#1 Trusted Cybersecurity News Platform Followed by 3.45+ million
The Hacker News Logo
Subscribe to Newsletter

Ukraine Hackers | Breaking Cybersecurity News | The Hacker News

Trojanized Windows 10 Installer Used in Cyberattacks Against Ukrainian Government Entities

Trojanized Windows 10 Installer Used in Cyberattacks Against Ukrainian Government Entities

Dec 16, 2022 Cyber Espionage / Supply Chain Attack
Government entities in Ukraine have been breached as part of a new campaign that leveraged trojanized versions of Windows 10 installer files to conduct post-exploitation activities. Mandiant, which discovered the "socially engineered supply chain" attack around mid-July 2022, said the malicious ISO files were distributed via Ukrainian- and Russian-language Torrent websites. It's tracking the threat cluster as  UNC4166 . "Upon installation of the compromised software, the malware gathers information on the compromised system and exfiltrates it," the cybersecurity company  said  in a technical deep dive published Thursday. Although the adversarial collective's provenance is unknown, the intrusions are said to have targeted organizations that were previously victims of disruptive wiper attacks attributed to  APT28 , a  Russian state-sponsored actor . The ISO file, per the Google-owned threat intelligence firm, was designed to disable the transmission of te
Russian Sandworm Hackers Impersonate Ukrainian Telecoms to Distribute Malware

Russian Sandworm Hackers Impersonate Ukrainian Telecoms to Distribute Malware

Sep 20, 2022
A threat cluster linked to the Russian nation-state actor tracked as Sandworm has continued its targeting of Ukraine with commodity malware by masquerading as telecom providers, new findings show. Recorded Future said it discovered new infrastructure belonging to UAC-0113 that mimics operators like Datagroup and EuroTransTelecom to deliver payloads such as  Colibri loader  and  Warzone RAT . The attacks are said to be an expansion of the  same campaign  that previously distributed  DCRat  (or DarkCrystal RAT) using phishing emails with legal aid-themed lures against providers of telecommunications in Ukraine. Sandworm is a  destructive Russian threat group  that's best known for carrying out attacks such as the 2015 and 2016 targeting of Ukrainian electrical grid and 2017's NotPetya attacks. It's confirmed to be Unit 74455 of Russia's GRU military intelligence agency. The adversarial collective, also known as Voodoo Bear, sought to damage high-voltage electrical s
Russian Hackers Tricked Ukrainians with Fake "DoS Android Apps to Target Russia"

Russian Hackers Tricked Ukrainians with Fake "DoS Android Apps to Target Russia"

Jul 20, 2022
Russian threat actors capitalized on the  ongoing conflict  against Ukraine to distribute Android malware camouflaged as an app for pro-Ukrainian hacktivists to launch distributed denial-of-service (DDoS) attacks against Russian sites. Google Threat Analysis Group (TAG) attributed the malware to Turla, an advanced persistent threat also known as Krypton, Venomous Bear, Waterbug, and Uroburos, and linked to Russia's Federal Security Service (FSB). "This is the first known instance of Turla distributing Android-related malware," TAG researcher Billy Leonard  said . "The apps were not distributed through the Google Play Store, but hosted on a domain controlled by the actor and disseminated via links on third party messaging services." It's worth noting that the  onslaught  of  cyberattacks  in the immediate aftermath of Russia's unprovoked invasion of Ukraine prompted the latter to  form an IT Army  to stage counter-DDoS attacks against Russian website
More Resources