Security News > 2022 > June > Russian hackers start targeting Ukraine with Follina exploits
Ukraine's Computer Emergency Response Team is warning that the Russian hacking group Sandworm may be exploiting Follina, a remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool currently tracked as CVE-2022-30190.
It is worth noting that Ukraine's agency assesses with medium confidence that behind the malicious activity is the Sandworm hacker group.
CERT-UA says that Russian hackers launched a new malicious email campaign leveraging Follina and targeted more than 500 recipients at various media organizations in Ukraine, including radio stations and newspapers.
Sandworm has been targeting Ukraine constantly over the past few years, and the frequency of attacks increased after the Russian invasion into Ukraine.
In April, it was discovered that Sandworm attempted to take down a large Ukrainian energy provider by targeting its electrical substations with a new variant of the Industroyer malware.
In February, security researchers discovered that Sandworm was the group responsible for creating and operating the Cyclops Blink botnet, a highly persistent malware relying on firmware manipulation.
News URL
Related news
- Russian Turla hackers hit Starlink-connected devices in Ukraine (source)
- Russian cyber spies hide behind other hackers to target Ukraine (source)
- Hackers exploit ProjectSend flaw to backdoor exposed servers (source)
- Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russia-Linked Turla Exploits Pakistani Hackers' Servers to Target Afghan and Indian Entities (source)
- Hackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus Backdoor (source)
- FSB Uses Trojan App to Monitor Russian Programmer Accused of Supporting Ukraine (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-01 | CVE-2022-30190 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Microsoft products A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. | 0.0 |