Ukrainian Hackers | Breaking Cybersecurity News | The Hacker News

A new data wiper malware has been observed deployed against an unnamed Ukrainian government network, a day after destructive cyber attacks struck multiple entities in the country preceding the start of Russia's military invasion. Slovak cybersecurity firm ESET dubbed the new malware " IsaacWiper ," which it said was detected on February 24 in an organization that was not affected by  HermeticWiper  (aka FoxBlade), another data wiping malware that targeted several organizations on February 23 as part of a sabotage operation aimed at rendering the machines unusable. Further analysis of the HermeticWiper attacks, which infected at least five Ukrainian organizations, have revealed a worm constituent that propagates the malware across the compromised network and a ransomware module that acts as a "distraction from the wiper attacks," corroborating a  prior report  from Symantec. "These destructive attacks leveraged at least three components: HermeticWiper f

UPDATE: It's worth noting that the malware Microsoft tracks as FoxBlade is the same as the data wiper that's been denominated HermeticWiper (aka KillDisk) . Microsoft on Monday disclosed that it detected a new round of offensive and destructive cyberattacks directed against Ukraine's digital infrastructure hours before Russia launched its first missile strikes last week. The intrusions involved the use of a never-before-seen malware package dubbed FoxBlade , according to the tech giant's Threat Intelligence Center (MSTIC), noting that it added new signatures to its Defender anti-malware service to detect the exploit within three hours of the discovery. "These recent and ongoing cyberattacks have been precisely targeted, and we have not seen the use of the indiscriminate malware technology that spread across Ukraine's economy and beyond its borders in the  2017 NotPetya attack ," Microsoft's President and Vice Chair, Brad Smith,  said . Additio

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.

The Russian government on Thursday warned of cyber attacks aimed at domestic critical infrastructure operators, as the country's full-blown invasion of Ukraine enters the second day. In addition to cautioning of the "threat of an increase in the intensity of computer attacks," Russia's National Computer Incident Response and Coordination Center  said  that the "attacks can be aimed at disrupting the functioning of important information resources and services, causing reputational damage, including for political purposes." "Any failure in the operation of [critical information infrastructure] objects due to a reason that is not reliably established, first of all, should be considered as the result of a computer attack," the agency added. Furthermore, it notified of possible influence operations undertaken to "form a negative image of the Russian Federation in the eyes of the world community," echoing a  similar alert  released by the U

Cybersecurity researchers on Monday said they uncovered evidence of attempted attacks by a Russia-linked hacking operation targeting a Ukrainian entity in July 2021. Broadcom-owned Symantec, in a new report published Monday, attributed the attacks to an actor tracked as Gamaredon (aka Shuckworm or Armageddon), a cyber-espionage collective known to be active since at least 2013. In November 2021, Ukrainian intelligence agencies  branded  the group as a "special project" of Russia's Federal Security Service (FSB), in addition to pointing fingers at it for carrying out over 5,000 cyberattacks against public authorities and critical infrastructure located in the country. Gamaredon attacks typically originate with phishing emails that trick the recipients into installing a custom remote access trojan called Pterodo. Symantec disclosed that, between July 14, 2021 and August 18, 2021, the actor installed several variants of the backdoor as well as deployed additional scripts

No fewer than 70 websites operated by the Ukrainian government went offline on Friday for hours in what appears to be a coordinated cyber attack amid heightened tensions with Russia. "As a result of a massive cyber attack, the websites of the Ministry of Foreign Affairs and a number of other government agencies are temporarily down," Oleg Nikolenko, MFA spokesperson,  tweeted . The Security Service of Ukraine, the country's law-enforcement authority,  alluded  to a possible Russian involvement, pointing fingers at the hacker groups associated with the Russian secret services while branding the intrusions as a supply chain attack that involved hacking the "infrastructure of a commercial company that had access to the rights to administer the web resources affected by the attack." Prior to the update from the SSU, the Ukrainian CERT claimed that the attacks may have exploited a security vulnerability in Laravel-based October CMS ( CVE-2021-32648 ), which cou