New Russian Malware Targets Ukraine
A year after Russia launched its full-scale invasion of Ukraine, Russia remains unsuccessful in bringing Ukraine under its control as it struggles to overcome months of compounding strategic and tactical failures. Despite these challenges, Russia’s intent remains unchanged - leaving Ukraine and the international community in a state of heightened risk.
The crisis between NATO countries and Russia following Russia’s invasion of Ukraine has involved aggressive rhetoric, military warnings, sabotage of critical infrastructure, nuclear threats and cyber attacks.
Russian military’s most prolific hacking units continue to use destructive malware attack against Ukrainian and now security researchers have found a new information-stealing malware variant that is targeting Ukrainian organisations as Russia is getting ready for a new war offensive.
The data-stealer has been named Graphiron and has been linked to the Russia Nodaria group. Symantec, the security firm that found the information stealer, states that the group has been active since at least March 2021.
Like earlier info-stealing tools used by the group, such as GraphSteel and GrimPlant, Graphiron is written in Go, communicates with a C&C server using port 443, and is likely deployed via spear-phishing emails.
Nodaria was first recognised for the WhisperGate attacks that targeted Ukrainian organisations at the beginning of the conflict.
Similar to other exploits used by the group, Graphiron is written in Go and likely deployed via spear phishing emails. The malware consists of a downloader and a payload and can steal data such as system information, files, screenshots, and credentials. Security experts have warned of a new slate of cyber attacks on Ukrainian critical infrastructure ahead of a Russian offensive in Donbas.
The threat intelligence experts at Recorded Future said wiper attacks had been a feature of the winter so far, echoing activity seen before the start of the war. “Russian state-sponsored cyber threat actors, as well as pro-Russian cyber criminals and hacktivists, will almost certainly support this campaign through continued targeting of Ukrainian critical infrastructure, at least in part in an attempt to further degrade Ukraine’s morale and will to fight.”
It will continue not only to draw upon hacktivists and cyber crime groups to attack allied countries with plausible deniability, but also pro-Russia influence networks in an attempt to win the information war, the report claimed.
Council on Foreign Relations: Recorded Future: Oodaloop:
Infosecurity Magazine: Bleeping Computer: Cyberscoop:
You Might Also Read:
Ukraine Signs Cyber Security Deal With NATO:
___________________________________________________________________________________________
If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.
- Individual £5 per month or £50 per year. Sign Up
- Multi-User, Corporate & Library Accounts Available on Request
- Inquires: Contact Cyber Security Intelligence
Cyber Security Intelligence: Captured Organised & Accessible