Security News

Zhora is the deputy chairman and chief digital transformation officer at Ukraine's state service of special communication and information protection. It's been ongoing since at least Moscow annexing Crimea in 2014, leading up to the NotPetya ransomware outbreak in 2017, and all of this helped prepare Ukraine and its networks for the series of data wiping malware and denial of service attacks that started in January of this year.

Microsoft says new Prestige ransomware is being used to target transportation and logistics organizations in Ukraine and Poland in ongoing attacks. "This activity was not connected to any of the 94 currently active ransomware activity groups that Microsoft tracks. The Prestige ransomware had not been observed by Microsoft prior to this deployment," MSTIC added.

The Ukrainian government on Monday warned of "Massive cyberattacks" by Russia targeting critical infrastructure facilities located in the country and that of its allies. The attacks are said to be targeting the energy sector, the Main Directorate of Intelligence of the Ministry of Defense of Ukraine said.

Russia plans to conduct "Massive cyberattacks" on Ukraine and its allies' critical infrastructure and energy sector, according to Kyiv. "The occupiers are preparing massive cyber attacks on critical infrastructure facilities of Ukraine and its allies," according to a statement from Ukraine's Defense Ministry issued on Monday.

The Ukrainian military intelligence service warned today that Russia is planning to escalate cyber-attacks targeting the critical infrastructure of Ukraine and its allies. "The Kremlin plans to carry out massive cyber attacks on critical infrastructure of Ukrainian enterprises and institutions of critical infrastructure of Ukraine's allies," the intelligence service warned.

The group specialized in the sales of 30 million accounts belonging to citizens from Ukraine and the European Union on the dark web and netted a profit of $372,000 through electronic payment systems like YooMoney, Qiwi, and WebMoney that are outlawed in the country. "It was them who used the received identification data of Ukrainian and foreign citizens to spread fake 'news' from the front and sow panic."

The cyber department of Ukraine's Security Service has taken down a group of hackers that stole accounts of about 30 million individuals and sold them on the dark web. The SSU says that the threat actor offered data packs, which were purchased in bulk by pro-Kremlin propagandists, who then used the accounts to spread fake news on social media, instill panic, and cause destabilization in Ukraine and other countries.

The Cyber Department of the Ukrainian Security Service dismantled two more bot farms that spread Russian disinformation on social networks and messaging platforms via thousands of fake accounts. To hide his identity, he used forged Ukrainian documents, Russian e-mail services, and virtual phone numbers of Russian and Belarusian mobile operators for verification.

Former members of the Conti cybercrime cartel have been implicated in five different campaigns targeting Ukraine from April to August 2022. One of the prominent campaigns undertaken by the group in June 2022 entailed the abuse of Follina vulnerability in the Windows operating system to deploy CrescentImp and Cobalt Strike Beacons on to targeted hosts in media and critical infrastructure entities.

Google says some former Conti cybercrime gang members, now part of a threat group tracked as UAC-0098, are targeting Ukrainian organizations and European non-governmental organizations. Google TAG says its attribution is based on multiple overlaps between UAC-0098, Trickbot, and the Conti cybercrime group.