Security News > 2023 > February > Ukraine says Russian hackers backdoored govt websites in 2021
The Computer Emergency Response Team of Ukraine says Russian state hackers have breached multiple government websites this week using backdoors planted as far back as December 2021.
CERT-UA spotted the attacks after discovering a web shell on Thursday morning on one of the hacked websites that the threat actors used to install additional malware.
"Today, on February 23, an attack was detected on a number of websites of Ukrainian central and local authorities, resulting in a modification of the content of some of their webpages," Ukraine's cybersecurity defense and security agency SSSCIP said on Thursday.
Ember Bear, the group behind this week's incident, has been active since at least March 2021 and is focused on targeting Ukrainian entities with backdoors, information stealers, and fake ransomware primarily delivered via phishing emails.
The APT group was spotted ramping up its phishing campaigns and network compromise efforts in Ukraine starting in December 2021.
Last month, CERT-UA disclosed another cyberattack linked to the Russian Sandworm military hacking group against the country's national news agency with CaddyWiper data-wiping malware, which failed to impact its operations.
News URL
Related news
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- 100+ domains seized to stymie Russian Star Blizzard hackers (source)
- Pro-Ukrainian Hackers Strike Russian State TV on Putin's Birthday (source)
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- Russian hackers deliver malicious RDP configuration files to thousands (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)