Update July.md

Updated July timeline
2023-03-14 11:46:49 -04:00 · 2023-03-14 11:46:49 -04:00 · 21f69fc37f
--- a/Reports/July.md
+++ b/Reports/July.md
@ -6,6 +6,11 @@
 | 8 JULY | Google TAG | The Turla APT group created a fake Android app (APK) designed to look like a DDoS hacktivist tool developed by the Ukrainian Azov Regiment. The APKs we have seen were hosted on a Turla controlled domain with links disseminated through 3rd party messaging services. They were not hosted on the Play Store. | [twitter.com/billyleonard](https://twitter.com/billyleonard/status/1545461166377508865) |
 | 14 JULY | SSSCIP of Ukraine | SSSCIP published its statistics on vulnerability detection and cyber incidents for Q2 2022. Top APT groups includes UAC-0010, UAC-0056, UAC-0028, UAC-0098, UAC-0082/UAC-0113 | [scpc.gov.ua](https://scpc.gov.ua/api/docs/19b0a96e-8c31-44bf-863e-cd3e0b651f21/19b0a96e-8c31-44bf-863e-cd3e0b651f21.pdf) |
 | 18 JULY | Malwarebytes | UAC-0056 (AKA UNC2589, TA471, EmberBear, Lorec53) has repeatedly targeted the government entities in Ukraine via phishing campaigns, macro-docs, and Cobalt Strike Beacons | [blog.malwarebytes.com](https://blog.malwarebytes.com/threat-intelligence/2022/07/cobalt-strikes-again-uac-0056-continues-to-target-ukraine-in-its-latest-campaign/) |
-| 19 JULY | Google TAG | Continued cyber activity in Eastern Europe observed by TAG: Turla APKs, Follina vulnerability, Ghostwriter/UNC1151, COLDRIVER | [blog.google](https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag/) |
+| 19 JULY | Google TAG | Development of attack techniques of the UNC1151/Ghostwriter group | [cert.pl](https://cert.pl/posts/2022/07/techniki-unc1151/) |
+| 19 JULY | CERT-PL | Continued cyber activity in Eastern Europe observed by TAG: Turla APKs, Follina vulnerability, Ghostwriter/UNC1151, COLDRIVER | [blog.google](https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag/) |
 | 20 JULY | US CYBERCOM | Cyber National Mission Force discloses IOCs from Ukrainian networks | [cybercom.mil](https://www.cybercom.mil/Media/News/Article/3098856/cyber-national-mission-force-discloses-iocs-from-ukrainian-networks/) |
 | 20 JULY | Mandiant | UNC1151 and suspected UNC2589 operations leveraging phishing with malicious documents leading to malware infection chains with themes related to public safety and humanitarian emergencies | [mandiant.com](https://www.mandiant.com/resources/spear-phish-ukrainian-entities) |
+| 21 JULY | Talos | Attackers target Ukraine using GoMet backdoor | [blog.talosintelligence.com](https://blog.talosintelligence.com/attackers-target-ukraine-using-gomet/) |
+| 21 JULY | CyberScoop | Cyber criminals attack Ukrainian radio network, broadcast fake message about Zelensky’s health | [cyberscoop.com](https://cyberscoop.com/hackers-infiltrate-ukrainian-radio-network-broadcast-fake-message-about-zelenskys-health/) |
+| 27 JULY | VxUnderground | VX-Underground uploads sample of malware used by Killnet to DDos Lithuania | [twitter.com](https://twitter.com/vxunderground/status/1552361257822478341) |
+| 27 JULY | US DHS CISA | United States (CISA) and Ukraine Expand Cooperation on Cybersecurity| [cisa.gov](https://www.cisa.gov/news/2022/07/27/united-states-and-ukraine-expand-cooperation-cybersecurity) |