Security News
The Google Threat Analysis Group says more and more threat actors are now using Russia's war in Ukraine to target Eastern European and NATO countries, including Ukraine, in phishing and malware attacks. The report's highlight are credential phishing attacks coordinated by a Russian-based threat group tracked as COLDRIVER against a NATO Centre of Excellence and Eastern European militaries.
Facebook says it took down accounts used by a Belarusian-linked hacking group to target Ukrainian officials and military personnel on its platform. "We detected attempts to target people on Facebook to post YouTube videos portraying Ukrainian troops as weak and surrendering to Russia, including one video claiming to show Ukrainian soldiers coming out of a forest while flying a white flag of surrender," Meta's Head of Security Policy Nathaniel Gleicher and Threat Disruption Director David Agranovich said.
The Computer Emergency Response Team of Ukraine warned today of a spearphishing campaign targeting private email accounts belonging to Ukrainian armed forces personnel. The phishing emails are being sent from two domains, the former trying to impersonate the i.ua free Internet portal providing email services to Ukrainians since 2008.
The Computer Emergency Response Team of Ukraine warned today of a spearphishing campaign targeting private email accounts belonging to Ukrainian armed forces personnel. The phishing emails are being sent from two domains, the former trying to impersonate the i.ua free Internet portal providing email services to Ukrainians since 2008.
Cybersecurity firms ESET and Broadcom's Symantec said they discovered a new data wiper malware used in fresh attacks against hundreds of machines in Ukraine, as Russian forces formally launched a full-scale military operation against the country. The Slovak company dubbed the wiper "HermeticWiper", with one of the malware samples compiled on December 28, 2021, implying that preparations for the attacks may have been underway for nearly two months.
The websites of the Ukrainian military and at least two of the nation's biggest banks were knocked offline in a cyberattack today. On social media, it reported "Technical works on restoration of regular functioning" are underway after it was "Probably attacked by DDoS: an excessive number of requests per second was recorded." Other military sites are also apparently suffering outages.
A distributed denial-of-service cyber-attack today took down Ukrainian defense military websites - and at least two of the nation's biggest banks were knocked offline, too. Ukraine's Ministry of Defense website is still unavailable at time of publication.
The Ukrainian Ministry of Defense, whose site has been taken down following the attacks, said that its "Website was probably attacked by DDoS: an excessive number of requests per second was recorded." "Starting from the afternoon of February 15, 2022, there is a powerful DDOS attack on a number of information resources of Ukraine," Ukraine's State Service for Special Communication and Information Protection added.
The Ukrainian Ministry of Defense, whose site has been taken down following the attacks, said that its "Website was probably attacked by DDoS: an excessive number of requests per second was recorded. Technical works on restoration of regular functioning are carried out." While the Ukrainian defense ministry site has been knocked out, Oschadbank's website is still accessible although customers cannot log in to their online banking accounts.
A politically motivated advanced persistent threat group has expanded its malware arsenal to include a new remote access trojan in its espionage attacks aimed at Indian military and diplomatic entities. Called CapraRAT by Trend Micro, the implant is an Android RAT that exhibits a high "Degree of crossover" with another Windows malware known as CrimsonRAT that's associated with Earth Karkaddan, a threat actor that's also tracked under the monikers APT36, Operation C-Major, PROJECTM, Mythic Leopard, and Transparent Tribe.