Daily Tech News, Interviews, Reviews and Updates

The US Cyber Command releases IOCs for malware used by cyber espionage group targeting Ukraine

Security
By Tista Karmakar
The US Cyber Command releases IOCs for malware used by cyber espionage group targeting Ukraine

The United States Cyber Command (USCYBERCOM) has released indicators of compromise (IOCs) that served as potential intrusion sites on host systems via malware families responsible for recent cyber attacks targeting Ukraine.

The US Cyber Command is one of the eleven unified combatant commands of the US Department of Defense responsible for monitoring and performing cyberspace operations in order to strengthen, integrate and bolster DoD cyberspace space capabilities.

According to the Cyber Command identified malware samples were used to compromise several devices in both government and private sectors in Ukraine in February 2022 prior to the Russian invasion of Ukraine. They released 20 novel indicators in various formats that represent IOCs identified during the malware attack. They said, “Our Ukrainian partners are actively sharing malicious activity they find with us to bolster collective cyber security, just as we are sharing with them. We continue to have a strong partnership in cybersecurity between our two nations.”

Security researchers of Mandiant, the American cybersecurity firm confirmed the activity of several cyber espionage groups targeting Ukrainian systems and said, “The malware used in these intrusion attempts would enable a wide variety of operations and these groups have previously conducted espionage, information operations and disruptive attacks.”

They have identified one threat actor that is associated with cyber espionage activity named UNC1151, which is sponsored by Belarus and offers technical support to Ghostwriter disinformation campaigns, that targeted devices in Lithuania, Latvia, and Poland in 2020 for NATO-related issues and is backed by the Russian threat actors.

Security researchers named another threat actor UNC2589 sponsored directly by the Russian government and responsible for initiating the 2022 Whispergate cyberattacks, involving malware to perform a master boot record wiper where the data can not be recovered once it is compromised. It disguised itself as ransomware but deleted all data during recovery.

Both these attacks purposely targeted nations with NATO association. The UNC2589 deployed malware that used a Go-based backdoor in order to perform system surveillance and command execution. While the cyberespionage group was observed performing a Cobalt Strike Beacon attack by using the same named backdoor to transfer files and command execution.

Readers like you help support The Tech Outlook. When you make a purchase using links on our site, we may earn an affiliate commission. We cannot guarantee the Product information shown is 100% accurate and we advise you to check the product listing on the original manufacturer website. Thetechoutlook is not responsible for price changes carried out by retailers. The discounted price or deal mentioned in this item was available at the time of writing and may be subject to time restrictions and/or limited unit availability. Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates Read More
Tista Karmakar 331 posts

She is Currently doing PG Diploma in Journalism and Mass communication from Indira Gandhi Open University, July Session. 2022.
She has completed Master's Degree in Film Study from Jadavpur University with 8.81 cGPA .

You might also like
Crypto

WazirX Suffers $230 Million Cyberattack, Launches Bounty Programs for Recovery

Crypto

Major Security Breach At WazirX: $230 Million In Crypto Stolen by Hackers

Security

Call Records and Text From Nearly All Customers Were Hacked Through A Cloud Service:…

Security

Airtel Denies Data Breach Claims, Calls Allegations a Desperate Attempt to Tarnish…

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More