Security News

Meta says it took down an extensive network of Facebook and Instagram accounts pushing disinformation published on more than 60 websites that spoofed multiple legitimate news sites across Europe. This influence network mainly targeted Germany, France, Italy, Ukraine, and the U.K., with original articles arguing that Western sanctions on Russia would backfire and criticizing Ukraine and Ukrainian refugees.

Russia plans to conduct "Massive cyberattacks" on Ukraine and its allies' critical infrastructure and energy sector, according to Kyiv. "The occupiers are preparing massive cyber attacks on critical infrastructure facilities of Ukraine and its allies," according to a statement from Ukraine's Defense Ministry issued on Monday.

The Ukrainian military intelligence service warned today that Russia is planning to escalate cyber-attacks targeting the critical infrastructure of Ukraine and its allies. "The Kremlin plans to carry out massive cyber attacks on critical infrastructure of Ukrainian enterprises and institutions of critical infrastructure of Ukraine's allies," the intelligence service warned.

At least three alleged hacktivist groups working in support of Russian interests are likely doing so in collaboration with state-sponsored cyber threat actors, according to Mandiant. The Google-owned threat intelligence and incident response firm said with moderate confidence that "Moderators of the purported hacktivist Telegram channels 'XakNet Team,' 'Infoccentr,' and 'CyberArmyofRussia Reborn' are coordinating their operations with Russian Main Intelligence Directorate-sponsored cyber threat actors."

Dubbed Void Balaur, the cyber mercenary collective has a history of launching cyberattacks against biotechnology and telecom companies since 2015. "Void Balaur primarily dabbles in cyber espionage and data theft, selling the stolen information to anyone willing to pay," Trend Micro noted at the time.

A threat cluster linked to the Russian nation-state actor tracked as Sandworm has continued its targeting of Ukraine with commodity malware by masquerading as telecom providers, new findings show. Recorded Future said it discovered new infrastructure belonging to UAC-0113 that mimics operators like Datagroup and EuroTransTelecom to deliver payloads such as Colibri loader and Warzone RAT. The attacks are said to be an expansion of the same campaign that previously distributed DCRat using phishing emails with legal aid-themed lures against providers of telecommunications in Ukraine.

The Russian state-sponsored hacking group known as Sandworm has been observed masquerading as telecommunication providers to target Ukrainian entities with malware. Sandworm is a state-backed threat actor attributed by the US government as part of the Russian GRU foreign military intelligence service.

Russian hackers have been targeting Ukrainian entities with previously unseen info-stealing malware during a new espionage campaign that is still active. Security researchers at Cisco Talos attribute the campaign to Gamaredon, a Russian state-backed threat group with a long history of targeting mainly organizations in the Ukrainian government, critical infrastructure, defense, security, and law enforcement.

An ongoing espionage campaign operated by the Russia-linked Gamaredon group is targeting employees of Ukrainian government, defense, and law enforcement agencies with a piece of custom-made information stealing malware. "The adversary is using phishing documents containing lures related to the Russian invasion of Ukraine," Cisco Talos researchers Asheer Malhotra and Guilherme Venere said in a technical write-up shared with The Hacker News.

The Cyber Department of the Ukrainian Security Service dismantled two more bot farms that spread Russian disinformation on social networks and messaging platforms via thousands of fake accounts. To hide his identity, he used forged Ukrainian documents, Russian e-mail services, and virtual phone numbers of Russian and Belarusian mobile operators for verification.