Accéder au contenu principal

Ukraine Continues To Face Cyber Espionage Attacks From Russian Hackers

Par



Cybersecurity researchers on Monday said they uncovered evidence of attempted attacks by a Russia-linked hacking operation targeting a Ukrainian entity in July 2021.

Broadcom-owned Symantec, in a new report published Monday, attributed the attacks to an actor tracked as Gamaredon (aka Shuckworm or Armageddon), a cyber-espionage collective known to be active since at least 2013.

In November 2021, Ukrainian intelligence agencies branded the group as a "special project" of Russia's Federal Security Service (FSB), in addition to pointing fingers at it for carrying out over 5,000 cyberattacks against public authorities and critical infrastructure located in the country.

Gamaredon attacks typically originate with phishing emails that trick the recipients into installing a custom remote access trojan called Pterodo. Symantec disclosed that, between July 14, 2021 and August 18, 2021, the actor installed several variants of the backdoor as well as deployed additional scripts and tools.

"The attack chain began with a malicious document, likely sent via a phishing email, which was opened by the user of the infected machine," the researchers said. The identity of the affected organization was not disclosed.

Towards the end of July, the adversary leveraged the implant to download and run an executable file that acted as a dropper for a VNC client before establishing connections with a remote command-and-control server under their control.

"This VNC client appears to be the ultimate payload for this attack," the researchers noted, adding the installation was followed by accessing a number of documents ranging from job descriptions to sensitive company information on the compromised machine.

Ukraine Calls Out False Flag Operation in Wiper Attacks

The findings come amidst a wave of disruptive and destructive attacks levied against Ukrainian entities by alleged Russian state-sponsored actors, resulting in the deployment of a file wiper dubbed WhisperGate, around the same time multiple websites belonging to the government were defaced.

Subsequent investigation into the malware has since revealed that the code used in the wiper was re-purposed from a faux ransomware campaign called WhiteBlackCrypt that was aimed at Russian victims in March 2021.

Interestingly, the ransomware is known to include a trident symbol — that is part of Ukraine's coat of arms — in the ransom note it displays to its victims, leading Ukraine to suspect that this may have been a false flag operation deliberately intended to blame a "fake" pro-Ukrainian group for staging an attack on their own government.


Related articles

Commentaires

Enregistrer un commentaire

Posts les plus consultés de ce blog

Abdominal pain after a motor vehicle accident

Par
CASE A 22-year-old man was brought to the ED complaining of abdominal pain after a rollover motor vehicle accident. He was the front seat passenger and was wearing a seat belt. Although he was trapped in the vehicle and it caught on fire, he did not suffer any cutaneous burns. History  The patient's past medical history was significant for attention-deficit hyperactivity disorder. He admitted to using tobacco and alcohol socially, but denied illicit drug use. He denied any medication use or drug allergies. A review of systems was positive for complaints of abdominal pain and anxiety. Physical examination  The patient's vital signs were: BP, 112/51 mm Hg; heart rate, 110 beats/minute; respirations, 23; SpO 2 , 95% on room air; and temperature, 37.4° C (99.3° F). On ED arrival, he was awake, alert, and oriented but appeared anxious and agitated. His pupils were equal, round, and reactive to light. His head was normocephalic with a 2-cm laceration on the left ear. The pati...
Enregistrer un commentaire
Lire la suite

HTML5 Games On Android

Par
On my last hollidays, I made two HTML5 games, and published on android market. Nowadays javascript has powerful libraries for doing almost everything, and also there are several compilers from java or c code to javascript, converting opengl c code to html5 canvas, but definitely, javascript execution is slower than dalvik applications, and of course much slower than arm c libs. For improving the speed of sounds and images loader, I have used javascript asynchronous execution and scheduling priority has been controlled with setTimeout/setInterval which deprioritize or priorize a code block. This games are published on the android market here: Android Planets and here: Far Planet Related news Hacker Hardware Tools Pentest Tools Port Scanner Hacker Tools For Mac Tools Used For Hacking Hacker Techniques Tools And Incident Handling Easy Hack Tools Hacking Tools Kit Hacking Tools Usb Hacker Hardware Tools Hacker Tools Hardware Hack Tools For Windows Hacking Tools For G...
Enregistrer un commentaire
Lire la suite

"Abre Las Puertas A La Inclusión": La Campaña De Donativos De ASCM Para Hacer Su Sede Más Accesible

Par
La Asociación Sociocultural ASCM lanza la campaña de recaudación de fondos: "Abre las puertas a la inclusión", con el objetivo de dotar su sede de una puerta automática.                                                       Campaña "Abre las puertas a la inclusión": Vídeo promocional.  La Asociación Sociocultural ASCM lanza, hoy, una campaña de recaudación de fondos para mejorar la accesibilidad de su sede de Ferrol y adaptarse a las medidas de seguridad y prevención que exige la nueva normalidad. "Abre las puertas a la inclusión" es el slogan de esta campaña de donativos, que se extenderá hasta el 24 de julio, y que busca la colaboración de la ciudadanía para lograr reunir los 3.599 euros necesarios para dotar su local de una puerta automática. ASCM lleva, desde su fundación en 1987, reivindicando la necesidad de pensar en clave de accesibilidad un...
Enregistrer un commentaire
Lire la suite