Security News > 2022 > June > Russian hackers start targeting Ukraine with Follina exploits
Ukraine's Computer Emergency Response Team is warning that the Russian hacking group Sandworm may be exploiting Follina, a remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool currently tracked as CVE-2022-30190.
It is worth noting that Ukraine's agency assesses with medium confidence that behind the malicious activity is the Sandworm hacker group.
CERT-UA says that Russian hackers launched a new malicious email campaign leveraging Follina and targeted more than 500 recipients at various media organizations in Ukraine, including radio stations and newspapers.
Sandworm has been targeting Ukraine constantly over the past few years, and the frequency of attacks increased after the Russian invasion into Ukraine.
In April, it was discovered that Sandworm attempted to take down a large Ukrainian energy provider by targeting its electrical substations with a new variant of the Industroyer malware.
In February, security researchers discovered that Sandworm was the group responsible for creating and operating the Cyclops Blink botnet, a highly persistent malware relying on firmware manipulation.
News URL
Related news
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Russian Turla hackers hit Starlink-connected devices in Ukraine (source)
- Russian cyber spies hide behind other hackers to target Ukraine (source)
- Russian hackers deliver malicious RDP configuration files to thousands (source)
- High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign (source)
- Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia (source)
- Faraway Russian hackers breached US organization via Wi-Fi (source)
- Firefox and Windows zero-days exploited by Russian RomCom hackers (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-06-01 | CVE-2022-30190 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Microsoft products A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. | 0.0 |