The National Institute of Standards and Technology has released a version of its cybersecurity framework translated into Ukrainian by cyber professionals, while the firm CrowdStrike released first-time details on a state-sponsored threat actor linked to cyber attacks on Ukraine.
“Today, NIST is releasing a Ukrainian translation of its Cybersecurity Framework, translated by Ukrainian cybersecurity professionals,” the agency announced Wednesday on Twitter. NIST noted that the framework “is now available in 10 languages.”
The 54-page translation is featured on NIST’s international cybersecurity and privacy resources page.
The NIST international page also highlights the outstanding request for information on the proposed update to the cyber framework, with comments due by April 25. NIST says it plans to focus on international alignment and other issues in “CSF 2.0.”
CrowdStrike, meanwhile, in a blog post Wednesday publicly offered details “about a Russia-nexus state-sponsored actor that CrowdStrike Intelligence tracks as EMBER BEAR,” linked to cyber attacks against Ukrainian targets.
According to CrowdStrike: “EMBER BEAR (aka UAC-0056, Lorec53, Lorec Bear, Bleeding Bear, Saint Bear) is an adversary group that has operated against government and military organizations in eastern Europe since early 2021, likely to collect intelligence from target networks. EMBER BEAR appears primarily motivated to weaponize the access and data obtained during their intrusions to support information operations (IO) aimed at creating public mistrust in targeted institutions and degrading government ability to counter Russian cyber operations.”
The blog says, “CrowdStrike Intelligence attributes destructive activity against Ukrainian networks using the WhisperGate wiper to EMBER BEAR, assessed at moderate confidence. Additionally, CrowdStrike Intelligence assesses with low confidence that data obtained through EMBER BEAR operations are used to support data leak operations conducted by multiple attribution fronts.”
It says, “While other Russia-state nexus adversaries have also been implicated in the dissemination of stolen data for similar motivations — particularly FANCY BEAR and VOODOO BEAR, both operated by Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU) — EMBER BEAR does not present known links with previously tracked adversaries. EMBER BEAR is not currently attributed to a specific Russian organization, although the adversary’s target profile, assessed intent, and their technical tactics, techniques and procedures (TTPs) are consistent with other GRU cyber operations.”– Charlie Mitchell (cmitchell@iwpnews.com)