Warning: Undefined array key "HTTP_ACCEPT_LANGUAGE" in /home/u596154002/domains/usbusinessreviews.com/public_html/wp-includes/load.php on line 2057

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the rank-math domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u596154002/domains/usbusinessreviews.com/public_html/wp-includes/functions.php on line 6114
Ukraine warns of InvisiMole attacks tied to state-sponsored Russian hackers - Best Business Review Site 2024

Ukraine warns of InvisiMole attacks tied to state-sponsored Russian hackers

[ad_1]

Ukrainian security officials have warned of ongoing attacks by InvisiMole, a hacking group with ties to the Russian advanced persistent threat (APT) group Gamaredon. 

Last week, the Computer Emergency Response Team for Ukraine (CERT-UA) said that the department has been advised of new phishing campaigns taking place against Ukrainian organizations that spread the LoadEdge backdoor. 

According to CERT-UA, phishing emails are being sent that have an attached archive, 501_25_103.zip, together with a shortcut (LNK) file. If opened, an HTML Application file (HTA) downloads and executes VBScript designed to deploy LoadEdge. 

Once the backdoor has formed a link to an InvisiMole command-and-control (C2) server, other malware payloads are deployed and executed including TunnelMole, malware that abuses the DNS protocol to form a tunnel for malicious software distribution, and both RC2FM and RC2CL, which are data collection and surveillance backdoor modules. Persistence is maintained through the Windows registry. 

InvisiMole was first discovered by ESET researchers in 2018. The threat actors have been active since at least 2013 and have been connected to attacks against “high-profile” organizations in Eastern Europe that are involved in military activities and diplomatic missions. 

In 2020, the cybersecurity researchers forged a collaborative link between InvisiMole and Gamaredon/Primitive Bear, the latter of which appears to be involved in initially infiltrating networks before InvisiMole begins its own operation. 

“We discovered InvisiMole’s arsenal is only unleashed after another threat group, Gamaredon, has already infiltrated the network of interest, and possibly gained administrative privileges,” ESET said at the time. “This allows the InvisiMole group to devise creative ways to operate under the radar.”

Palo Alto Networks has also been tracking Gamaredon, and in February, said the APT had attempted to compromise an unnamed “Western government entity” in Ukraine through fake job listings. 

CERT-UA has also begun tracking the activities of Vermin/UAC-0020, a group that has been attempting to break into the systems of Ukrainian state authorities. Vermin has been using the topic of supplies in spear phishing emails as a lure, and if opened by a victim, these emails contain a letter and password-protected archive containing the Spectr malware. 

In 2018, ESET and Palo Alto Networks published research on Vermin, a group that has been active for at least the past four years, although may date back as far as 2015. 

Vermin was targeting Ukrainian government institutions from the outset, with remote access Trojans (RATs) Quasar, Sobaken, and Vermin being the malicious tools of choice. 

While the variants of Quasar and Sobaken were compiled using freely-available open source code, Vermin is called a “custom-made” RAT able to perform activities including data exfiltration, keylogging, audio recording, and credential theft. 

In related news this month, Aqua Security’s Team Nautilus said that public cloud repositories are being used to host resources on both sides of the war, with Ukraine’s call for an “IT Army” of volunteers becoming a catalyst for public tools to launch denial-of-service (DoS) attacks against online Russian services. 

It is not just RATs and surveillance-based malware that Ukrainian organizations are having to contend with. ESET has detected three forms of wiper malware – designed to destroy computer files and resources, rather than to steal information or spy on victims – in as many weeks. 

The latest wiper, dubbed CaddyWiper, has been found “on a few dozen systems in a limited number of organizations,” according to ESET.

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0


[ad_2]

Source link

slot gacor slot gacor togel macau slot hoki bandar togel slot dana slot mahjong link slot link slot777 slot gampang maxwin slot hoki slot mahjong slot maxwin slot mpo slot777 slot toto slot toto situs toto toto slot situs toto situs toto situs toto situs toto slot88 toto slot slot gacor thailand slot bet receh situs toto situs toto slot toto slot situs toto situs toto situs toto situs togel macau toto slot slot demo slot pulsa slot pragmatic situs toto deposit dana 10k surga slot toto slot link situs toto situs toto slot situs toto situs toto slot777 slot gacor situs toto slot slot pulsa 10k toto togel situs toto slot situs toto slot gacor terpercaya slot dana slot gacor pay4d agen sbobet kedai168 kedai168 deposit pulsa situs toto slot pulsa situs toto slot pulsa situs toto situs toto situs toto slot dana toto slot situs toto slot pulsa toto slot situs toto slot pulsa situs toto situs toto situs toto toto slot toto slot slot toto akun pro maxwin situs toto slot gacor maxwin slot gacor maxwin situs toto slot slot depo 10k toto slot toto slot situs toto situs toto toto slot toto slot toto slot toto togel slot toto togel situs toto situs toto toto slot slot gacor slot gacor slot gacor situs toto situs toto cytotec toto slot situs toto situs toto toto slot situs toto situs toto slot gacor maxwin slot gacor maxwin link slot 10k slot gacor maxwin slot gacor slot pulsa situs slot 10k slot 10k toto slot toto slot situs toto situs toto situs toto bandar togel 4d toto slot toto slot situs toto toto slot