Security News > 2022 > February > Ukraine Continues to Face Cyber Espionage Attacks from Russian Hackers
Cybersecurity researchers on Monday said they uncovered evidence of attempted attacks by a Russia-linked hacking operation targeting a Ukrainian entity in July 2021.
Broadcom-owned Symantec, in a new report published Monday, attributed the attacks to an actor tracked as Gamaredon, a cyber-espionage collective known to be active since at least 2013.
Gamaredon attacks typically originate with phishing emails that trick the recipients into installing a custom remote access trojan called Pterodo.
"The attack chain began with a malicious document, likely sent via a phishing email, which was opened by the user of the infected machine," the researchers said.
The findings come amidst a wave of disruptive and destructive attacks levied against Ukrainian entities by alleged Russian state-sponsored actors, resulting in the deployment of a file wiper dubbed WhisperGate, around the same time multiple websites belonging to the government were defaced.
Interestingly, the ransomware is known to include a trident symbol - that is part of Ukraine's coat of arms - in the ransom note it displays to its victims, leading Ukraine to suspect that this may have been a false flag operation deliberately intended to blame a "Fake" pro-Ukrainian group for staging an attack on their own government.
News URL
https://thehackernews.com/2022/02/ukraine-continues-to-face-cyber.html
Related news
- Russian Hackers Target Ukraine with Disinformation and Credential-Harvesting Attacks (source)
- Russian APT28 Hackers Targeting High-Value Orgs with NTLM Relay Attacks (source)
- Russian hackers shift to cloud attacks, US and allies warn (source)
- Russian hackers hijack Ubiquiti routers to launch stealthy attacks (source)
- Hackers steal data of 2 million in SQL injection, XSS attacks (source)
- Microsoft, OpenAI Warn of Nation-State Hackers Weaponizing AI for Cyber Attacks (source)
- Chinese Hackers Using Deepfakes in Advanced Mobile Banking Malware Attacks (source)
- Russian Turla Hackers Target Polish NGOs with New TinyTurla-NG Backdoor (source)
- FBI disrupts Moobot botnet used by Russian military hackers (source)
- U.S. Government Disrupts Russia-Linked Botnet Engaged in Cyber Espionage (source)