• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Ukrainian CERT Discloses New Data-Wiping Campaign

You are here: Home / General Cyber Security News / Ukrainian CERT Discloses New Data-Wiping Campaign
November 14, 2022

Ukrainian cyber-authorities have found a new attack marketing campaign by suspected Russian threat actors that compromises victims’ VPN accounts to accessibility and encrypt networked methods.

The country’s Laptop or computer Crisis Response Crew (CERT) pointed out in a new assertion that the so-termed Somnia ransomware was remaining used by the FRwL (aka Z-Team), also recognized as UAC-0118.

First compromise is reached by tricking victims into downloading “Advanced IP Scanner” program which really includes Vidar malware. CERTU-UA believes this was accomplished by preliminary entry brokers (IABs) functioning for the Russians.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“It need to be noted that the Vidar stealer, amongst other factors, steals Telegram session information, which, in the absence of configured two-factor authentication and a passcode, allows unauthorized access to the victim’s account,” the assertion continued.

“As it turned out, the victim’s Telegram was employed to transfer VPN connection configuration information (together with certificates and authentication details) to end users. Supplied the deficiency of two-factor authentication when creating a VPN relationship, attackers had been ready to acquire an unauthorized relationship to the company network.”

Once within, attackers executed reconnaissance do the job applying the Netscan resource and then launched Cobalt Strike Beacon, exfiltrating data working with the Rclone software. There are also indicators of the risk actors using Anydesk and Ngrok at this phase.

It is unclear how common the campaign was, even though “several” Ukrainian companies are believed to have been impacted given that spring 2022.

Most pointedly, CERT-UA confirmed that the stop target is not to generate earnings from a ransom but to damage victim environments.

“Note that the Somnia malware has also been through adjustments. The first edition of the application applied the symmetric 3DES algorithm. In the next edition, the AES algorithm is executed,” it concluded.

“At the identical time, getting into account the dynamics of the vital and the initialization vector, this variation of Somnia, in accordance to the attackers’ theoretical plan, does not present for the likelihood of knowledge decryption.”


Some components of this posting are sourced from:
www.infosecurity-journal.com

Previous Post: «ransomware gang is selling intel to traders to extort victims Ransomware: Why do businesses still pay up?
Next Post: What is an External Penetration Test? what is an external penetration test?»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month
  • Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion
  • CTEM is the New SOC: Shifting from Monitoring Alerts to Measuring Risk
  • Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware
  • WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network
  • New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes
  • AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar
  • Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
  • Non-Human Identities: How to Address the Expanding Security Risk
  • ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks

Copyright © TheCyberSecurity.News, All Rights Reserved.