Security News

UAC-0099 Using WinRAR Exploit to Target Ukrainian Firms with LONEPAGE Malware
2023-12-22 07:46

The threat actor known as UAC-0099 has been linked to continued attacks aimed at Ukraine, some of which leverage a high-severity flaw in the WinRAR software to deliver a malware strain called...

Ukrainian military says it hacked Russia's federal tax agency
2023-12-12 20:39

The Ukrainian government's military intelligence service says it hacked the Russian Federal Taxation Service, wiping the agency's database and backup copies. Following this operation, carried out by cyber units within Ukraine's Defense Intelligence, military intelligence officers breached Russia's federal taxation service central servers and 2,300 regional servers across Russia and occupied Ukrainian territories.

Ukrainian ransomware gang behind high-profile attacks dismantled
2023-11-28 10:43

Law enforcement and judicial authorities from seven countries have joined forces with Europol and Eurojust to dismantle and apprehend in Ukraine key figures behind significant ransomware operations. More than 20 investigators from Norway, France, Germany and the United States were deployed to Kyiv to assist the Ukrainian National Police with their investigative measures.

Sandworm hackers incapacitated Ukrainian power grid amid missile strike
2023-11-09 16:08

Russia-backed ATP group Sandworm is behind the cyberattack that caused disruption of parts of the Ukrainian power grid in late 2022, according to Mandiant. In this particular "Multi-event cyber attack" described by Mandiant, they used living off the land techniques to target OT systems and trigger a power outage, which happened simultaneously with missile strikes on Ukrainian critical infrastructure.

Russia's Sandworm – not just missile strikes – to blame for Ukrainian power blackouts
2023-11-09 08:00

Blackouts in Ukraine last year were not just caused by missile strikes on the nation but also by a seemingly coordinated cyberattack on one of its power plants. That's according to Mandiant's threat intel team, which said Russia's Sandworm crew was behind the two-pronged power-outage and data-wiping attack.

FSB arrests Russian hackers working for Ukrainian cyber forces
2023-11-01 23:20

The Russian Federal Security Service arrested two individuals believed to have helped Ukrainian forces carry out cyberattacks to disrupt Russian critical infrastructure targets. Russia's security agency published a press release on Tuesday saying that its officers detained two hackers who either assisted or joined Ukraine's hackers in cyber operations.

Ukrainian activists hack Trigona ransomware gang, wipe servers
2023-10-18 23:17

A group of cyber activists under the Ukrainian Cyber Alliance banner has hacked the servers of the Trigona ransomware gang and wiped them clean after copying all the information available. Ukrainian Cyber Alliance hackers gained access to Trigona ransomware's infrastructure by using a public exploit for CVE-2023-22515, a critical vulnerability in Confluence Data Center and Server that can be leveraged remotely to escalate privileges.

CERT-UA Reports: 11 Ukrainian Telecom Providers Hit by Cyberattacks
2023-10-17 05:46

The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed that threat actors "interfered" with at least 11 telecommunication service providers in the country between May and September...

Russian Sandworm hackers breached 11 Ukrainian telcos since May
2023-10-16 18:06

The agency states that the Russian hackers "Interfered" with the communication systems of 11 telcos in the country, leading to service interruptions and potential data breaches. Sandworm is a very active espionage threat group linked to Russia's GRU. The attackers have focused on Ukraine throughout 2023, using phishing lures, Android malware, and data-wipers.

Ukrainian Military Targeted in Phishing Campaign Leveraging Drone Manuals
2023-09-25 13:05

Ukrainian military entities are the target of a phishing campaign that leverages drone manuals as lures to deliver a Go-based open-source post-exploitation toolkit called Merlin. "Since drones or...