A number of Russian speaking threat groups have announced affiliation for one side or the other in the Russia-Ukraine conflict. A few have announced official neutrality. Among others, Anonymous and Ghostsec, a hacktivist offshoot of Anonymous, have announced support for Ukraine. Conti, UNC1151, The Red Bandits, and Coomingproject, among others, have announced support for Russia. Members of underground hacker communities are also being recruited by the Ukrainian government, in conjunction with security companies such as Cyber Unit Technologies, for the purpose of defensive and offensive operations.
Distributed Denial of Service (DDoS) attacks and defacing or hijacking public websites or media are unlikely to have a substantial effect on cyber or physical operations for either government, although they may have effects on morale and public support. However, ransomware groups that have threatened support for Russia do have the capability to target organizations that provide essential infrastructure such utilities, banking, hospitals, etc. Organizations should be on heightened alert and make efforts to continue appropriate vulnerability management and tightened security controls, including a defense-in-depth strategy with a focus on post-exploitation activity.