Russia-Backed Hackers Using New USB-based Malware to Acquire Ukraine’s Military Intelligence

Russia-Backed Hackers Using New USB-based Malware to Acquire Ukraine’s Military Intelligence

Ukraine remains under constant threat as the Russian state-sponsored hacking group Shuckworm (aka Armageddon or Gamaredon) continues to carry out numerous cyber attacks, mainly focusing on the following organizations of Ukraine:-

Security services

Read moreBuilding cyber skills and roles from CyBOK foundations

Military

Government

Read moreAccessibility as a cyber security priority

Information-stealing tools were used by Russian hackers connected to the FSB, targeting Ukrainian government groups, as reported by cybersecurity researchers at Symantec.

They infected new systems using a Word template trick and updated versions of their “Pteranodon” malware.

Shuckworm TTPs Using USB Malware

Read moreNew interactive video - and related downloads - to help secondary school kids stay safe online

Recently to spread and infect more systems within compromised networks, it has been detected that the threat actors have adopted the use of USB malware.

In their latest campaign, Shuckworm sets its sights on HR departments since threat actors plan to launch spear-phishing attacks against organizations that have already been compromised.

Read moreNigerian Cybercrime Ring's Phishing Tactics Exposed

Using phishing emails as their primary tactic, Shuckworm gains access to victim machines and disseminates malware for initial infection.

The attackers target Ukrainian victims through emails containing malicious attachments in various file formats, and here below we have mentioned them:-

Read moreS3 Ep135: Sysadmin by day, extortionist by night

.docx

.rar (RAR archive files)

Read moreUS offers $10m bounty for Russian ransomware suspect outed in indictment

.sfx (self-extracting archives)

.lnk

Read moreBelkin Wemo Smart Plug V2 – the buffer overflow that won’t be patched

.hta (HTML smuggling files)

During recent activities, experts noticed that the group incorporated legitimate services like Telegram into their command and control (C&C) infrastructure.

Read moreZut alors! Raclage crapuleux! Clearview AI in 20% more trouble in France

To store their command and control (C&C) addresses, recently, it has been detected that they also used the “Telegraph,” a micro-blogging platform of Telegram.

Shuckworm TTPs Attack Chain

As identified by Symantec’s analysts, Shuckworm’s activity experienced a notable surge from February to March 2023.

Read moreHeads Up CEO! Cyber Risk Influences Company Credit Ratings

Until May 2023, the hackers continued to be on specific compromised machines. Symantec tested 25 different categories of PowerShell scripts between January and April 2023.

By employing the “.rtk.lnk” extension, the PowerShell script replicates itself on the compromised machine and generates a shortcut file.

Read moreCISA, NSA Issue New IAM Best Practice Guidelines

After the victim opens those files, the PowerShell script scans the computer’s drives and copies itself onto removable USB drives. As a result, the script gains enhanced mobility within the compromised network.

Symantec’s analysts uncovered a file named “foto.safe” on one of the machines that Gamaredon infiltrated this year. The file was identified to be a PowerShell script encoded in base64.

Read more6 Ways to Mitigate Risk While Expanding Access

Moreover, Shuckworm is expected to continue its cyberattacks on Ukraine. Not only that even, but the group is also likely to update its tools and techniques to steal data that could help the Russian military to execute its operations successfully.

Looking For an All-in-One Multi-OS Patch Management Platform – Try Patch Manager Plus

Read moreHypervisors and Ransomware: Defending Attractive Targets

The post Russia-Backed Hackers Using New USB-based Malware to Acquire Ukraine’s Military Intelligence appeared first on Cyber Security News.

   Read More 

Read moreNIST Launches Cybersecurity Initiative for Small Businesses

Cyber Security News 

Related Posts

TikTok Faces Massive €345 Million Fine Over Child Data Violations in E.U.
TikTok Faces Massive €345 Million Fine Over Child Data Violations in E.U.

TikTok Faces Massive €345 Million Fine Over Child Data Violations in E.U.

The Irish Data Protection Commission (DPC) slapped TikTok with a €345 million (about $368 million) fine for violating the European Union’s General Data Protection Regulation (GDPR) in relation to its handling of children’s data.
The investigation, initiated in September 2021, examined how the popular short-form video platform processed personal data relating to child users (those between the   Read More 

The Hacker News | #1 Trusted Cybersecurity News Site