#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Ukraine Hackers | Breaking Cybersecurity News | The Hacker News

Ukraine's CERT Thwarts APT28's Cyberattack on Critical Energy Infrastructure

Ukraine's CERT Thwarts APT28's Cyberattack on Critical Energy Infrastructure

Sep 06, 2023 Cyber Attack / Critical Infrastructure
The Computer Emergency Response Team of Ukraine (CERT-UA) on Tuesday said it thwarted a cyber attack against an unnamed critical energy infrastructure facility in the country. The intrusion, per the agency, started with a phishing email containing a link to a malicious ZIP archive that activates the infection chain. "Visiting the link will download a ZIP archive containing three JPG images (decoys) and a BAT file 'weblinks.cmd' to the victim's computer," CERT-UA  said , attributing it to the Russian threat actor known as  APT28  (aka BlueDelta, Fancy Bear, Forest Blizzard, or FROZENLAKE). "When a CMD file is run, several decoy web pages will be opened, .bat and .vbs files will be created, and a VBS file will be launched, which in turn will execute the BAT file." The next phase of the attack involves running the "whoami" command on the compromised host and exfiltrating the information, alongside downloading the TOR hidden service to route malicious traffic. Persistence is achieve
CERT-UA Warns of SmokeLoader and RoarBAT Malware Attacks Against Ukraine

CERT-UA Warns of SmokeLoader and RoarBAT Malware Attacks Against Ukraine

May 08, 2023 Cyber Attack / Data Safety
An ongoing phishing campaign with invoice-themed lures is being used to distribute the SmokeLoader malware in the form of a polyglot file, according to the Computer Emergency Response Team of Ukraine (CERT-UA). The emails, per the  agency , are sent using compromised accounts and come with a ZIP archive that, in reality, is a  polyglot file  containing a decoy document and a JavaScript file. The JavaScript code is then used to launch an executable that paves for the execution of the  SmokeLoader malware . SmokeLoader, first detected in 2011, is a  loader  whose main objective is to download or load a stealthier or more effective malware onto infected systems. CERT-UA attributed the activity to a threat actor it calls UAC-0006 and characterized it as a financially motivated operation carried out with the goal of stealing credentials and making unauthorized fund transfers. In a related advisory, Ukraine's cybersecurity authority also revealed details of destructive attacks orch
Cybersecurity Tactics FinServ Institutions Can Bank On in 2024

Cybersecurity Tactics FinServ Institutions Can Bank On in 2024

Feb 14, 2024Financial Security / Cyber Threats
The landscape of cybersecurity in financial services is undergoing a rapid transformation. Cybercriminals are exploiting advanced technologies and methodologies, making traditional security measures obsolete. The challenges are compounded for community banks that must safeguard sensitive financial data against the same level of sophisticated threats as larger institutions, but often with more limited resources. The FinServ Threat Landscape Recent trends show an alarming increase in sophisticated cyber-attacks. Cybercriminals now deploy advanced techniques like deep fake technology and AI-powered attacks, making it increasingly difficult for banks to differentiate between legitimate and malicious activities. These developments necessitate a shift towards more sophisticated and adaptive cybersecurity measures. Take these industry statistics, for example. Financial firms report 703 cyberattack attempts per week.1 On average, 270 attacks (entailing unauthorized access of data, appl
Google TAG Warns of Russian Hackers Conducting Phishing Attacks in Ukraine

Google TAG Warns of Russian Hackers Conducting Phishing Attacks in Ukraine

Apr 19, 2023 Cyber War / Cyber Attack
Elite hackers associated with  Russia's military intelligence service  have been linked to large-volume phishing campaigns aimed at hundreds of users in Ukraine to extract intelligence and influence public discourse related to the war. Google's Threat Analysis Group (TAG), which is  monitoring  the activities of the actor under the name  FROZENLAKE , said the  attacks   continue  the "group's 2022 focus on targeting webmail users in Eastern Europe." The state-sponsored cyber actor, also tracked as APT28, Fancy Bear, Forest Blizzard, Iron Twilight, Sednit, and Sofacy, is both highly prolific and proficient. It has been active since at least 2009, targeting media, governments, and military entities for espionage. The latest intrusion set, starting in early February 2023, involved the use of reflected cross-site scripting ( XSS ) attacks on various Ukrainian government websites to redirect users to phishing domains and capture their credentials. The disclosure
cyber security

