Security News
Ukraine has come under a fresh onslaught of ransomware attacks that mirror previous intrusions attributed to the Russia-based Sandworm nation-state group. Slovak cybersecurity company ESET, which dubbed the new ransomware strain RansomBoggs, said the attacks against several Ukrainian entities were first detected on November 21, 2022.
The Ukrainian CERT has uncovered an attack campaign aimed at compromising Ukrainian organizations and irretrievably encrypting their files. To do that, they are leveraging a specific version of the Somnia ransomware that, "According to the attackers' theoretical plan, does not provide for the possibility of data decryption."
Separately, charges slapped on alleged operator of dark market, The Real Deal Mark Sokolovsky, 26, a Ukrainian national, is being held in the Netherlands while he awaits extradition to America on...
A 26-year-old Ukrainian national has been charged in the U.S. for his alleged role in the Raccoon Stealer malware-as-a-service (MaaS) operation. Mark Sokolovsky, who was arrested by Dutch law...
The threat actor behind a remote access trojan called RomCom RAT has been observed targeting Ukrainian military institutions as part of a new spear-phishing campaign that commenced on October 21, 2022. "Once the victim installs a Trojanized bundle, it drops RomCom RAT to the system."
26-year-old Ukrainian national Mark Sokolovsky has been charged for involvement in the Raccoon Stealer malware-as-a-service cybercrime operation. Raccoon Stealer is an information-stealing trojan distributed under the MaaS model that threat actors can rent for $75/week or $200/month.
The Computer Emergency Response Team of Ukraine has issued an alert about potential Cuba Ransomware attacks against critical networks in the country. Running this file will install and execute the "Rmtpak.dll" DLL file, which is Cuba Ransomware's signature malware known as "ROMCOM RAT.".
A new ransomware campaign targeted the transportation and logistics sectors in Ukraine and Poland on October 11 with a previously unknown payload dubbed Prestige. The method of initial access remains unknown, with Microsoft noting that the threat actor had already obtained privileged access to the compromised environment to deploy the ransomware using three different methods.
A threat cluster linked to the Russian nation-state actor tracked as Sandworm has continued its targeting of Ukraine with commodity malware by masquerading as telecom providers, new findings show. Recorded Future said it discovered new infrastructure belonging to UAC-0113 that mimics operators like Datagroup and EuroTransTelecom to deliver payloads such as Colibri loader and Warzone RAT. The attacks are said to be an expansion of the same campaign that previously distributed DCRat using phishing emails with legal aid-themed lures against providers of telecommunications in Ukraine.
The Russian state-sponsored hacking group known as Sandworm has been observed masquerading as telecommunication providers to target Ukrainian entities with malware. Sandworm is a state-backed threat actor attributed by the US government as part of the Russian GRU foreign military intelligence service.