Russian ‘WhisperGate’ hackers are using new data-stealing malware to target Ukraine • TechCrunch

Security researchers have recently observed the Russian hacking crew behind the devastating Whispergate malware cyberattack targeting Ukrainian entities with new information-stealing malware.

Symantec’s Threat Hunter team believes this campaign is by a Russian-linked cyberthreat actor, commonly known as TA471 (or UAC-0056). The group targets Ukraine but is also active against her NATO member states in North America and Europe. TA471 is linked to WhisperGate, a destructive data erasure malware used in multiple cyberattacks against Ukrainian targets in January 2022. The malware disguises itself as ransomware, but renders the targeted device completely inoperable and files cannot be recovered even if the ransom demand is paid. .

According to Symantec, the Hacking Team’s latest campaign relies on a never-before-seen information-stealing malware called “Graphiron” that targets Ukrainian organizations. Malware was used to steal data from infected machines from October 2022 until at least mid-January 2023. [hackers’] toolkit. “

The information-stealing malware uses filenames designed to spoof legitimate Microsoft Office files and is similar to other TA471 tools such as GraphSteel and GrimPlant. They were previously used as part of a spear-phishing campaign specifically targeting Ukrainian state institutions. However, according to Symantec, Graphiron is designed to exfiltrate much more data, including screenshots and private SSH keys.

Dick O’Brien, Principal Intelligence Analyst for the Symantec Threat Hunter Team, told TechCrunch:

O’Brien said that while little is known about the hacking crew’s origins and tactics, TA471 has become one of the key players in Russia’s ongoing cyber campaign against Ukraine.

TA471’s latest espionage news comes days after the Ukrainian government alerted another Russian government-backed hacking group, dubbed UAC-0010.

Ukraine’s National Cyber ​​Protection Center said, “Despite the repeated use of a set of techniques and procedures, the attackers have slowly but persistently evolved their tactics and reused used malware variants. Developed to go undetected: “Therefore, it continues to be one of the major cyber threats facing our nation’s organizations.”

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *