Cybersecurity researchers on Monday said they uncovered evidence of attempted attacks by a Russia-linked hacking operation targeting a Ukrainian entity in July 2021.
Broadcom-owned Symantec, in a new report published Monday, attributed the attacks to an actor tracked as Gamaredon (aka Shuckworm or Armageddon), a cyber-espionage collective known to be active since at least 2013.
In November 2021, Ukrainian intelligence agencies branded the group as a "special project" of Russia's Federal Security Service (FSB), in addition to pointing fingers at it for carrying out over 5,000 cyberattacks against public authorities and critical infrastructure located in the country.
Gamaredon attacks typically originate with phishing emails that trick the recipients into installing a custom remote access trojan called Pterodo. Symantec disclosed that, between July 14, 2021 and August 18, 2021, the actor installed several variants of the backdoor as well as deployed additional scripts and tools.
"The attack chain began with a malicious document, likely sent via a phishing email, which was opened by the user of the infected machine," the researchers said. The identity of the affected organization was not disclosed.
Towards the end of July, the adversary leveraged the implant to download and run an executable file that acted as a dropper for a VNC client before establishing connections with a remote command-and-control server under their control.
"This VNC client appears to be the ultimate payload for this attack," the researchers noted, adding the installation was followed by accessing a number of documents ranging from job descriptions to sensitive company information on the compromised machine.
Ukraine Calls Out False Flag Operation in Wiper Attacks
The findings come amidst a wave of disruptive and destructive attacks levied against Ukrainian entities by alleged Russian state-sponsored actors, resulting in the deployment of a file wiper dubbed WhisperGate, around the same time multiple websites belonging to the government were defaced.
Subsequent investigation into the malware has since revealed that the code used in the wiper was re-purposed from a faux ransomware campaign called WhiteBlackCrypt that was aimed at Russian victims in March 2021.
Interestingly, the ransomware is known to include a trident symbol — that is part of Ukraine's coat of arms — in the ransom note it displays to its victims, leading Ukraine to suspect that this may have been a false flag operation deliberately intended to blame a "fake" pro-Ukrainian group for staging an attack on their own government.
Related links
- Hacker Tools Mac
- World No 1 Hacker Software
- Computer Hacker
- Pentest Tools Alternative
- Hacker Tool Kit
- Hack Website Online Tool
- Hack Tools
- Install Pentest Tools Ubuntu
- Tools For Hacker
- Pentest Tools List
- How To Hack
- Best Pentesting Tools 2018
- Pentest Tools Website
- Top Pentest Tools
- Hacker Tools Mac
- Android Hack Tools Github
- Pentest Automation Tools
- Ethical Hacker Tools
- Pentest Tools Online
- Nsa Hacker Tools
- Hack Website Online Tool
- Hacker Tools For Windows
- Hacking Tools For Beginners
- Tools 4 Hack
- Hacker Tools Apk
- Hack Tools For Pc
- Hack Tools For Games
- Pentest Tools Framework
- Pentest Tools Subdomain
- Hacker Tool Kit
- Hacker Tools For Windows
- Hacking Tools Kit
- Nsa Hack Tools
- Pentest Tools Subdomain
- Hack Tools
- Hacking Tools For Games
- Nsa Hacker Tools
- Nsa Hacker Tools
- Hack Tools For Ubuntu
- How To Make Hacking Tools
- Hacker Tools For Windows
- Hacking Tools For Games
- Termux Hacking Tools 2019
- Growth Hacker Tools
- Hack Tools Github
- Pentest Box Tools Download
- Hacking App
- Install Pentest Tools Ubuntu
- Hack Tools Pc
- Hacker Tools 2020
- How To Install Pentest Tools In Ubuntu
- Hacker Tools For Mac
- Pentest Tools Review
- Computer Hacker
- Hacker Tools 2020
- Pentest Tools Kali Linux
- Pentest Tools Free
- Hacker Security Tools
- Hacking Tools For Games
- Hack Website Online Tool
- Hacker
- Easy Hack Tools
- Android Hack Tools Github
- Hacker Search Tools
- Pentest Tools Android
- Hack Tools Download
- Hacker Tools Mac
- Pentest Tools For Ubuntu
- Pentest Tools Framework
- Hacker Search Tools
- Hacking Tools Kit
- Pentest Reporting Tools
- Black Hat Hacker Tools
- Pentest Tools List
- Pentest Tools Windows
- Hacking Tools Usb
- Pentest Tools Kali Linux
- Hack Tool Apk
- Hacker Tools Apk Download
- What Are Hacking Tools
- Hacker Tools Hardware
- Pentest Tools Subdomain
- Best Pentesting Tools 2018
- Pentest Tools Website
- Pentest Tools For Ubuntu
- Hacking Tools For Pc
- Best Hacking Tools 2019
- Hack Tools For Mac
- Hacker Tools For Mac
- Pentest Tools Url Fuzzer
- Nsa Hack Tools Download
- Hack Tools For Ubuntu
- Hacker Tools
- Pentest Tools Apk
- How To Make Hacking Tools
- Hack Tools 2019
- New Hacker Tools
- How To Hack
- Pentest Tools Download
- What Is Hacking Tools
- Pentest Tools Port Scanner
- Top Pentest Tools
- Pentest Tools For Mac
- How To Hack
- Android Hack Tools Github
- Top Pentest Tools
- Hacker Tools 2019
- Hacker
- Hack Tools
- Pentest Tools Find Subdomains
- Hack Tool Apk
- Pentest Tools Port Scanner
- Hacking Tools Name
- Pentest Tools Bluekeep
- Hacker Hardware Tools
- Hacker Hardware Tools
0 comments:
Post a Comment