Russia’s cyber attacks against Ukraine surged by 250% in 2022 when compared to two years ago, Google’s Threat Analysis Group (TAG) and Mandiant disclosed in a new joint report.

The targeting, which coincided and has since persisted following the country’s military invasion of Ukraine in February 2022, focused heavily on the Ukrainian government and military entities, alongside critical infrastructure, utilities, public services, and media sectors.

Mandiant said it observed, “more destructive cyber attacks in Ukraine during the first four months of 2022 than in the previous eight years with attacks peaking around the start of the invasion.”

As many as six unique wiper strains – including WhisperGate, HermeticWiper, IsaacWiper, CaddyWiper, Industroyer2, and SDelete – have been deployed against Ukrainian networks, suggesting a willingness on the part of Russian threat actors to forgo persistent access.

Phishing attacks aimed at NATO countries witnessed a 300% spike over the course of the same period. These efforts were driven by a Belarusian government-backed group dubbed PUSHCHA (aka Ghostwriter or UNC1151) that’s aligned with Russia.

“Russian government-backed attackers have engaged in an aggressive, multi-pronged effort to gain a decisive wartime advantage in cyberspace, often with mixed results,” TAG’s Shane Huntley noted.

images from Hacker News

Severe security flaws uncovered in popular Visual Studio Code extensions could enable attackers to compromise local machines as well as build and deployment systems through a developer’s integrated development environment (IDE).

The vulnerable extensions could be exploited to run arbitrary code on a developer’s system remotely, in what could ultimately pave the way for supply chain attacks.

Some of the extensions in question are “LaTeX Workshop,” “Rainbow Fart,” “Open in Default Browser,” and “Instant Markdown,” all of which have cumulatively racked up about two million installations between them.

“Developer machines usually hold significant credentials, allowing them (directly or indirectly) to interact with many parts of the product,” researchers from open-source security platform Snyk said in a deep-dive published on May 26. “Leaking a developer’s private key can allow a malicious stakeholder to clone important parts of the code base or even connect to production servers.”

VS Code extensions, like browser add-ons, allow developers to augment Microsoft’s Visual Studio Code source-code editor with additional features like programming languages and debuggers relevant to their development workflows. VS Code is used by 14 million active users, making it a huge attack surface.

images from Hacker News