Security News > 2022 > July > Russian hackers use fake DDoS app to infect pro-Ukrainian activists
Google's Threat Analysis Group, whose primary goal is to defend Google users from state-sponsored attacks, said today that Russian-backed threat groups are still focusing their attacks on Ukrainian organizations.
In a report regarding recent cyber activity in Eastern Europe, Google TAG security engineer Billy Leonard revealed that hackers part of the Turla Russian APT group have also been spotted deploying their first Android malware.
Google TAG's analysts believe Turla's operators used the StopWar Android app developed by pro-Ukrainian developers when creating their own fake 'Cyber Azov' DDoS application.
"Join the Cyber Azov and help stop russian aggression against Ukraine! We are a community of free people around the world who are fighting against russia's aggression," the attackers prodded potential targets on the app's download page.
"The app is distributed under the guise of performing Denial of Service attacks against a set of Russian websites. However, the 'DoS' consists only of a single GET request to the target website, not enough to be effective."
Google TAG also said in May that it observed the Turla hackers pushing credential phishing emails in attacks against Ukrainian defense and cybersecurity organizations.
News URL
Related news
- Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp (source)
- Russian hackers attack Western military mission using malicious drive (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp (source)
- France ties Russian APT28 hackers to 12 cyberattacks on French orgs (source)