New ransomware attacks in Ukraine linked to Russian Sandworm hackers

New ransomware attacks targeting organizations in Ukraine first detected this Monday have been linked to the notorious Russian military threat group Sandworm. Slovak software company ESET who first spotted this wave of attacks, says the ransomware they named RansomBoggs has Read More …

Ukraine says Russian hacktivists use new Somnia ransomware

Russian hacktivists have infected multiple organizations in Ukraine with a new ransomware strain called ‘Somnia,’ encrypting their systems and causing operational problems. The Computer Emergency Response Team of Ukraine (CERT-UA) has confirmed the outbreak via an announcement on its portal, Read More …

Hack the Real Box: APT41’s New Subgroup Earth Longzhi

In early 2022, Trend Micro investigated an incident that compromised a company in Taiwan. The malware used in the incident was a simple but custom Cobalt Strike loader. After further investigation, however, we found incidents targeting multiple regions using a Read More …

New Azov data wiper tries to frame researchers and BleepingComputer

A new and destructive ‘Azov Ransomware’ data wiper is being heavily distributed through pirated software, key generators, and adware bundles, trying to frame well-known security researchers by claiming they are behind the attack. The Azov Ransomware falsely claims to have Read More …

Feds accuse Ukrainian of renting out PC-raiding Raccoon malware to fiends

Mark Sokolovsky, 26, a Ukrainian national, is being held in the Netherlands while he awaits extradition to America on cybercrime charges, the US Justice Department said on Tuesday. Sokolovsky, said to have used the online names Photix, Raccoon Stealer, and Read More …

New “Prestige” ransomware impacts organizations in Ukraine and Poland

The Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a novel ransomware campaign targeting organizations in the transportation and related logistics industries in Ukraine and Poland utilizing a previously unidentified ransomware payload. MSTIC researchers observed this new ransomware, which Read More …

Initial access broker repurposing techniques in targeted attacks against Ukraine

As the war in Ukraine continues, TAG is tracking an increasing number of financially motivated threat actors targeting Ukraine whose activities seem closely aligned with Russian government-backed attackers. This post provides details on five different campaigns conducted from April to Read More …

Ukrainian hackers attacked the Mir payment system

Hackers staged a powerful and large-scale DDoS attack on the national payment system “Mir” against the backdrop of news about the possible refusal of a number of countries to work with it. How informs “Kommersant”, the goal is to overload Read More …