Connect with us

Hi, what are you looking for?

[stock_market_widget type="ticker-quotes" template="chart" color="#5679FF" assets="MSFT,AAPL,NFLX,GOOG,TSLA,NFLX,AMZN" animation="true" display_currency_symbol="true" api="yf" speed="50" direction="left" pause="true"]

Tech

Russian 'WhisperGate' hackers are using new data-stealing malware to target Ukraine

Security researchers say they have recently observed a Russian hacking crew, who were behind the destructive WhisperGate malware cyberattacks, targeting Ukrainian entities with a new information-stealing malware. Symantec’s Threat Hunter Team has attributed this campaign to a Russia-linked cyber threat actor, widely known as TA471 (or UAC-0056), which has been active since early 2021. The

russian-'whispergate'-hackers-are-using-new-data-stealing-malware-to-target-ukraine

Security researchers say they have recently observed a Russian hacking crew, who were behind the destructive WhisperGate malware cyberattacks, targeting Ukrainian entities with a new information-stealing malware.

Symantec’s Threat Hunter Team has attributed this campaign to a Russia-linked cyber threat actor, widely known as TA471 (or UAC-0056), which has been active since early 2021. The group is known to support Russian government interests, and while it primarily targets Ukraine, the group has also been active against NATO member states in North America and Europe. TA471 has been linked to WhisperGate, a destructive data-wiping malware that was used in multiple cyberattacks against Ukrainian targets in January 2022. The malware masquerades as ransomware, but renders targeted devices completely inoperable and unable to recover files even if a ransom demand is paid.

According to Symantec, the hacking crew’s latest campaign relies on previously unseen information-stealing malware it calls “Graphiron” for targeting Ukrainian organizations. The malware was used to steal data from infected machines from October 2022 until at least mid-January 2023, according to the researchers, reasonable to assume that it remains part of the [hackers’] toolkit.”

The info-stealing malware uses file names designed to masquerade as legitimate Microsoft Office files, and is similar to other TA471 tools, such as GraphSteel and GrimPlant, which were previously used as part of a spear-phishing campaign specifically targeting Ukrainian state bodies. But Symantec says that Graphiron is designed to exfiltrate far more data, including screenshots and private SSH keys.

“That information could be useful in itself from an intelligence perspective, or it could be used to penetrate deeper into the targeted organization or to launch destructive attacks,” Dick O’Brien, principal intelligence analyst Symantec Threat Hunter Team, told TechCrunch.

O’Brien said that while little is known about the hacking crew’s origin or strategy, TA471 has become one of the key players in Russia’s ongoing cyber campaigns against Ukraine.

News of TA471’s latest espionage campaign comes days after the Ukrainian government sounded the alarm on another Russian state-sponsored hacking group, dubbed UAC-0010, which continues to conduct frequent cyber attack campaigns against Ukrainian organizations.

“Despite using mainly repeated sets of techniques and procedures, adversaries slowly but insistently evolve in their tactics and redevelop used malware variants to stay undetected,” said Ukraine’s State Cyber Protection Centre. “Therefore, it remains one of the key cyber threats facing organizations in our country.”

Advertisement. Scroll to continue reading.
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Stocks

SAN FRANCISCO (MarketWatch) — Among the companies whose shares are expected to see active trade in Thursday’s session are BlackBerry Ltd., Oracle Corp., and...

Mining

NAL spodumene concentrate production remains targeted for H1 2023 with revenue potential in Q3 2023. Credit: Piedmont Piedmont Lithium (Nasdaq: PLL; ASX: PLL) announced...

Tech

This holiday season, consider giving the gift of security with an ad blocker. That’s the takeaway message from an unlikely source — the FBI...

Top Stories

There have been major developments out of Japan this week. The Bank of Japan surprised the market by widening its yield curve target by...

Advertisement