Security News > 2023 > February > Russian hackers using new Graphiron information stealer in Ukraine
The Russian hacking group known as 'Nodaria' is using a new information-stealing malware called 'Graphiron' to steal data from Ukrainian organizations.
Symantec's threat research team discovered that Nodaria has been using Graphiron in attacks since at least October 2022 through mid-January 2023.
Graphiron consists of a downloader and a secondary information-stealing payload. When launched, the downloader will check for various security software and malware analysis tools, and if none are detected, download the information-stealing component.
Graphiron uses AES encryption with hardcoded keys to communicate with the C2 server through port 443, a noteworthy similarity to older Nodaria tools like GraphSteal and GrimPlant.
Typically, Russian hackers deliver their payloads to targets via spear-phishing emails, with the ongoing war providing plenty of opportunity for effective baits.
Graphiron is the latest addition to Nodaria's arsenal, combining the features of the group's past custom tools into one payload while also featuring obfuscation.
News URL
Related news
- Russian military hackers deploy malicious Windows activators in Ukraine (source)
- Russian ISP confirms Ukrainian hackers "destroyed" its network (source)
- How Russian hackers went after NGOs’ WhatsApp accounts (source)
- EU sanctions Russian GRU hackers for cyberattacks against Estonia (source)
- Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts (source)