Ukraine: Sandworm hackers hit news agency with 5 data wipers

The Ukrainian Computer Emergency Response Team (CERT-UA) found a cocktail of five different data-wiping malware strains deployed on the network of the country’s national news agency (Ukrinform) on January 17th. “As of January 27, 2023, 5 samples of malicious programs Read More …

Ukraine links data-wiping attack on news agency to Russian hackers

The Computer Emergency Response Team of Ukraine (CERT-UA) has linked a destructive malware attack targeting the country’s national news agency (Ukrinform) to Sandworm Russian military hackers. “According to preliminary data, provided by CERT-UA specialists, the attack have caused certain destructive Read More …

Russia’s Trident Ursa (aka Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine

Since Unit 42 last blog in early February covering the advanced persistent threat (APT) group Trident Ursa (aka Gamaredon, UAC-0010, Primitive Bear, Shuckworm), Ukraine and its cyber domain has faced ever-increasing threats from Russia. Trident Ursa is a group attributed Read More …

Ukraine’s DELTA military system users targeted by info-stealing malware

A compromised Ukrainian Ministry of Defense email account was found sending phishing emails and instant messages to users of the ‘DELTA’ situational awareness program to infect systems with information-stealing malware. The campaign was highlighted in a report today by CERT-UA Read More …

Ukrainian government networks breached via trojanized Windows 10 installers

Ukrainian government entities were hacked in targeted attacks after their networks were first compromised via trojanized ISO files posing as legitimate Windows 10 installers. These malicious installers delivered malware capable of collecting data from compromised computers, deploying additional malicious tools, Read More …

New ransomware attacks in Ukraine linked to Russian Sandworm hackers

New ransomware attacks targeting organizations in Ukraine first detected this Monday have been linked to the notorious Russian military threat group Sandworm. Slovak software company ESET who first spotted this wave of attacks, says the ransomware they named RansomBoggs has Read More …

Suspected Zeus cybercrime ring leader ‘Tank’ arrested by Swiss police

Vyacheslav Igorevich Penchukov, also known as Tank and one of the leaders of the notorious JabberZeus cybercrime gang, was arrested in Geneva last month. The Swiss Federal Office of Justice (FOJ) said Penchukov was arrested last month and is waiting Read More …

Ukraine says Russian hacktivists use new Somnia ransomware

Russian hacktivists have infected multiple organizations in Ukraine with a new ransomware strain called ‘Somnia,’ encrypting their systems and causing operational problems. The Computer Emergency Response Team of Ukraine (CERT-UA) has confirmed the outbreak via an announcement on its portal, Read More …

Hack the Real Box: APT41’s New Subgroup Earth Longzhi

In early 2022, Trend Micro investigated an incident that compromised a company in Taiwan. The malware used in the incident was a simple but custom Cobalt Strike loader. After further investigation, however, we found incidents targeting multiple regions using a Read More …