Agencies in Ukraine targeted with MicroBackdoor malware
Reading Time: 1 Minute
A cyber-attack campaign targeting Ukrainian government agencies with MicroBackdoor malware has been confirmed by the country’s Computer Emergency Response Team (CERT-UA).
In a statement released earlier this week (March 7), CERT-UA confirmed that government organizations have been the target of several malicious attacks.
According to intelligence gathered by the agency, phishing emails containing a file named ‘dovidka.zip’, which contains a contextual help file (Microsoft Compiled HTML Help) ‘dovidka.chm’.
The file contained the bait image ‘image.jpg’, which CERT-UA said was information on the procedure for frequent artillery shelling, and HTA-file ‘file.htm’ which contained malicious code in VBScript.
Execution of the malicious code would result in the running of the dropper ‘ignit.vbs’, which will decode the .NET loader ‘core.dll’, later executing the MicroBackdoor malware.
Premeditated attacks?
According to CERT-UA, the backdoor and loader were created in January 2022, before Russia’s invasion of the country.
The agency claims that malware campaign bares similarities to the activities of the UAC-0051 threat group, also known as ‘unc1151’, which according to Mandiant has links to the Belarussian government.
The statement from CERT-UA contains further information on the attack.
Russia invaded Ukraine on February 24. Since this time, there have been a number of cyber-attacks targeting organizations across the country.
As previously reported by The Daily Swig, a newly discovered strain of data-wiping malware has also surfaced in the eastern European country.
The Windows-specific data wiper has appeared on “hundreds of machines”, according to telemetry from information security firm ESET.
Although primarily directed towards Ukraine, the newly named ‘HermeticWiper’ malware strain has also been detected in the Baltic states of Latvia and Lithuania.
Date stamps on the malware indicate that it was compiled two months ago – evidence that the attack was possibly premeditated.
Victims of the malware campaign include financial organizations and government contractors, the Wall Street Journal reports.
Other targets
At least 30 Ukrainian university websites were also hacked in a targeted attack allegedly conducted by threat actors identified as the ‘Monday Group’, which has reportedly publicly supported Russia’s recent actions.
The group, whose members refer to themselves as ‘the Mx0nday’, have targeted the WordPress-hosted sites more than 100,000 times since the invasion.
See Also: Offensive Security Tool: Scapy
See Also: Hacking stories: MafiaBoy, the hacker who took down the Internet
Source: portswigger.net
Source Link
Recent News
New Ghost Tap Attack: The Next-Level Credit Card Scam Exploiting Apple Pay and Google Pay
Apple Rushes to Patch Two Zero-Day Exploits Targeting Intel-Based Macs
Chinese Hackers Exploit Zero-Day in FortiClient VPN with ‘DeepData’ Toolkit
Critical Flaw in Popular WordPress Plugin Puts Millions of Websites at Risk
Glove Stealer Malware Evades Chrome’s App-Bound Encryption to Target Cookies
New RustyAttr Trojan Evades macOS Security Using Hidden Metadata
GoIssue: Sophisticated Phishing Tool Targets GitHub Developer Credentials
New Ymir Ransomware Launches In-Memory Attacks Post-RustyStealer Infections
North Korean Hackers Deploy MacOS Malware with Unseen Stealth to Hijack Crypto Firms
Winos4.0 Malware Framework Uses Gaming Apps to Infiltrate Windows Systems
