Home Science & Technology Files about the war in Ukraine are becoming a lure for a...

Files about the war in Ukraine are becoming a lure for a wide range of hackers


A the number of threat subjects is growing use the Russian-Ukrainian war as bait for various phishing and malware companies, even if critical infrastructure continues to be targeted.

“Government officials from China, Iran, North Korea and Russia, as well as various undescribed groups, have used various topics related to the war in Ukraine to force targets to open malicious emails or click on malicious links,” writes Google Threat Analysis Group. (TAG) Billy Leonard said in the report.

“Financially motivated and criminal entities also use current events as a means of targeting users,” Leonard added.

One notable threat is the Curious Gorge, which the TAG attributed to the People’s Liberation Army’s Strategic Support Forces (PLA SSF) and has been seen striking at government, military, logistics and manufacturing organizations in Ukraine, Russia and Central Asia.

Attacks on Russia have highlighted several government agencies, such as the Foreign Ministry, with additional trade-offs affecting Russian defense contractors and manufacturers, as well as an unnamed logistics company.

The findings follow from the disclosure of information that a government-related threat actor known as the Mustang Panda (aka the Bronze President) could be aimed at Russian government officials with an updated version of the remote access Trojan called PlugX.

Another series of phishing attacks included hackers APT28 (aka Fancy Bear), who targeted Ukrainian users with .NET malware, which is capable of stealing cookies and passwords from Chrome, Edge and Firefox.

Also involved were Russian threat groups, including Turla (aka Poison Bear) and COLDRIVER (aka Calisto), as well as a Belarusian group of hackers called Ghostwriter in various credential phishing campaigns aimed at defense and cybersecurity organizations in the Baltic region and high-risk individuals in Ukraine.

Files on the war in Ukraine

Recent Ghostwriter attacks have directed victims to hacked websites, from where users have been sent to an attacker-controlled web page to retrieve their credentials.

A previously unknown and financially motivated hacker group posing as a Russian JavaScript backdoor deployment agency called a phishing campaign not affiliated with organizations in Eastern Europe. The Dark Watchman on infected computers.

IBM Security X-Force has connected the invasion to a cluster of threats, which it tracks under the nickname Hive0117.

“The company is disguised as official messages from the Federal Bailiffs Service under the Russian government, Russian-language emails are addressed to users in Lithuania, Estonia and Russia in the telecommunications, electronic and industrial sectors,” the company said in a statement. said.


The conclusions come as Microsoft promulgated that six different entities with the Russian side from February 23 to April 8 committed at least 237 cyberattacks against Ukraine, including 38 individual destructive attacks that irreversibly destroyed files in hundreds of systems in dozens of organizations in the country.

Geopolitical tensions and the subsequent military invasion of Ukraine also fueled escalation of data deletion attacks intended to maim critical processes and destroy forensic evidence.

Moreover, the Computer Emergency Response Unit of Ukraine (CERT-UA) revealed details of current distributed denial of service (DDoS) attacks against government and news portals by introducing malicious JavaScript (called “BrownFlood”) on hacked sites.

DDoS attacks have also been reported outside of Ukraine. Romania’s National Cybersecurity Authority (DNSC) last week disclosed that several websites owned by public and private institutions were “targeted by attackers who aimed to make these Internet services inaccessible.”

The attacks, responded to by a pro-Russian group called Killnet, came in response to Romania’s decision to support Ukraine in a military conflict with Russia.

Previous articleIn mice, the epigenetic cause of miscarriage was identified and cured. – Researcher
Next articleAnnual Heritage Truck Association Australia Truck Show