• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
russian hackers using graphiron malware to steal data from ukraine

Russian Hackers Using Graphiron Malware to Steal Data from Ukraine

You are here: Home / General Cyber Security News / Russian Hackers Using Graphiron Malware to Steal Data from Ukraine
February 8, 2023

A Russia-linked danger actor has been observed deploying a new information-thieving malware in cyber attacks focusing on Ukraine.

Dubbed Graphiron by Broadcom-owned Symantec, the malware is the handiwork of an espionage group regarded as Nodaria, which is tracked by the Computer Unexpected emergency Response Crew of Ukraine (CERT-UA) as UAC-0056.

“The malware is published in Go and is built to harvest a extensive range of information and facts from the infected computer system, such as method facts, credentials, screenshots, and files,” the Symantec Threat Hunter Team explained in a report shared with The Hacker News.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Nodaria was to start with spotlighted by CERT-UA in January 2022, contacting notice to the adversary’s use of SaintBot and OutSteel malware in spear-phishing attacks concentrating on federal government entities.

The group, which is reported to be active since at least April 2021, has considering the fact that repeatedly deployed custom backdoors these kinds of as GraphSteel and GrimPlant in several campaigns because Russia’s armed forces invasion of Ukraine. Pick out intrusions have also entailed the shipping and delivery of Cobalt Strike Beacon for article-exploitation.

Graphiron, the newest plan extra to the group’s arsenal, is an improved variation of GraphSteel, packing in attributes to operate shell instructions and harvest technique details, files, qualifications, screenshots, and SSH keys.

Another noteworthy aspect is that though GraphSteel and GrimPlant produced use of Go edition 1.16, Graphiron depends on variation 1.18, which officially delivered in March 2022. This also implies that Graphiron is a more the latest improvement.

Furthermore, an evaluation of the an infection chains reveals the presence of two levels, a downloader that is accountable for retrieving an encrypted payload that contains the Graphiron malware from a distant server.

With the most up-to-date findings, Nodaria joins yet another Russian state-sponsored group referred to as Gamaredon in extensively singling out Ukraine.

“Whilst Nodaria was somewhat not known prior to the Russian invasion of Ukraine, the group’s large-degree action around the previous yr indicates that it is now a single of the essential gamers in Russia’s ongoing cyber strategies versus Ukraine,” Symantec reported.

Identified this article exciting? Stick to us on Twitter  and LinkedIn to examine far more special articles we put up.


Some parts of this article are sourced from:
thehackernews.com

Previous Post: «Cyber Security News #SOOCon23: Global Cooperation Needed to Enhance Open Source Software Security
Next Post: TD Synnex launches free security self-assessments for VMware partners td synnex launches free security self assessments for vmware partners»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • CISA Unveils Ransomware Notification Initiative
  • WooCommerce Patches Critical Plugin Flaw Affecting Half a Million Sites
  • GitHub Updates Security Protocol For Operations Over SSH
  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
  • Now UK Parliament Bans TikTok from its Network and Devices
  • IRS Phishing Emails Used to Distribute Emotet

Copyright © TheCyberSecurity.News, All Rights Reserved.