Security News > 2023 > February > Russian Hackers Using Graphiron Malware to Steal Data from Ukraine
A Russia-linked threat actor has been observed deploying a new information-stealing malware in cyber attacks targeting Ukraine.
Dubbed Graphiron by Broadcom-owned Symantec, the malware is the handiwork of an espionage group known as Nodaria, which is tracked by the Computer Emergency Response Team of Ukraine as UAC-0056.
The group, which is said to be active since at least April 2021, has since repeatedly deployed custom backdoors such as GraphSteel and GrimPlant in various campaigns since Russia's military invasion of Ukraine.
An analysis of the infection chains reveals the presence of two stages, a downloader that's responsible for retrieving an encrypted payload containing the Graphiron malware from a remote server.
With the latest findings, Nodaria joins another Russian state-sponsored group referred to as Gamaredon in extensively singling out Ukraine.
"While Nodaria was relatively unknown prior to the Russian invasion of Ukraine, the group's high-level activity over the past year suggests that it is now one of the key players in Russia's ongoing cyber campaigns against Ukraine," Symantec said.
News URL
https://thehackernews.com/2023/02/russian-hackers-using-graphiron-malware.html
Related news
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia (source)
- FIN7 hackers launch deepfake nude “generator” sites to spread malware (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- 100+ domains seized to stymie Russian Star Blizzard hackers (source)
- Pro-Ukrainian Hackers Strike Russian State TV on Putin's Birthday (source)
- N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware (source)
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- Russian Espionage Group Targets Ukrainian Military with Malware via Telegram (source)
- Russian charged by U.S. for creating RedLine infostealer malware (source)