The Critical State of AI in the Cloud

websiteWiz.ioArtificial Intelligence / Cloud Security
Wiz Research reveals the explosive growth of AI adoption and what 150,000+ cloud accounts revealed about the AI surge.
Cyber Police of Ukraine Busted Phishing Gang Responsible for $4.33 Million Scam

Cyber Police of Ukraine Busted Phishing Gang Responsible for $4.33 Million Scam

Mar 31, 2023 Cyber Crime / Hacking News
The Cyber Police of Ukraine, in collaboration with law enforcement officials from Czechia, has arrested several members of a cybercriminal gang that set up phishing sites to target European users. Two of the apprehended affiliates are believed to be organizers, with 10 others detained in other territories across the European Union. The suspects are alleged to have created more than 100 phishing portals aimed at users in France, Spain, Poland, Czechia, Portugal, and other nations in the region. These websites masqueraded as online portals offering heavily discounted products below market prices to lure unsuspecting users into placing fake "orders." In reality, the financial information entered on those websites to complete the payments were used to siphon money from the victims' accounts. "For the fraudulent scheme, the participants also created two call centers, in Vinnytsia and in Lviv, and involved operators in their work," the Cyber Police  said . &quo
Trojanized Windows 10 Installer Used in Cyberattacks Against Ukrainian Government Entities

Trojanized Windows 10 Installer Used in Cyberattacks Against Ukrainian Government Entities

Dec 16, 2022 Cyber Espionage / Supply Chain Attack
Government entities in Ukraine have been breached as part of a new campaign that leveraged trojanized versions of Windows 10 installer files to conduct post-exploitation activities. Mandiant, which discovered the "socially engineered supply chain" attack around mid-July 2022, said the malicious ISO files were distributed via Ukrainian- and Russian-language Torrent websites. It's tracking the threat cluster as  UNC4166 . "Upon installation of the compromised software, the malware gathers information on the compromised system and exfiltrates it," the cybersecurity company  said  in a technical deep dive published Thursday. Although the adversarial collective's provenance is unknown, the intrusions are said to have targeted organizations that were previously victims of disruptive wiper attacks attributed to  APT28 , a  Russian state-sponsored actor . The ISO file, per the Google-owned threat intelligence firm, was designed to disable the transmission of te
Russian Sandworm Hackers Impersonate Ukrainian Telecoms to Distribute Malware

Russian Sandworm Hackers Impersonate Ukrainian Telecoms to Distribute Malware

Sep 20, 2022
A threat cluster linked to the Russian nation-state actor tracked as Sandworm has continued its targeting of Ukraine with commodity malware by masquerading as telecom providers, new findings show. Recorded Future said it discovered new infrastructure belonging to UAC-0113 that mimics operators like Datagroup and EuroTransTelecom to deliver payloads such as  Colibri loader  and  Warzone RAT . The attacks are said to be an expansion of the  same campaign  that previously distributed  DCRat  (or DarkCrystal RAT) using phishing emails with legal aid-themed lures against providers of telecommunications in Ukraine. Sandworm is a  destructive Russian threat group  that's best known for carrying out attacks such as the 2015 and 2016 targeting of Ukrainian electrical grid and 2017's NotPetya attacks. It's confirmed to be Unit 74455 of Russia's GRU military intelligence agency. The adversarial collective, also known as Voodoo Bear, sought to damage high-voltage electrical s
Russian Hackers Tricked Ukrainians with Fake "DoS Android Apps to Target Russia"

Russian Hackers Tricked Ukrainians with Fake "DoS Android Apps to Target Russia"

Jul 20, 2022
Russian threat actors capitalized on the  ongoing conflict  against Ukraine to distribute Android malware camouflaged as an app for pro-Ukrainian hacktivists to launch distributed denial-of-service (DDoS) attacks against Russian sites. Google Threat Analysis Group (TAG) attributed the malware to Turla, an advanced persistent threat also known as Krypton, Venomous Bear, Waterbug, and Uroburos, and linked to Russia's Federal Security Service (FSB). "This is the first known instance of Turla distributing Android-related malware," TAG researcher Billy Leonard  said . "The apps were not distributed through the Google Play Store, but hosted on a domain controlled by the actor and disseminated via links on third party messaging services." It's worth noting that the  onslaught  of  cyberattacks  in the immediate aftermath of Russia's unprovoked invasion of Ukraine prompted the latter to  form an IT Army  to stage counter-DDoS attacks against Russian website
Cybersecurity Resources