“One of the most reliable ways to discover computer network operations is to look for malware “callbacks” – the communications initiated from compromised computers to an attacker’s first-stage command-and-control (C2) server. At FireEye, we detect and analyze millions of such callbacks every year.” “As we track the evolution of callbacks during this period, we see a likely correlation between the overall number of callbacks both to Russia and to Ukraine, and the intensification of the crisis between the two nations,” wrote FireEye senior global threat analyst, Kenneth Geers.
“The rise in callbacks to Russia and Ukraine (or to any other country or region of the world) during high levels of geopolitical tension suggests strongly that computer network operations are being used as one way to gain competitive advantage in the conflict.” states the post.
- Russia’s parliament authorized the use of military force in Ukraine;
- Vladimir Putin signed a bill incorporating the Crimean peninsula into the Russian Federation;
- The U.S. and EU imposed travel bans and asset freezes on some senior Russian officials;
- Russian military forces massed along the Ukrainian border; and
- Russian energy giant Gazprom threatened to cut off Ukraine’s supply of gas
“It is important to note that nearly half of the world’s countries experienced a decrease in callbacks during this same time frame,” reports the blog post.