Russian hackers continue to target Ukraine's cyberspace

Russian hackers continue to target Ukraine's cyberspace

Short News:- 

Gamaredon (also known as Shuckworm or Armageddon) is a cyber-espionage group that has been active since 2013. Ukraine's intelligence agencies labeled it as the work of the Russian Federal Security Service. Gamaredon attacks are often sent out to trick recipients into downloading a remote access trojan.

Detailed News:- 

On Monday, cybersecurity researchers said they had discovered evidence that a hacking operation linked to Russia was planning to target a Ukrainian entity in July 2021.

Symantec, which is owned by Broadcom, released a new report Monday identifying the attacker as Gamaredon (also known as Shuckworm or Armageddon), a cyber-espionage group that has been active since 2013.

As of November 2021, Ukraine's intelligence agencies labeled it as the work of the Russian Federal Security Service (FSB) and accused it of launching more than 5,000 cyberattacks on public institutions and critical infrastructure.

As part of Gamaredon attacks, phishing emails are often sent out to trick recipients into downloading a remote access trojan called Pterodo. Between July 14th, 2021, and August 18th, 2021, the actor installed multiple backdoor variants as well as additional scripts and tools, according to Symantec.

It all started with an infected computer's user opening a malicious document, most likely sent via a phishing email, according to the experts. Neither the name of the affected company nor its location was revealed.

The adversary used the implant at the end of July to download and run an executable file that served as a dropper for a VNC client before connecting to a remote command-and-control server under their control.

An investigation by the researchers found that this VNC client was the ultimate payload for this attack; it was followed by accessing a variety of documents, including job descriptions and sensitive company information, from the compromised machine.

Ukraine Says Wiper Attacks Are Part of a False Flag Operation

As a result of a rash of disruptive and destructive attacks on Ukrainian targets by alleged Russian state-sponsored actors, a file wiper is known as WhisperGate was deployed, and multiple government websites were defaced at the same time.

WhiteBlackCrypt ransomware, a fake ransomware campaign targeting Russian victims in March 2021, was repurposed into the wiper's codebase, according to a subsequent investigation.

Ransomware includes a Ukrainian coat of arms symbol in the ransom note it displays to its victims. This has led Ukraine to suspect this may have been a false flag operation intentionally intended for the blame of a "false" pro-Ukrainian group for staging an attack against their own government.