Security News

Ukraine has come under a fresh cyber onslaught from Russia that involved the deployment of a previously undocumented Golang-based data wiper dubbed SwiftSlicer. ESET attributed the attack to Sandworm, a nation-state group linked to Military Unit 74455 of the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation.

The Ukrainian Computer Emergency Response Team found a cocktail of five different data-wiping malware strains deployed on the network of the country's national news agency on January 17th. "As of January 27, 2023, 5 samples of malicious programs were detected, the functionality of which is aimed at violating the integrity and availability of information," CERT-UA said. Their attempt to wipe out all the data on the news agency's systems failed.

The Russian state-sponsored cyber espionage group known as Gamaredon has continued its digital onslaught against Ukraine, with recent attacks leveraging the popular messaging app Telegram to strike military and law enforcement sectors in the country. "The Gamaredon group's network infrastructure relies on multi-stage Telegram accounts for victim profiling and confirmation of geographic location, and then finally leads the victim to the next stage server for the final payload," the BlackBerry Research and Intelligence Team said in a report shared with The Hacker News.

The Computer Emergency Response Team of Ukraine has linked a destructive malware attack targeting the country's National News Agency of Ukraine to Sandworm Russian military hackers. "According to preliminary data, provided by CERT-UA specialists, the attack have caused certain destructive effects on the agency's information infrastructure, but the threat has been swiftly localized nonetheless," the State Service of Special Communications and Information Protection of Ukraine said.

This picture comes from the Ukraine Cyber Police, who raided a fraudulent call centre just before New Year, where they say the three founders of the scam, plus 37 "Staff", were busted for allegedly operating a large-scale banking fraud. Typically, the scammers try to convince you that your bank account is under attack from fraudsters, and patiently offer to help you "Secure" your account and "Recover" lost or at-risk funds.

"You still have a lot of soldiers bringing cellphones to the frontline who want to talk to their families and they are either being intercepted as they go through a Ukrainian telecommunications provider or intercepted over the air," said Alperovitch. "That doesn't pose too much difficulty for the Ukrainian security services."

The Computer Emergency Response Team of Ukraine this week disclosed that users of the Delta situational awareness program received phishing emails from a compromised email account belonging to the Ministry of Defense. The attacks, which have been attributed to a threat cluster dubbed UAC-0142, aimed to infect systems with two pieces of data-stealing malware referred to as FateGrab and StealDeal.

The Russia-linked Gamaredon group attempted to unsuccessfully break into a large petroleum refining company within a NATO member state earlier this year amid the ongoing Russo-Ukrainian war. The attack, which took place on August 30, 2022, is just one of multiple attacks orchestrated by the advanced persistent threat that's attributed to Russia's Federal Security Service.

Mandiant is reporting on a trojaned Windows installer that targets Ukrainian users. Mandiant uncovered a socially engineered supply chain operation focused on Ukrainian government entities that leveraged trojanized ISO files masquerading as legitimate Windows 10 Operating System installers.

A compromised Ukrainian Ministry of Defense email account was found sending phishing emails and instant messages to users of the 'DELTA' situational awareness program to infect systems with information-stealing malware. The campaign was highlighted in a report today by CERT-UA, which warned Ukrainian military personnel of the malware attack.