Security News > 2022 > April > Russian-linked Shuckworm crew ramps up Ukraine attacks

Shuckworm's attacks are part of an ongoing campaign by Russian state-sponsored threat groups that escalated their efforts in the run-up to the invasion of Ukraine in late February, and have continue their attacks since.

The Security Service of Ukraine last year said the group was responsible for more than 5,000 attacks against public agencies or critical infrastructure and linked Shuckworm to the FSB, Russia's security service and successor to the KGB. The SSU said the group targeted more than 1,500 government computer systems over seven years.

"These attacks [in Ukraine] have continued unabated since the Russian invasion of the country," the Symantec researchers wrote.

"While the group's tools and tactics are simple and sometimes crude, the frequency and persistence of its attacks mean that it remains one of the key cyber threats facing organizations in the region."

Along with the Pterodo backdoor, Shuckworm uses other tools alongside, including UltraVNC, an open-source remote administration and remote desktop software utility that has been used by the gang in previous attacks, and Process Explorer, a tool with Microsoft's Sysinternals for managing handles and DLL processes.

"While Shuckworm is not the most tactically sophisticated espionage group, it compensates for this in its focus and persistence in relentlessly targeting Ukraine organizations," the researchers wrote.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/04/20/shuckworm-attack-ukraine-symantec/