Wednesday, July 1, 2026
HomeCyber SecurityUkraine Continues to Face Cyber Espionage Assaults from Russian Hackers

Ukraine Continues to Face Cyber Espionage Assaults from Russian Hackers

[ad_1]

Ukraine Continues to Face Cyber Espionage Assaults from Russian Hackers

Cybersecurity researchers on Monday stated they uncovered proof of tried assaults by a Russia-linked hacking operation concentrating on a Ukrainian entity in July 2021.

Broadcom-owned Symantec, in a brand new report revealed Monday, attributed the assaults to an actor tracked as Gamaredon (aka Shuckworm or Armageddon), a cyber-espionage collective recognized to be energetic since at the least 2013.

In November 2021, Ukrainian intelligence businesses branded the group as a “particular challenge” of Russia’s Federal Safety Service (FSB), along with pointing fingers at it for finishing up over 5,000 cyberattacks in opposition to public authorities and demanding infrastructure positioned within the nation.

Gamaredon assaults sometimes originate with phishing emails that trick the recipients into putting in a customized distant entry trojan referred to as Pterodo. Symantec disclosed that, between July 14, 2021 and August 18, 2021, the actor put in a number of variants of the backdoor in addition to deployed extra scripts and instruments.

Automatic GitHub Backups

“The assault chain started with a malicious doc, probably despatched by way of a phishing e-mail, which was opened by the consumer of the contaminated machine,” the researchers stated. The id of the affected group was not disclosed.

In direction of the top of July, the adversary leveraged the implant to obtain and run an executable file that acted as a dropper for a VNC shopper earlier than establishing connections with a distant command-and-control server beneath their management.

“This VNC shopper seems to be the last word payload for this assault,” the researchers famous, including the set up was adopted by accessing various paperwork starting from job descriptions to delicate firm data on the compromised machine.

Ukraine Calls Out False Flag Operation in Wiper Assaults

The findings come amidst a wave of disruptive and damaging assaults levied in opposition to Ukrainian entities by alleged Russian state-sponsored actors, ensuing within the deployment of a file wiper dubbed WhisperGate, across the identical time a number of web sites belonging to the federal government have been defaced.

Prevent Data Breaches

Subsequent investigation into the malware has since revealed that the code used within the wiper was re-purposed from a fake ransomware marketing campaign referred to as WhiteBlackCrypt that was geared toward Russian victims in March 2021.

Curiously, the ransomware is understood to incorporate a trident image — that’s a part of Ukraine’s coat of arms — within the ransom be aware it shows to its victims, main Ukraine to suspect that this may increasingly have been a false flag operation intentionally meant responsible a “faux” pro-Ukrainian group for staging an assault on their very own authorities.



[ad_2]

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Recent Comments