New Russian Malware Targets Ukraine 

Uploaded on 2023-02-13 in INTELLIGENCE-Hot Spots-Russia, GOVERNMENT-Defence, FREE TO VIEW

A year after Russia launched its full-scale invasion of Ukraine, Russia remains unsuccessful in bringing Ukraine under its control as it struggles to overcome months of compounding strategic and tactical failures. Despite these challenges, Russia’s intent remains unchanged - leaving Ukraine and the international community in a state of heightened risk.

The crisis between NATO countries and Russia following Russia’s invasion of Ukraine has involved aggressive rhetoric, military warnings, sabotage of critical infrastructure, nuclear threats and cyber attacks.

Russian military’s most prolific hacking units continue to use destructive malware attack against Ukrainian and now security researchers have found a new information-stealing malware variant that is targeting Ukrainian organisations as Russia is getting ready for a new war offensive. 

The data-stealer has been named Graphiron and has been linked to the Russia Nodaria group. Symantec, the security firm that found the information stealer, states that the group has been active since at least March 2021. 
Like earlier info-stealing tools used by the group, such as GraphSteel and GrimPlant, Graphiron is written in Go, communicates with a C&C server using port 443, and is likely deployed via spear-phishing emails.

Nodaria was first recognised for the WhisperGate attacks that targeted Ukrainian organisations at the beginning of the conflict.

Similar to other exploits used by the group, Graphiron is written in Go and likely deployed via spear phishing emails. The malware consists of a downloader and a payload and can steal data such as system information, files, screenshots, and credentials. Security experts have warned of a new slate of cyber attacks on Ukrainian critical infrastructure ahead of a Russian offensive in Donbas. 

The threat intelligence experts at Recorded Future said wiper attacks had been a feature of the winter so far, echoing activity seen before the start of the war. “Russian state-sponsored cyber threat actors, as well as pro-Russian cyber criminals and hacktivists, will almost certainly support this campaign through continued targeting of Ukrainian critical infrastructure, at least in part in an attempt to further degrade Ukraine’s morale and will to fight.” 

It will continue not only to draw upon hacktivists and cyber crime groups to attack allied countries with plausible deniability, but also pro-Russia influence networks in an attempt to win the information war, the report claimed.

Council on Foreign Relations:    Recorded Future:   Oodaloop:   

Infosecurity Magazine:   Bleeping Computer:    Cyberscoop

You Might Also Read: 

Ukraine Signs Cyber Security Deal With NATO:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Specialist Marine Cyber Insurance For Ports & Vessels
Rising Cybercrime Means SMEs Should Seek Cyber Insurance »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

BSI Group

BSI Group

BSI is the business standards company that equips businesses with the necessary solutions to turn standards of best practice into habits of excellence

Ambersail

Ambersail

Ambersail provide Penetration Testing and Cyber Security Compliance services.

Devo Technology

Devo Technology

Devo Security Operations is a next-gen cloud SIEM that enables you to gain complete visibility, reduce noise, and focus on the threats that matter most to the business.

Wireless Logic

Wireless Logic

Wireless Logic delivers a range of secure and resilient value-added M2M/IoT managed services that empower remote devices to communicate cost-effectively, two ways.

Gospel Technology

Gospel Technology

Gospel presents a totally new way of accessing and controlling data which is enterprise grade scalable, highly resilient, and secure.

spiderSilk

spiderSilk

spiderSilk is a Dubai-based cybersecurity firm, specializing in simulating the most advanced cyber offenses on your technology so you can build your best security defenses.

RIT Global Cybersecurity Institute

RIT Global Cybersecurity Institute

At RIT's Global Cybersecurity Institute, we educate and train cybersecurity professionals; develop new cybersecurity and AI-based knowledge for industry, academia, and government.

Valid Network

Valid Network

Valid Network DSP is blending traditional cyber security methodologies with blockchain transactions to achieve trust, internal and federated between organizations and stake holders.

Carve Systems

Carve Systems

Carve Systems was founded to bring enterprise level information security, training, and risk management services to organizations of any size and industry.

Boeing

Boeing

Boeing is the world's largest aerospace company and leading manufacturer of commercial jetliners, defense, space and security systems.

Terra Quantum

Terra Quantum

Terra Quantum is a deep tech pioneer, developing revolutionary quantum applications to shape the technology of the future.

Stryve

Stryve

Stryve is a leading carbon-neutral provider of specialist cloud and cybersecurity services in Europe.

Paperclip

Paperclip

Paperclip provides paperless solutions while enabling compliance and security for the exchange of critical content.

Nokod Security

Nokod Security

Nokod Security delivers an application security platform for low-code / no-code custom applications and Robotic Process Automation (RPA).

SIEM Xpert

SIEM Xpert

SIEM Xpert is a leader in Cyber Security Trainings and services since 2015.

Aegis9

Aegis9

Aegis9 is an Australian owned and sovereign consultancy that specialises in providing tailored security solutions for both public and private sector clients based on their specific needs.