Security News > 2022 > July > Russian hackers use fake DDoS app to infect pro-Ukrainian activists
Google's Threat Analysis Group, whose primary goal is to defend Google users from state-sponsored attacks, said today that Russian-backed threat groups are still focusing their attacks on Ukrainian organizations.
In a report regarding recent cyber activity in Eastern Europe, Google TAG security engineer Billy Leonard revealed that hackers part of the Turla Russian APT group have also been spotted deploying their first Android malware.
Google TAG's analysts believe Turla's operators used the StopWar Android app developed by pro-Ukrainian developers when creating their own fake 'Cyber Azov' DDoS application.
"Join the Cyber Azov and help stop russian aggression against Ukraine! We are a community of free people around the world who are fighting against russia's aggression," the attackers prodded potential targets on the app's download page.
"The app is distributed under the guise of performing Denial of Service attacks against a set of Russian websites. However, the 'DoS' consists only of a single GET request to the target website, not enough to be effective."
Google TAG also said in May that it observed the Turla hackers pushing credential phishing emails in attacks against Ukrainian defense and cybersecurity organizations.
News URL
Related news
- Russian Sandworm hackers targeted 20 critical orgs in Ukraine (source)
- Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028) (source)
- Ukrainian REvil Hacker Sentenced to 13 Years and Ordered to Pay $16 Million (source)
- Russian Hacker Dmitry Khoroshev Unmasked as LockBit Ransomware Administrator (source)
- Poland says Russian military hackers target its govt networks (source)
- Russian hackers use new Lunar malware to breach a European govt's agencies (source)
- Russian Hackers Target Europe with HeadLace Malware and Credential Harvesting (source)