Security News > 2022 > February > Ukraine Continues to Face Cyber Espionage Attacks from Russian Hackers

Cybersecurity researchers on Monday said they uncovered evidence of attempted attacks by a Russia-linked hacking operation targeting a Ukrainian entity in July 2021.
Broadcom-owned Symantec, in a new report published Monday, attributed the attacks to an actor tracked as Gamaredon, a cyber-espionage collective known to be active since at least 2013.
Gamaredon attacks typically originate with phishing emails that trick the recipients into installing a custom remote access trojan called Pterodo.
"The attack chain began with a malicious document, likely sent via a phishing email, which was opened by the user of the infected machine," the researchers said.
The findings come amidst a wave of disruptive and destructive attacks levied against Ukrainian entities by alleged Russian state-sponsored actors, resulting in the deployment of a file wiper dubbed WhisperGate, around the same time multiple websites belonging to the government were defaced.
Interestingly, the ransomware is known to include a trident symbol - that is part of Ukraine's coat of arms - in the ransom note it displays to its victims, leading Ukraine to suspect that this may have been a false flag operation deliberately intended to blame a "Fake" pro-Ukrainian group for staging an attack on their own government.
News URL
https://thehackernews.com/2022/02/ukraine-continues-to-face-cyber.html
Related news
- Russian hackers attack Western military mission using malicious drive (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp (source)
- Russia-linked hackers target webmail servers in Ukraine-related espionage operation (source)
- Russian Hackers Exploit Email and VPN Vulnerabilities to Spy on Ukraine Aid Logistics (source)
- Russian hackers breach orgs to track aid routes to Ukraine (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Hackers abuse Zoom remote control feature for crypto-theft attacks (source)
- DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack (source)
- Lazarus hackers breach six companies in watering hole attacks (source)