Ethical Hacking News Hubb
Advertisement Banner
  • Home
  • News
  • Ethical Hackers
  • Contact
No Result
View All Result
  • Home
  • News
  • Ethical Hackers
  • Contact
No Result
View All Result
Wellnessnewshubb
No Result
View All Result
Home Ethical Hackers

Russian Sandworm Hackers Impersonate Ukrainian Telecoms to Distribute Malware

admin by admin
September 20, 2022
in Ethical Hackers


A threat cluster linked to the Russian nation-state actor tracked as Sandworm has continued its targeting of Ukraine with commodity malware by masquerading as telecom providers, new findings show.

Recorded Future said it discovered new infrastructure belonging to UAC-0113 that mimics operators like Datagroup and EuroTransTelecom to deliver payloads such as Colibri loader and Warzone RAT.

The attacks are said to be an expansion of the same campaign that previously distributed DCRat (or DarkCrystal RAT) using phishing emails with legal aid-themed lures against providers of telecommunications in Ukraine.

CyberSecurity

Sandworm is a destructive Russian threat group that’s best known for carrying out attacks such as the 2015 and 2016 targeting of Ukrainian electrical grid and 2017’s NotPetya attacks. It’s confirmed to be Unit 74455 of Russia’s GRU military intelligence agency.

The adversarial collective, also known as Voodoo Bear, sought to damage high-voltage electrical substations, computers and networking equipment for the third time in Ukraine earlier this April through a new variant of a piece of malware known as Industroyer.

Ukrainian Telecoms

Russia’s invasion of Ukraine has also had the group unleash numerous other attacks, including leveraging the Follina vulnerability (CVE-2022-30190) in the Microsoft Windows Support Diagnostic Tool (MSDT) to breach media entities in the Eastern European nation.

In addition, it was uncovered as the mastermind behind a new modular botnet called Cyclops Blink that enslaved internet-connected firewall devices and routers from WatchGuard and ASUS.

The U.S. government, for its part, has announced up to $10 million in rewards for information on six hackers associated with the APT group for participating in malicious cyber activities against critical infrastructure in the country.

Russian Sandworm Hackers

“A transition from DarkCrystal RAT to Colibri Loader and Warzone RAT demonstrates UAC-0113’s broadening but continuing use of publicly available commodity malware,” Recorded Future said.

The attacks entail the fraudulent domains hosting a web page purportedly about “Odesa Regional Military Administration,” while an encoded ISO image payload is stealthily deployed via a technique referred to as HTML smuggling.

CyberSecurity

HTML smuggling, as the name goes, is an evasive malware delivery technique that leverages legitimate HTML and JavaScript features to distribute malware and get around conventional security controls.

Recorded Future also said it identified points of similarities with another HTML dropper attachment put to use by the APT29 threat actor in a campaign aimed at Western diplomatic missions between May and June 2022.

Embedded within the ISO file, which was created on August 5, 2022, are three files, including an LNK file that tricks the victim into activating the infection sequence, resulting in the deployment of both Colibri loader and Warzone RAT to the target machine.

The execution of the LNK file also launches an innocuous decoy document – an application for Ukrainian citizens to request for monetary compensation and fuel discounts – in an attempt to conceal the malicious operations.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

REST API Fuzzer And Negative Testing Tool For OpenAPI Endpoints

Next Post

Bespaar 62% vandaag September 2022

Next Post

Bespaar 62% vandaag September 2022

Recommended

New RansomExx Ransomware Variant Rewritten in the Rust Programming Language

2 months ago

Why is Monitoring Your Application Important?

5 months ago

© 2022 Ethical Hacking News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Ethical Hackers
  • Contact

Newsletter Sign Up.

No Result
View All Result
  • Home
  • News
  • Ethical Hackers
  • Contact

© 2022 Ethical Hacking News Hubb All rights reserved.