Security News > 2022 > September > Russian Sandworm Hackers Impersonate Ukrainian Telecoms to Distribute Malware
A threat cluster linked to the Russian nation-state actor tracked as Sandworm has continued its targeting of Ukraine with commodity malware by masquerading as telecom providers, new findings show.
Recorded Future said it discovered new infrastructure belonging to UAC-0113 that mimics operators like Datagroup and EuroTransTelecom to deliver payloads such as Colibri loader and Warzone RAT. The attacks are said to be an expansion of the same campaign that previously distributed DCRat using phishing emails with legal aid-themed lures against providers of telecommunications in Ukraine.
Sandworm is a destructive Russian threat group that's best known for carrying out attacks such as the 2015 and 2016 targeting of Ukrainian electrical grid and 2017's NotPetya attacks.
The adversarial collective, also known as Voodoo Bear, sought to damage high-voltage electrical substations, computers and networking equipment for the third time in Ukraine earlier this April through a new variant of a piece of malware known as Industroyer.
"A transition from DarkCrystal RAT to Colibri Loader and Warzone RAT demonstrates UAC-0113's broadening but continuing use of publicly available commodity malware," Recorded Future said.
HTML smuggling, as the name goes, is an evasive malware delivery technique that leverages legitimate HTML and JavaScript features to distribute malware and get around conventional security controls.
News URL
https://thehackernews.com/2022/09/russian-sandworm-hackers-impersonate.html
Related news
- Russian Hackers Use 'WINELOADER' Malware to Target German Political Parties (source)
- Russian hackers use new Lunar malware to breach a European govt's agencies (source)
- Hackers Hit Indian Defense, Energy Sectors with Malware Posing as Air Force Invite (source)
- Hackers Target macOS Users with Malicious Ads Spreading Stealer Malware (source)
- China-linked Hackers Deploy New 'UNAPIMON' Malware for Stealthy Operations (source)
- Vietnam-Based Hackers Steal Financial Data Across Asia with Malware (source)
- TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks (source)
- Russian Sandworm hackers pose as hacktivists in water utility breaches (source)
- Russian Sandworm hackers targeted 20 critical orgs in Ukraine (source)
- Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028) (source)