Security News

26-year-old Ukrainian national Mark Sokolovsky has been charged for involvement in the Raccoon Stealer malware-as-a-service cybercrime operation. Raccoon Stealer is an information-stealing trojan distributed under the MaaS model that threat actors can rent for $75/week or $200/month.

The Computer Emergency Response Team of Ukraine has issued an alert about potential Cuba Ransomware attacks against critical networks in the country. Running this file will install and execute the "Rmtpak.dll" DLL file, which is Cuba Ransomware's signature malware known as "ROMCOM RAT.".

A new ransomware campaign targeted the transportation and logistics sectors in Ukraine and Poland on October 11 with a previously unknown payload dubbed Prestige. The method of initial access remains unknown, with Microsoft noting that the threat actor had already obtained privileged access to the compromised environment to deploy the ransomware using three different methods.

A threat cluster linked to the Russian nation-state actor tracked as Sandworm has continued its targeting of Ukraine with commodity malware by masquerading as telecom providers, new findings show. Recorded Future said it discovered new infrastructure belonging to UAC-0113 that mimics operators like Datagroup and EuroTransTelecom to deliver payloads such as Colibri loader and Warzone RAT. The attacks are said to be an expansion of the same campaign that previously distributed DCRat using phishing emails with legal aid-themed lures against providers of telecommunications in Ukraine.

The Russian state-sponsored hacking group known as Sandworm has been observed masquerading as telecommunication providers to target Ukrainian entities with malware. Sandworm is a state-backed threat actor attributed by the US government as part of the Russian GRU foreign military intelligence service.

Russian hackers have been targeting Ukrainian entities with previously unseen info-stealing malware during a new espionage campaign that is still active. Security researchers at Cisco Talos attribute the campaign to Gamaredon, a Russian state-backed threat group with a long history of targeting mainly organizations in the Ukrainian government, critical infrastructure, defense, security, and law enforcement.

An ongoing espionage campaign operated by the Russia-linked Gamaredon group is targeting employees of Ukrainian government, defense, and law enforcement agencies with a piece of custom-made information stealing malware. "The adversary is using phishing documents containing lures related to the Russian invasion of Ukraine," Cisco Talos researchers Asheer Malhotra and Guilherme Venere said in a technical write-up shared with The Hacker News.

Russian state-sponsored actors are continuing to strike Ukrainian entities with information-stealing malware as part of what's suspected to be an espionage operation. Symantec, a division of Broadcom Software, attributed the malicious campaign to a threat actor tracked Shuckworm, also known as Actinium, Armageddon, Gamaredon, Primitive Bear, and Trident Ursa.

Ukrainian radio operator TAVR Media on Thursday became the latest victim of a cyberattack, resulting in the broadcast of a fake message that President Volodymyr Zelenskyy was seriously ill. "Cybercriminals spread information that the President of Ukraine, Volodymyr Zelenskyy, is allegedly in intensive care, and his duties are performed by the Chairman of the Verkhovna Rada, Ruslan Stefanchuk," the State Service of Special Communications and Information Protection of Ukraine said in an update.

On Thursday, Ukrainian media group TAVR Media confirmed that it was hacked to spread fake news about President Zelenskiy being in critical condition and under intensive care. SSSCIP added that the attackers breached TAVR Media's servers and broadcasting systems to spread fake news suggesting that the Ukrainian President is allegedly under intensive care, in critical condition, with Parliament Chairman Ruslan Stefanchuk acting in his stead. Zelenskyi also refuted the reports in a video shared on his official Instagram account, saying they were fake news spread by Russian-linked threat actors.