Security News

Avast has released a decryptor for the HermeticRansom ransomware strain used in targeted attacks against Ukrainian systems over the past ten days. Crowdstrike was quick to spot a weakness in the cryptographic schema of the GO-written strain and offered a script to decrypt the files encrypted by HermeticRansom.

The Ukrainian government attributed the activities to a threat actor tracked as UNC1151, a Minsk-based group whose "Members are officers of the Ministry of Defence of the Republic of Belarus." In a follow-up update, the agency said the nation-state group also targets its own citizens, while simultaneously setting its sights on Russian entities -. The development follows a barrage of data wiper and distributed-denial-of-service attacks against Ukrainian government agencies, even as various hacking groups and ransomware syndicates are capitalizing on the chaos to take sides and further their activities.

Slovakian infosec firm ESET has found a second similar strain in Ukraine. Last week, as the Russian armed forces invaded Ukraine, ESET published details of one wiper - malware that destroys data on whatever computer or device it has infected.

Microsoft on Monday disclosed that it detected a new round of offensive and destructive cyberattacks directed against Ukraine's digital infrastructure hours before Russia launched its first missile strikes last week. The intrusions involved the use of a never-before-seen malware package dubbed FoxBlade, according to the tech giant's Threat Intelligence Center, noting that it added new signatures to its Defender anti-malware service to detect the exploit within three hours of the discovery.

"As tanks rolled into Ukraine, so did malware," summarized humanitarian author Andreas Harsono, referring to the novel malware that Microsoft has named FoxBlade. "Several hours before the launch of missiles or movement of tanks on February 24, Microsoft's Threat Intelligence Center detected a new round of offensive and destructive cyberattacks directed against Ukraine's digital infrastructure," Microsoft President and Vice-Chair Brad Smith said.

One of the most interesting ones is a previously unknown malware with destructive payload that has popped up on hundreds of Ukrainian machines lately. On Feb. 23, a tweet from ESET Research claims they discovered a new malware that wipes data, used in Ukraine.

The development follows Ukraine's successful effort of raising over $37 million in crypto donations from all around the world amid the country's ongoing invasion by Russian troops. 'Help Ukraine' crypto donation scams on the rise.

Microsoft is decrying what it calls the "Tragic, unlawful and unjustified invasion of Ukraine" by Russia, and vowed to continue protecting the country from cyberattacks and state-sponsored disinformation campaigns. The software giant added it will support humanitarian efforts as Ukrainians try to fend off an invading Russian army and as hundreds of thousands flee Ukraine into such neighbors as Poland, Romania, and Moldova.

Microsoft said that Ukrainian networks were targeted with recently found malware several hours before Russia's invasion of Ukraine on February 24th. Researchers with the Microsoft Threat Intelligence Center observed destructive attacks targeting Ukraine and spotted a malware strain they named FoxBlade. "We immediately advised the Ukrainian government about the situation, including our identification of the use of a new malware package, and provided technical advice on steps to prevent the malware's success."

Microsoft said that Ukrainian networks were targeted with newly found malware several hours before Russia's invasion of Ukraine on February 24th. Researchers with the Microsoft Threat Intelligence Center observed destructive attacks targeting Ukraine and spotted a new malware strain they dubbed FoxBlade. "Several hours before the launch of missiles or movement of tanks on February 24, Microsoft's Threat Intelligence Center detected a new round of offensive and destructive cyberattacks directed against Ukraine's digital infrastructure," Microsoft President and Vice-Chair Brad Smith said.