting organizations in the chemical sector to obtain intellectual property to further North Korea’s own pursuits in this area.

Additional Reading

Related Services