Security News
Threat actors are distributing malware using phishing themes related to the invasion of Ukraine, aiming to infect their targets with remote access trojans such as Agent Tesla and Remcos. It is common for malware distributors to take advantage of trending global events to trick the recipient into opening email attachments, and at this time, there is nothing more closely watched than Russia's invasion of Ukraine.
Roskomnadzor, Russia's telecommunications watchdog, asked Google to stop advertising campaigns spreading misinformation about Russia's invasion of Ukraine on YouTube videos. "Roskomnadzor sent a letter to Google LLC with a demand to immediately stop disseminating false information of a political nature about the special operation of the Russian Armed Forces in Ukraine on the territory of Russia," the internet watchdog explained.
The Security Service of Ukraine said today "Enemy" hackers are using compromised local government and regional authorities' websites to push rumors that Ukraine surrendered and signed a peace treaty with Russia. "WARNING! ANOTHER FAKE! The enemy has broken into some sites of regional authorities and local governments and spreads through them lies about the alleged 'capitulation and signing of a peace treaty with Russia'," the SSU said, as Reuters first reported.
Ukraine has been at the center of an unprecedented wave of cyberattacks in recent weeks and months, from distributed denial-of-service campaigns against organizations and citizens to attacks against national infrastructure and more. This phishing targeted a very specific group of European government personnel involved in managing the outflux of refugees from Ukraine.
Avast has released a decryptor for the HermeticRansom ransomware strain used in targeted attacks against Ukrainian systems over the past ten days. Crowdstrike was quick to spot a weakness in the cryptographic schema of the GO-written strain and offered a script to decrypt the files encrypted by HermeticRansom.
The Ukrainian government attributed the activities to a threat actor tracked as UNC1151, a Minsk-based group whose "Members are officers of the Ministry of Defence of the Republic of Belarus." In a follow-up update, the agency said the nation-state group also targets its own citizens, while simultaneously setting its sights on Russian entities -. The development follows a barrage of data wiper and distributed-denial-of-service attacks against Ukrainian government agencies, even as various hacking groups and ransomware syndicates are capitalizing on the chaos to take sides and further their activities.
Slovakian infosec firm ESET has found a second similar strain in Ukraine. Last week, as the Russian armed forces invaded Ukraine, ESET published details of one wiper - malware that destroys data on whatever computer or device it has infected.
Microsoft on Monday disclosed that it detected a new round of offensive and destructive cyberattacks directed against Ukraine's digital infrastructure hours before Russia launched its first missile strikes last week. The intrusions involved the use of a never-before-seen malware package dubbed FoxBlade, according to the tech giant's Threat Intelligence Center, noting that it added new signatures to its Defender anti-malware service to detect the exploit within three hours of the discovery.
"As tanks rolled into Ukraine, so did malware," summarized humanitarian author Andreas Harsono, referring to the novel malware that Microsoft has named FoxBlade. "Several hours before the launch of missiles or movement of tanks on February 24, Microsoft's Threat Intelligence Center detected a new round of offensive and destructive cyberattacks directed against Ukraine's digital infrastructure," Microsoft President and Vice-Chair Brad Smith said.
One of the most interesting ones is a previously unknown malware with destructive payload that has popped up on hundreds of Ukrainian machines lately. On Feb. 23, a tweet from ESET Research claims they discovered a new malware that wipes data, used in Ukraine.