Resource Center
Russia's Invasion of Ukraine Cyber Resource Center
Find resources to help protect your organization from global cyberattacks related to Russia's invasion of Ukraine
ThreatLabz actively monitors new and emerging threats
The impact of Russia’s aggression and invasion of Ukraine has extended beyond geopolitical warfare into a global cyberthreat that endangers critical infrastructure, supply chains, and businesses. The CISA and other government agencies have issued alerts and guidance on the importance of preparing security infrastructure for an increase in destructive Russia-based cyberattacks.
Zscaler is dedicated to helping our global community of SecOps defenders navigate and prepare for these threats.
Read ThreatLabz Security Advisory: Cyberattacks Stemming from Russia's invasion of Ukraine for security recommendations and to learn more about how we protect our customers.
As your trusted security partner, protecting you from cyberthreats is our top concern
The Zscaler ThreatLabz research team is tracking threat actor groups and related attack campaigns in the wild. Drawing from more than 400 billion transactions and 9 billion blocked threats daily, Zscaler cloud telemetry provides real-time insight and allows us to ensure rapid detection coverage across our platform.
Check back often for new intel, research updates, and resources. The latest ThreatLabz updates offer actionable analysis of tactics and techniques used in targeted attacks against Ukraine.
ThreatLabz analyzed the Russian-linked Conti ransomware group before it disbanded following the invasion of Ukraine. Conti source code has since fueled new strains like ScareCrow, Meow, Putin, and Akira. ThreatLabz also observed BlackBasta using a negotiation script nearly identical to Conti. Learn more about the enduring impact of Conti.
- Have incident plans documented and clearly available to IT and SecOps
- Patch all weak points in your infrastructure, and isolate or remove what you can't patch
- Document, log, and review all actions, changes, and incidents to facilitate investigation and remediation
- Use Zscaler Private Access™ to provide zero trust access to private apps in public clouds or your data center
- If Zscaler Private Access is not an option, remove visibility of critical services from the internet or implement stringent access controls
- Isolate or disconnect any links to untrusted or third-party networks
- Expect unstable connectivity in high-risk locations
- Enable access via overlay application paths (in Zscaler Private Access)
- Enforce daily reauthentication for users in impacted regions
- Activate these blocks within egress points using Zscaler Internet Access™ so users cannot inadvertently access services and/or IPs hosted in heightened risk locations
- Protect your sensitive information from nation-state attackers by setting up controls to protect your key intellectual property and DLP rules to identify and block IP exfiltration
- Block all malicious payloads in a sandbox
Employ the tenets of zero trust
A zero trust architecture relies on four key tenets to hide vulnerable applications from attackers, detect and block intrusions, and mitigate the damage of successful attacks. We recommend implementing zero trust strategies to protect your organization.
Eliminate the external attack surface
Make apps and servers invisible, impossible to compromise
Prevent compromise with full TLS inspection
Stop web app infections and exploit activity
Prevent lateral movement
Limit the blast radius with zero trust network access and integrated deception
Prevent data exfiltration
Stop data exfiltration attempts using inline DLP with TLS inspection