Russian Hackers Using Graphiron Malware to Steal Data from Ukraine
Feb 08, 2023
Threat Intelligence / Data Safety
A Russia-linked threat actor has been observed deploying a new information-stealing malware in cyber attacks targeting Ukraine. Dubbed Graphiron by Broadcom-owned Symantec, the malware is the handiwork of an espionage group known as Nodaria , which is tracked by the Computer Emergency Response Team of Ukraine (CERT-UA) as UAC-0056. "The malware is written in Go and is designed to harvest a wide range of information from the infected computer, including system information, credentials, screenshots, and files," the Symantec Threat Hunter Team said in a report shared with The Hacker News. Nodaria was first spotlighted by CERT-UA in January 2022, calling attention to the adversary's use of SaintBot and OutSteel malware in spear-phishing attacks targeting government entities. Also called DEV-0586, TA471, and UNC2589, the hacking crew has been linked to the destructive WhisperGate (aka PAYWIPE ) data wiper attacks targeting Ukrainian entities around the same time.