Ukraine records increase in financially motivated attacks by Russian hackers

/in


Ukraine’s government is reporting an increase in financially motivated cyberattacks conducted by previously unidentified hackers associated with Russia. 

According to a recent report, these groups have grown more active in Ukrainian networks in the latter half of 2023, causing a shift in the ongoing cyberwar previously dominated by well-known Kremlin-supported hacker groups like Sandworm and Armageddon.

“The emergence of new actors suggests a deliberate strategy by Russia to diversify its cyberwarfare arsenal,” said Yevheniia Volivnyk, chief of Ukraine’s computer emergency response team (CERT-UA). “These groups may possess unique skill sets or specialize in specific operational objectives.”

The operations’ origins and participants are still unclear, according to Volivnyk, but previous experience and victimology suggest that they are also affiliated with the Russian “military machine” or are informally funded and coordinated by the Russian state command center.

Ukrainian cyber researchers said that these new groups distinguished themselves by using well-thought-out phishing attacks. The main goal is to distribute malicious remote-access software, such as RemcosRAT and RemoteUtilities, or data theft programs, including LummaStealer and MeduzaStealer.

During the period that CERT-UA analyzed, nearly 40 percent of reported incidents were related to financial theft. 

For example, from August to September, the group tracked as UAC-0006 attempted to steal tens of millions of hryvnias ($1 = about 40 Ukrainian hryvnias) from Ukrainian financial institutions and government organizations. This threat actor, mostly known for using Smokeloader malware in its attacks, is responsible for nearly 200 incidents targeting Ukraine in the second half of 2023, according to CERT-UA.

Better targeting 

The CERT-UA report covers all Russia-linked cyber activity for the second half of 2023. Overall, the number of incidents against Ukraine has been growing steadily over the past two years, and hackers are getting better at targeting, according to the agency.

They exploit the latest vulnerabilities and align their attacks with trending events and news to “increase the attention…

Source…