Accéder au contenu principal

Ukraine Continues To Face Cyber Espionage Attacks From Russian Hackers




Cybersecurity researchers on Monday said they uncovered evidence of attempted attacks by a Russia-linked hacking operation targeting a Ukrainian entity in July 2021.

Broadcom-owned Symantec, in a new report published Monday, attributed the attacks to an actor tracked as Gamaredon (aka Shuckworm or Armageddon), a cyber-espionage collective known to be active since at least 2013.

In November 2021, Ukrainian intelligence agencies branded the group as a "special project" of Russia's Federal Security Service (FSB), in addition to pointing fingers at it for carrying out over 5,000 cyberattacks against public authorities and critical infrastructure located in the country.

Gamaredon attacks typically originate with phishing emails that trick the recipients into installing a custom remote access trojan called Pterodo. Symantec disclosed that, between July 14, 2021 and August 18, 2021, the actor installed several variants of the backdoor as well as deployed additional scripts and tools.

"The attack chain began with a malicious document, likely sent via a phishing email, which was opened by the user of the infected machine," the researchers said. The identity of the affected organization was not disclosed.

Towards the end of July, the adversary leveraged the implant to download and run an executable file that acted as a dropper for a VNC client before establishing connections with a remote command-and-control server under their control.

"This VNC client appears to be the ultimate payload for this attack," the researchers noted, adding the installation was followed by accessing a number of documents ranging from job descriptions to sensitive company information on the compromised machine.

Ukraine Calls Out False Flag Operation in Wiper Attacks

The findings come amidst a wave of disruptive and destructive attacks levied against Ukrainian entities by alleged Russian state-sponsored actors, resulting in the deployment of a file wiper dubbed WhisperGate, around the same time multiple websites belonging to the government were defaced.

Subsequent investigation into the malware has since revealed that the code used in the wiper was re-purposed from a faux ransomware campaign called WhiteBlackCrypt that was aimed at Russian victims in March 2021.

Interestingly, the ransomware is known to include a trident symbol — that is part of Ukraine's coat of arms — in the ransom note it displays to its victims, leading Ukraine to suspect that this may have been a false flag operation deliberately intended to blame a "fake" pro-Ukrainian group for staging an attack on their own government.


Related articles

Commentaires

Posts les plus consultés de ce blog

The Muse Brooklyn

http://abcirque.com http://www.amny.com/things-to-do/circus-class-at-the-muse-brooklyn-teaches-acrobatic-skills-1.13781898 https://www.instagram.com/p/Bx-D67pAxGz/ https://www.instagram.com/p/Bx7e3GFgpp2/ https://www.instagram.com/p/Bx5xpoPn_hm/ https://www.instagram.com/p/Bx40FSvj2Tf/ https://www.instagram.com/p/Bx0p224DkxE/ https://www.instagram.com/p/BxzxjhqFO1S/ https://www.instagram.com/p/BxyJmIaAeSd/ https://www.instagram.com/p/BxxweSaF6q4/ https://www.instagram.com/p/BxxSsdcAjFg/ https://www.instagram.com/p/Bxvr0SSgpPs/ https://new.mta.info/L-Project http://themusegowanus.com http://instagram.com/themusebrooklyn https://www.facebook.com/TheMuseBrooklyn/ https://twitter.com/TheMuseBrooklyn https://www.youtube.com/channel/UCkzh62AIfOI7XU3I0P6rWIQ

Fw:

Consider this message as your last warning. We hacked your system! We have copied all the data from your device to our own servers. Curious videos were recorded from your camera and your actions while watching porn. Your device was infected with our virus when you visited the porn site. The Trojan virus gives us full access, allows us to control your device. The virus allows not only to see your screen, but also to turn on your camera, microphone, without your knowledge. We took over the video from your screen and camera, then we mounted a video in which you can see you watching porn in one part of the screen and masturbating in the other. But that’s not all! We have access to all the contacts in your phone book and social networks. It won’t take us long to send this video to your friends, family and friends on social networks, messengers and email in minutes. We have a lot of audio recordings of your personal conversations, where a lot of “intere...

Systemic Lidocaine Decreased the Perioperative Opioid Analgesic Requirements but Failed to Reduce Discharge Time After Ambulatory Surgery

Perioperative systemic lidocaine significantly reduces opioid requirements in the ambulatory setting without affecting time to discharge. Postoperative pain is the most common reason for delay in discharge and unplanned hospital admission after ambulatory surgery. 1–3 Because postoperative pain is to a large extent an inflammatory phenomenon, administration of systemic local anesthetics, which have inflammatory modulatory properties, 4 could significantly reduce pain and therefore allow more rapid discharge. 5 Lidocaine has an excellent safety record when administered by low-dose infusion. 5–7 However, whereas decreased hospital stay after inpatient surgery has been demonstrated, the effect of intraoperative and early postoperative lidocaine infusion on duration of stay after ambulatory surgery is not known. Although it see...