header image

Cyber Intelligence Briefing: 1 April 2022

Miles Arkwright, Roddy Priestley 1 April 2022
1 April 2022    Miles Arkwright, Roddy Priestley


Today's fast-changing threat landscape puts increased pressure on companies to make the right investment choices and improve their cyber resilience. For this report, S-RM surveyed 600 senior leaders and IT decision makers to discover which cyber investment areas provide the best value for money and what savings result from investing in cyber security.

Download Report

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.

top NEWS stories this week

  1. Ukraine under attack. Attacks against organisations operating in Ukraine continue.

  2. No let up from Anonymous. Anonymous continues its cyber campaign against Russia and the Kremlin.

  3. Patch these vulnerabilities. Google, Microsoft, and Sophos patch significant vulnerabilities worth your attention.

  4. The Lapsus$ saga continues. Lapsus$ continues its attacks whilst UK law enforcement makes seven arrests.

  5. UPS attacks. CISA and the US Department of Energy warn of attacks against internet-connected UPS devices.


1. Ukraine under attack

  • Ukrainian telecommunications provider Ukrtelecom suffered a cyber attack this week, resulting in the most severe disruption to Ukrainian internet access since the start of the Russian invasion. Internet connectivity dropped to 13% of pre-invasion levels.
  • US satellite operator Viasat confirmed an attack against its European satellite network that occurred alongside the Russian invasion of Ukraine. Tens of thousands of satellite modems connected to the network were disabled across Ukraine and Europe. Consequently, tens of thousands of individuals around Europe lost internet access.
  • Attackers injected WordPress websites with malicious scripts, causing denial of service (DoS) attacks to be launched against certain Ukrainian websites.



The Viasat attack demonstrates that western organisations providing infrastructure to Ukraine are at risk of being targeted by Russia-aligned actors. It also highlights the ongoing reality of spill over attacks and impacts they present to individuals and private organisations outside of Ukraine.



2. No let up from Anonymous

  • The hacktivist group Anonymous continued its campaign against Russia, allegedly exfiltrating data from four notable organisations:
    • Thozis Corp, a Russian investment company involved in infrastructure projects
  • The Russian Federal Air Transport Agency (Rosaviatsiya) allegedly suffered a cyber attack that resulted in the loss of 65 TB of data, a loss of internet access, and a malfunction in the organisation’s document management system. Interestingly, Anonymous is not claiming responsibility, stating that it would never endanger civilians.



The continuation of attacks on Russian organisations is increasing the likelihood of Russian state-sponsored retaliation. Retaliatory sabotage attacks would be expected to initially focus on government organisations and critical infrastructure, such as the energy and financial sectors.



3. New vulnerabilities to patch

  • Google and Microsoft released emergency patches for Chrome and Edge, addressing a zero-day vulnerability (CVE-2022-1096) that affects Chromium-based web browsers. The vulnerability is being actively exploited in the wild. The US Cybersecurity and Infrastructure Security Agency (CISA) has ordered all US federal agencies to patch the flaw within the next three weeks.
  • Sophos patched a critical vulnerability affecting its Sophos Firewall products that allows for remote code execution.



It is vital that organisations have a unified software register and vulnerability management programme in place.



4. Lapsus$ cyber attacks continue

The City of London Police arrested seven individuals suspected of involvement with the cyber criminal group Lapsus$. The arrests follow the group’s explosive start and the alleged reveal of the group’s leader last week.

Despite the arrests the group continues to operate, allegedly breaching the software services company Globant. The group claimed to have exfiltrated 70GB of source code belonging to Globant customers, and credentials belonging to Globant’s DevOps infrastructure.



Data exfiltration can lead to reputational, regulatory, and legal costs. Organisations must ensure they have best security practices in place. This includes classifying and storing sensitive data in a secure and isolated location and having an appropriately configured data loss prevention tool deployed.



5. UPS attacks

CISA and the US Department of Energy have warned that threat actors are targeting uninterruptible power supply (UPS) devices. Actors are focusing on UPS devices that are accessible through an internet-facing management portal whose default login credentials have not been changed.

If a threat actor successfully gains control of a UPS device, they could tamper with the device’s settings to physically damage it or other connected assets. Moreover, with UPS devices now often connected to internal networks containing valuable assets and sensitive data, threat actors may be able to leverage their configuration to move laterally into the internal network.



This case highlights two security maxims that every organisation should adhere to. Firstly, only allow internet access to an asset if necessary. Secondly, ensure that default logon credentials are changed as soon as possible on all assets.



Cyber Intelligence Briefing

To discuss this article or other industry developments, please reach out to one of our experts.

Miles Arkwright
Miles arkwright Senior Analyst, Cyber Security Email Miles
Roddy Priestley
Roddy priestley Director, Cyber Security Email Roddy


We reveal the challenges faced by C-suite professionals and senior IT leaders across three key areas of cyber security – budgets, incidents and insurance.

Download Report