• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
ukraine war themed files become the lure of choice for

Ukraine War Themed Files Become the Lure of Choice for a Wide Range of Hackers

You are here: Home / General Cyber Security News / Ukraine War Themed Files Become the Lure of Choice for a Wide Range of Hackers
May 4, 2022

A developing number of menace actors are using the ongoing Russo-Ukrainian war as a lure in various phishing and malware campaigns, even as critical infrastructure entities continue to be seriously qualified.

“Governing administration-backed actors from China, Iran, North Korea and Russia, as properly as a variety of unattributed groups, have made use of numerous Ukraine war-connected themes in an exertion to get targets to open destructive e-mails or click destructive hyperlinks,” Google Menace Examination Group’s (TAG) Billy Leonard stated in a report.

“Financially motivated and felony actors are also using existing functions as a implies for concentrating on consumers,” Leonard extra.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Just one notable threat actor is Curious Gorge, which TAG has attributed to China People’s Liberation Army Strategic Aid Force (PLA SSF) and has been noticed putting federal government, military services, logistics and production organizations in Ukraine, Russia and Central Asia.

Attacks aimed at Russia have singled out various governmental entities, these as the Ministry of International Affairs, with added compromises impacting Russian protection contractors and producers as very well as an unnamed logistics enterprise.

The findings stick to disclosures that a China-connected authorities-sponsored menace actor recognised as Mustang Panda (aka Bronze President) may perhaps have been targeting Russian governing administration officials with an updated edition of a distant access trojan identified as PlugX.

Another set of phishing attacks involved APT28 (aka Fancy Bear) hackers concentrating on Ukrainian customers with a .NET malware that’s able of stealing cookies and passwords from Chrome, Edge and Firefox browsers.

Also implicated ended up Russia-primarily based menace groups, which includes Turla (aka Venomous Bear) and COLDRIVER (aka Calisto), as effectively as a Belarusian hacking crew named Ghostwriter in distinctive credential phishing strategies concentrating on defense and cybersecurity organizations in the Baltic region and superior-risk men and women in Ukraine.

Ukraine War Themed Files

Ghostwriter’s hottest attacks directed victims to compromised websites, from wherever the customers were despatched to an attacker-controlled web web page to harvest their qualifications.

In an unrelated phishing marketing campaign targeting entities in Eastern European nations, a earlier unidentified and monetarily determined hacking group has been noticed impersonating a Russian agency to deploy a JavaScript backdoor called DarkWatchman onto contaminated computers.

IBM Security X-Force related the intrusions to a threat cluster it is really monitoring under the moniker Hive0117.

“The campaign masquerades as official communications from the Russian Government’s Federal Bailiffs Service, the Russian-language e-mails are addressed to users in Lithuania, Estonia, and Russia in the Telecommunications, Electronic and Industrial sectors,” the company claimed.

CyberSecurity

The findings come as Microsoft divulged that six diverse Russia-aligned actors launched at the very least 237 cyberattacks from Ukraine from February 23 to April 8, which includes 38 discrete damaging attacks that irrevocably ruined data files in hundreds of devices across dozens of businesses in the country.

The geopolitical tensions and the ensuing army invasion of Ukraine have also fueled an escalation in data wiper attacks meant to cripple mission critical procedures and demolish forensic evidence.

What is much more, the Personal computer Unexpected emergency Response Crew of Ukraine (CERT-UA) unveiled facts of ongoing dispersed denial-of-provider (DDoS) attacks directed from government and information portals by injecting malicious JavaScript (dubbed “BrownFlood”) into the compromised web-sites.

DDoS attacks have been noted beyond Ukraine as very well. Very last week, Romania’s Countrywide Directorate of Cyber ​​Security (DNSC) disclosed that various web-sites belonging to public and private establishments were “focused by attackers who aimed to make these on the web expert services unavailable.”

The attacks, claimed by a pro-Russian collective identified as Killnet, arrive in response to Romania’s final decision to support Ukraine in the military services conflict with Russia.

Identified this write-up exciting? Adhere to THN on Fb, Twitter  and LinkedIn to go through additional exceptional information we article.


Some parts of this report are sourced from:
thehackernews.com

Previous Post: «dell technologies world 2022: dell unveils fastest storage architecture in Dell Technologies World 2022: Dell unveils fastest storage architecture in company history
Next Post: State-Backed Chinese Hackers Target Russia Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub
  • Blind Eagle Hacking Group Targets South America With New Tools
  • US Family Planning Non-Profit MFHS Confirms Ransomware Attack
  • Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS
  • Dridex Malware Now Attacking macOS Systems with Novel Infection Method
  • Cyber attacks on UK organisations surged 77% in 2022, new research finds
  • WhatsApp to combat internet blackouts with proxy server support
  • The IT Pro Podcast: Going passwordless
  • Podcast transcript: Going passwordless
  • UK Schools Hit by Mass Leak of Confidential Data

Copyright © TheCyberSecurity.News, All Rights Reserved.