Security News > 2022 > February > Ukraine Continues to Face Cyber Espionage Attacks from Russian Hackers

Cybersecurity researchers on Monday said they uncovered evidence of attempted attacks by a Russia-linked hacking operation targeting a Ukrainian entity in July 2021.

Broadcom-owned Symantec, in a new report published Monday, attributed the attacks to an actor tracked as Gamaredon, a cyber-espionage collective known to be active since at least 2013.

Gamaredon attacks typically originate with phishing emails that trick the recipients into installing a custom remote access trojan called Pterodo.

"The attack chain began with a malicious document, likely sent via a phishing email, which was opened by the user of the infected machine," the researchers said.

The findings come amidst a wave of disruptive and destructive attacks levied against Ukrainian entities by alleged Russian state-sponsored actors, resulting in the deployment of a file wiper dubbed WhisperGate, around the same time multiple websites belonging to the government were defaced.

Interestingly, the ransomware is known to include a trident symbol - that is part of Ukraine's coat of arms - in the ransom note it displays to its victims, leading Ukraine to suspect that this may have been a false flag operation deliberately intended to blame a "Fake" pro-Ukrainian group for staging an attack on their own government.

News URL

https://thehackernews.com/2022/02/ukraine-continues-to-face-cyber.html