The US Cybersecurity and Infrastructure Security Agency (CISA) is urging organizations and individuals to step up cyber vigilance as Russia’s military invasion of Ukraine officially hits the one-year mark.
“CISA has announced that on February 24, 2023, the anniversary of Russia’s invasion of Ukraine in 2022, the United States and European countries will launch destructive attacks on websites to sow chaos and social discord. We assess that we may experience deceptive attacks,” the agency said.
To that end, CISA recommends that organizations implement cybersecurity best practices, strengthen their preparedness, and take proactive steps to reduce the likelihood and impact of distributed denial of service (DDoS) attacks. I’m here.
The advisory states that Ukraine’s Computer Emergency Response Team (CERT-UA) has revealed that Russian nation-state hackers infiltrated government websites and installed backdoors dating back to December 2021. received and announced.
CERT-UA attributed this activity to the attackers we track as UAC-0056. It is also known by the names DEV-0586, Ember Bear, Nodaria, TA471, and his UNC2589.
Attacks have included the use of web shells as well as a number of custom backdoors such as CredPump, HoaxApe and HoaxPen, which have been weaponized in a group of tools such as WhisperGate, SaintBot, OutSteel, GraphSteel, GrimPlant and most recently Graphiron. It will be added.
In a related advisory, the agency also uncovered a phishing campaign involving RAR archives leading to the deployment of Remos remote control and surveillance software. This is associated with the attacker known as UAC-0050 (and UAC-0096).
The findings come after Fortinet reported a 53% increase in destructive wiper attacks from Q3 to Q4 2022. This is largely fueled by Russian government-backed hackers using a type of data-destroying malware unprecedented in Ukraine.
“These new strains are increasingly being picked up by cybercrime groups and used across growing cybercrime as a service (CaaS) networks,” said the security vendor.
“Cybercriminals are now developing their own wiper malware, which is readily used across CaaS organizations. Any organization can be targeted, not just the one that puts it in.”
