Pro-Russian hacking campaigns run rampant in Ukraine
Pro-Russian hacking campaigns run rampant in Ukraine
Expand
Getty Images
Pro-Russian threat actors continue their relentless pursuit of Ukrainian targets, with a series of campaigns that include fake Android apps, hacking attacks exploiting critical vulnerabilities, and e-phishing attacks. -mail that attempt to retrieve login credentials, according to Google researchers said.
One of the most recent campaigns was launched by Turla, a Russian-speaking advanced persistent threat actor who has been active since at least 1997 and is among the most technically sophisticated in the world. According to Google, the group targeted pro-Ukrainian volunteers with Android apps that posed as launchpads to carry out denial-of-service attacks against Russian websites.
Enlarge
Google
"All you have to do to start the process is install the app, open it and press start," said the fake website promoting the app. 'application. "The application immediately starts sending requests to Russian websites to overwhelm their resources and cause denial of service."
In fact, according to a researcher from Google's Threat Analysis Group, the app sends a single GET request to a target website. Behind the scenes, another Google researcher told Vice that the app was designed to map the user's internet infrastructure and "determine where people who potentially commit these types of attacks are located". p>
The apps, hosted on a domain spoofing the Ukrainian Azov regiment, mimicked another Android app Google first saw in March that also claimed to perform DoS attacks on Russian sites. Unlike Turla apps, stopwar.apk, as the latter app was named, sent a continuous stream of requests until the user stopped them.
Enlarge
Google
"Based on our analysis, we believe that the StopWar app was developed by pro-Ukrainian developers and inspired what Turla actors based their fake CyberAzov DoS app on," wrote Google researcher Billy Leonard.
Other Kremlin-sponsored hacking groups have also targeted Ukrainian groups. The campaigns included exploiting Follina, the name given to a critical vulnerability in all supported versions of Windows that has been actively targeted in the wild for more than two months as a zero-day.
Google researchers have confirmed a CERT-UA report from June stating that another Kremlin-sponsored hacking group, tracked under various names, including Fancy Bear, known as Pawn Storm, Sofacy Group and APT28, also exploited Follina in an attempt to infect targets with malware known as CredoMap. Additionally, Google said Sandworm, another Russian government-sponsored group, also operates Follina. This campaign used compromised government accounts to send links to Micr...
Pro-Russian threat actors continue their relentless pursuit of Ukrainian targets, with a series of campaigns that include fake Android apps, hacking attacks exploiting critical vulnerabilities, and e-phishing attacks. -mail that attempt to retrieve login credentials, according to Google researchers said.
One of the most recent campaigns was launched by Turla, a Russian-speaking advanced persistent threat actor who has been active since at least 1997 and is among the most technically sophisticated in the world. According to Google, the group targeted pro-Ukrainian volunteers with Android apps that posed as launchpads to carry out denial-of-service attacks against Russian websites.
Enlarge
Google
"All you have to do to start the process is install the app, open it and press start," said the fake website promoting the app. 'application. "The application immediately starts sending requests to Russian websites to overwhelm their resources and cause denial of service."
In fact, according to a researcher from Google's Threat Analysis Group, the app sends a single GET request to a target website. Behind the scenes, another Google researcher told Vice that the app was designed to map the user's internet infrastructure and "determine where people who potentially commit these types of attacks are located". p>
The apps, hosted on a domain spoofing the Ukrainian Azov regiment, mimicked another Android app Google first saw in March that also claimed to perform DoS attacks on Russian sites. Unlike Turla apps, stopwar.apk, as the latter app was named, sent a continuous stream of requests until the user stopped them.
Enlarge
Google
"Based on our analysis, we believe that the StopWar app was developed by pro-Ukrainian developers and inspired what Turla actors based their fake CyberAzov DoS app on," wrote Google researcher Billy Leonard.
Other Kremlin-sponsored hacking groups have also targeted Ukrainian groups. The campaigns included exploiting Follina, the name given to a critical vulnerability in all supported versions of Windows that has been actively targeted in the wild for more than two months as a zero-day.
Google researchers have confirmed a CERT-UA report from June stating that another Kremlin-sponsored hacking group, tracked under various names, including Fancy Bear, known as Pawn Storm, Sofacy Group and APT28, also exploited Follina in an attempt to infect targets with malware known as CredoMap. Additionally, Google said Sandworm, another Russian government-sponsored group, also operates Follina. This campaign used compromised government accounts to send links to Micr...
Expand
Getty Images
Enlarge
Google
Enlarge
Google
![Judge Delays Musk/Twitter Lawsuit, Gives Them Three Weeks to Complete Merger [Updated]](https://vidianews.com/assets/img/bg_slider.png)
![Judge Delays Musk/Twitter Lawsuit, Gives Them Three Weeks to Complete Merger [Updated]](https://cdn.arstechnica.net/wp-content/uploads/2022/08/getty-musk-twitter-760x380.jpg)
