Tag Archive for: Ukrainian

Ukrainian Telcos Targeted by Suspected Sandworm Hackers

/in


Cyberwarfare / Nation-State Attacks
,
Fraud Management & Cybercrime

Attackers’ MO: Data Exfiltration, Followed by Network and Hardware Disruption

Mathew J. Schwartz (euroinfosec) •
October 17, 2023    

Ukrainian Telcos Targeted by Suspected Sandworm Hackers
Communication gear on the TV tower of Central Television of Ukraine in Kyiv, Ukraine, in a photo from 2014 (Image: Shutterstock)

Russian hackers are targeting Ukrainian government agencies and critical infrastructure with a barrage of “destructive” malware designed to wipe or destroy IT systems, Kyiv cyber defenders said.

See Also: Challenges and Solutions in MSSP-Driven Governance, Risk, and Compliance for Growing Organizations

Between May and September, at least 11 Ukrainian telecommunications firms detected hacks that, in some cases, disrupted service, Ukraine’s Computer Emergency Response Team, CERT-UA, reported Monday.

Ukraine gave the codename UAC-0165 to the threat actor behind the attacks and said it has moderate confidence that the attacks are being perpetrated by the Sandworm hacking team, which has pummeled Ukraine with cyberattacks for more than half a decade. Western intelligence says that Sandworm – aka Seashell Blizzard, TeleBots and Voodoo Bear – is run by Russia’s GRU military intelligence agency.


In January, Ukraine’s top information protection agency warned that Russia continues to use data stealers and wiper malware for destruction and cyberespionage as it continues its war of aggression. The State Service of Special Communications and Information Protection of Ukraine reported that the sectors being most targeted are energy, security and defense, telecommunications, technology and development, finance, and logistics.


The SSSCIP recently said Moscow appeared to be stepping up its destructive attacks, especially against the energy sector,…

Source…

Russian State-Backed ‘Infamous Chisel’ Android Malware Targets Ukrainian Military

/in


Russian Hackers

Cybersecurity and intelligence agencies from Australia, Canada, New Zealand, the U.K., and the U.S. on Thursday disclosed details of a mobile malware strain targeting Android devices used by the Ukrainian military.

The malicious software, dubbed Infamous Chisel and attributed to a Russian state-sponsored actor called Sandworm, has capabilities to “enable unauthorized access to compromised devices, scan files, monitor traffic, and periodically steal sensitive information.”

Some aspects of the malware were uncovered by the Security Service of Ukraine (SBU) earlier in August, highlighting unsuccessful attempts on part of adversaries to penetrate Ukrainian military networks and gather valuable intelligence.

Sandworm, also known by the names FROZENBARENTS, Iron Viking, Seashell Blizzard, and Voodoo Bear, refers to the Russian Main Intelligence Directorate’s (GRU) Main Centre for Special Technologies (GTsST).

Active since at least 2014, the hacking crew is best known for its string of disruptive and destructive cyber campaigns using malware such as Industroyer, BlackEnergy, and NotPetya.

In July 2023, Google-owned Mandiant said that the malicious cyber operations of GRU adhere to a playbook that offers tactical and strategic benefits, enabling the threat actors to adapt swiftly to a “fast-paced and highly contested operating environment” and at the same time maximize the speed, scale, and intensity without getting detected.

Cybersecurity

Infamous Chisel is described as a collection of multiple components that’s designed with the intent to enable remote access and exfiltrate information from Android phones.

Besides scanning the devices for information and files matching a predefined set of file extensions, the malware also contains functionality to periodically scan the local network and offer SSH access.

“Infamous Chisel also provides remote access by configuring and executing TOR with a hidden service which forwards to a modified Dropbear binary providing a SSH connection,” the Five Eyes (FVEY) intelligence alliance said.

A brief description of each of the modules is as follows –

  • netd – Collate and exfiltrate information from the compromised device at set intervals, including from app-specific…

Source…

Inside Russia’s attempts to hack Ukrainian military operations : NPR

/in


In this photo illustration, the 502 Bad Gateway message is seen on Ministry of Defence of Ukraine official webpage displayed on a smartphone screen and flag of Ukraine in the background.

SOPA Images/LightRocket via Getty Images


hide caption

toggle caption

SOPA Images/LightRocket via Getty Images

In this photo illustration, the 502 Bad Gateway message is seen on Ministry of Defence of Ukraine official webpage displayed on a smartphone screen and flag of Ukraine in the background.

SOPA Images/LightRocket via Getty Images

KYIV, Ukraine — Ukrainian intelligence officials have revealed details to NPR about an attempt by Russian state hackers to penetrate Ukrainian military planning operations systems.

The hackers from Russian military intelligence captured Android tablet devices used by Ukrainian officers on the front lines in an attempt to spy, according to a report published by the Security Service of Ukraine’s Cyber Security Situation Center.

“We saw that there were attempts to penetrate these systems,” said Illia Vitiuk, the head of the Cybersecurity Department of Ukraine’s Security Services, also known as the SBU. Vitiuk spoke to NPR in an exclusive interview in Kyiv on Wednesday.

“Our enemy is extremely focused on getting insight into these systems,” he continued.

The Ukrainian military uses multiple tools for situational awareness to track Russian troop positions and gather other intelligence from the land, air and sea. Those include Delta, a military platform developed by the Defense Technology Innovation and Development Center within Ukraine’s Ministry of Defense, and Kropvya, a defense mapping software made by Ukrainian NGO Army SOS. Developers working on these systems in Kyiv are becoming increasingly aware of Russia’s focus on them, and are declining to openly discuss the platforms and how they work to…

Source…

Ukrainian Forces Shutter Bot Farms and Illicit VPN Provider

/in


Cybercrime
,
Fraud Management & Cybercrime

Arrests Made and Computer Equipment Seized

Mihir Bagwe (MihirBagwe) •
May 5, 2023    

Ukrainian Forces Shutter Bot Farms and Illicit VPN Provider
[7:17 PM] David Perera Security Service of Ukraine officials conduct a raid on botnet operators. (Image: Security Service of Ukraine) like 1

Ukrainian law enforcement dismantled more than half a dozen bot farms and a virtual private network infrastructure spreading disinformation and fake Russian propaganda.

See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources

The cyber specialists of the Security Service of Ukraine and the National Police seized thousands of SIM cards, bank cards, GSM gateways and other specialized equipment used to support a network of 5,000 anonymous social media accounts on Facebook, Instagram and Twitter. The accounts had almost 200,000 users. Police did not disclose the exact number of arrests, which took place in nine separate regions of Ukraine.

This takedown is the latest in a string of raids on botnet operators, including the December 2022 dismantling of more than a dozen bot farms, the September 2022 takedown of two bot farms and the August 2022 dismantling of a group that operated more than 1 million bots.

The SBU on Monday also seized operations of an illicit VPN the agency said had been used by Russians to conduct disinformation operations.

The police arrested two persons from Poltava and one from the Kharkiv region of Ukraine in association with the illegal activity.

Source…