Security researchers have discovered new information-stealing malware targeting Ukrainian organizations as the Eastern European country prepares for a new wave of attacks ahead of a predicted new Russian attack.
Dubbed ‘Graphiron’, this information-stealing malware was associated by Symantec with the Russian Nodaria (UAC-0056) group. The group has been active since at least March 2021 and first came to prominence with his devastating WhisperGate attack early in the war.
According to Symantec, similar to previous information-stealing tools the group has used, such as GraphSteel and GrimPlant, Graphiron is written in Go, uses port 443 to communicate with its C&C server, and is deployed via spear-phishing emails. It is highly likely that
Consisting of a downloader and payload, it is designed to steal various data such as system information, credentials, screenshots, files, etc.
The news comes as threat intelligence experts warned today that cyberattacks against Ukraine’s critical infrastructure (CNI) are on the rise ahead of the expected new Russian attack in Donbass. was dropped.
Recorded Future, citing Ukrainian sources, said wiper attacks have so far been a winter feature, reflecting activity seen before the start of the war.
“Russian government-backed cyberthreat actors, along with pro-Russian cybercriminals and hacktivists, continue to target Ukraine’s critical infrastructure, at least in part in an attempt to further discourage Ukraine’s morale to fight. We will almost certainly support this campaign by doing so,” says the new report.
In addition to using hacktivists and cybercriminal groups to attack allies for plausible denial, pro-Russian influence networks such as Telegram Troll Farms and Cyberfront Z are also being used to win information wars. will continue, the report claims.
However, as with Kinetic Warfare, Russia failed to make as much progress in cyber operations as it intended, Recorded Future argued.
This is partly due to Western support, but there are also skills that Ukraine has developed in cyber defense following attacks on critical infrastructure over the past few years, it said.
“In the lead up to Russia’s invasion of Ukraine and in the first months of the war, there have been multiple cyberattacks aligned with Russia’s strategic objectives. It included fraudulent emails targeting institutions, media organizations, e-services used by citizens, and other private organizations, including the US satellite communications company,” the report explains.
“However, as the war lasted longer than Russia originally intended and conventional military forces struggled to maintain a foothold, the large-scale cyberattack launched by Russia significantly undermined Russia’s normal military progress. failed to reinforce to
