Ethical Hacking News Hubb
Advertisement Banner
  • Home
  • News
  • Ethical Hackers
  • Contact
No Result
View All Result
  • Home
  • News
  • Ethical Hackers
  • Contact
No Result
View All Result
Wellnessnewshubb
No Result
View All Result
Home Ethical Hackers

Russian Gamaredon Hackers Target Ukrainian Government Using Info-Stealing Malware

admin by admin
September 15, 2022
in Ethical Hackers


An ongoing espionage campaign operated by the Russia-linked Gamaredon group is targeting employees of Ukrainian government, defense, and law enforcement agencies with a piece of custom-made information stealing malware.

“The adversary is using phishing documents containing lures related to the Russian invasion of Ukraine,” Cisco Talos researchers Asheer Malhotra and Guilherme Venere said in a technical write-up shared with The Hacker News. “LNK files, PowerShell, and VBScript enable initial access, while malicious binaries are deployed in the post-infection phase.”

Active since 2013, Gamaredon – also known as Actinium, Armageddon, Primitive Bear, Shuckworm, and Trident Ursa – has been linked to numerous attacks aimed at Ukrainian entities in the aftermath of Russia’s military invasion of Ukraine in late February 2022.

CyberSecurity

The targeted phishing operation, observed as recently as August 2022, also follows similar intrusions uncovered by Symantec last month involving the use of malware such as Giddome and Pterodo. The primary goal of these attacks is to establish long-term access for espionage and data theft.

It entails leveraging decoy Microsoft Word documents containing lures related to the Russian invasion of Ukraine distributed via email messages to infect targets. When opened, macros concealed within remote templates are executed to retrieve RAR containing LNK files.

Russian Gamaredon Hackers

The LNK files seemingly reference intelligence briefings related to the Russian invasion of Ukraine to trick unsuspecting victims into opening the shortcuts, resulting in the execution of a PowerShell beacon script that ultimately paves the way for next-stage payloads.

This includes another PowerShell script that’s used to provide persistent access to compromised system and deliver additional malware, including a new malware capable of plundering files (.doc, .docx, .xls, .rtf, .odt, .txt, .jpg, .jpeg, .pdf, .ps1, .rar, .zip, .7z, and .mdb) from the machine as well as any removable drive connected to it.

CyberSecurity

“The infostealer is a dual-purpose malware that includes capabilities for exfiltrating specific file types and deploying additional binary and script-based payloads on an infected endpoint,” the researchers said, adding it may be a component of the Giddome backdoor family.

The findings come at a time cyberattacks continue to be an important part of modern hybrid war strategy amidst the conflict between Russia and Ukraine. Earlier this month, Google’s Threat Analysis Group (TAG) disclosed as many as five different campaigns mounted by a group with links to the Conti cybercrime cartel.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

A Easy-To-Use Python Tool To Perform DNS Recon

Next Post

How to watch Canelo Alvarez vs Gennady Golovkin 3 online

Next Post

How to watch Canelo Alvarez vs Gennady Golovkin 3 online

Recommended

How to watch Monarch season 1 online from anywhere

5 months ago

How to watch Jonathan Gonzalez vs Shokichi Iwata online

3 months ago

© 2022 Ethical Hacking News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Ethical Hackers
  • Contact

Newsletter Sign Up.

No Result
View All Result
  • Home
  • News
  • Ethical Hackers
  • Contact

© 2022 Ethical Hacking News Hubb All rights reserved.