Security News > 2023 > February > Russian hackers using new Graphiron information stealer in Ukraine
The Russian hacking group known as 'Nodaria' is using a new information-stealing malware called 'Graphiron' to steal data from Ukrainian organizations.
Symantec's threat research team discovered that Nodaria has been using Graphiron in attacks since at least October 2022 through mid-January 2023.
Graphiron consists of a downloader and a secondary information-stealing payload. When launched, the downloader will check for various security software and malware analysis tools, and if none are detected, download the information-stealing component.
Graphiron uses AES encryption with hardcoded keys to communicate with the C2 server through port 443, a noteworthy similarity to older Nodaria tools like GraphSteal and GrimPlant.
Typically, Russian hackers deliver their payloads to targets via spear-phishing emails, with the ongoing war providing plenty of opportunity for effective baits.
Graphiron is the latest addition to Nodaria's arsenal, combining the features of the group's past custom tools into one payload while also featuring obfuscation.
News URL
Related news
- Russian Sandworm hackers targeted 20 critical orgs in Ukraine (source)
- Ukraine claims it hacked Russian Ministry of Defense servers (source)
- Microsoft says Russian hackers breached its systems, accessed source code (source)
- Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets (source)
- Microsoft: Russian hackers accessed internal systems, code repositories (source)
- Ukraine arrests hackers trying to sell 100 million stolen accounts (source)
- Russian Hackers May Have Targeted Ukrainian Telecoms with Upgraded 'AcidPour' Malware (source)
- Russian hackers target German political parties with WineLoader malware (source)
- Russian Hackers Use 'WINELOADER' Malware to Target German Political Parties (source)
- Russian Sandworm hackers pose as hacktivists in water utility breaches (source)