locsec/Ukraine-Cyber-Operations
1
Форкнуть 0
Код Задачи Запросы на слияние Действия Пакеты Проекты Релизы Вики Активность

Create April.md

Просмотр исходного кода
Этот коммит содержится в:
BushidoToken 2022-04-27 20:32:39 +01:00 коммит произвёл GitHub
родитель 13dedac878
Коммит 49f7016e6a
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
1 изменённых файлов: 29 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

29
Threat Reports/April.md Обычный файл
Просмотреть файл

@ -0,0 +1,29 @@
#### `April Threat Reports`
| Date | Source | Threat(s) | URL |
| --- | --- | --- | --- |
| 1 APR | Malwarebytes | UAC-0056 (aka SaintBear, UNC2589 and TA471) is a cyber espionage actor that has been active since early 2021 and has mainly targeted Ukraine and Georgia | [blog.malwarebytes.com](https://blog.malwarebytes.com/threat-intelligence/2022/04/new-uac-0056-activity-theres-a-go-elephant-in-the-room/) |
| 2 APR | Ukraine SBU | According to preliminary data, the organization of cyber sabotage was carried out by the Russian special services, and specialized hacker groups APT28, ART29, Sandworm, BerserkBear, Gamaredon, Vermin, etc. were implemented. | [t.me/SBUkr](https://t.me/SBUkr/4043) |
| 3 APR | me | Low-detect BlackGuard infostealer uploaded to AnyRun from Ukraine | [twitter.com/BushidoToken](https://twitter.com/BushidoToken/status/1510619652946378754) |
| 4 APR | CERT-UA | UAC-0010 (Armageddon) cyberattack on Ukrainian state organizations, phishing w/ RAR -> HTA -> VBS | [cert.gov.ua](https://cert.gov.ua/article/39138) |
| 4 APR | CERT-UA | UAC-0010 (Armageddon) cyberattack on state institutions of the European Union countries, phishing w/ RAR -> LNK | [cert.gov.ua](https://cert.gov.ua/article/39086) |
| 5 APR | CERT-UA | UAC-0094 targets Telegram users via SMS phishing, stealing session data, the list of contacts and conversation history | [cert.gov.ua](https://cert.gov.ua/article/39253) |
| 5 APR | @h2jazi | RedlineStealer is taking advantage of War in Ukraine | [twitter.com/h2jazi](https://twitter.com/h2jazi/status/1511473962315919362?s=21&t=4UqYDl6bWvvNPPS9NG4TOQ) |
| 6 APR | US Department of Justice | DOJ Operation that Copied and Removed Malware Known as “Cyclops Blink” from the Botnets Command-And-Control Devices, Disrupting the GRUs Control Over Thousands of Infected Devices Worldwide. | [justice.gov](https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-disruption-botnet-controlled-russian-federation) |
| 6 APR | @youranontv | "BlackRabbit" who operates in behalf of Anonymous #OpRussia gained access to the Kremlin CCTV system | [twitter.com/youranontv](https://twitter.com/youranontv/status/1511656225687154688) |
| 7 APR | @iiyonite | IT ARMY of Ukraine breached a database of Rossgram beta sign-ups (Russian Instagram clone), then created a fake Rossgram app, send invites to said beta users, then pushed notifications out to those users that Rossgram was hacked and then leaked the data of the beta users | [twitter.com/iiyonite](https://twitter.com/iiyonite/status/1512001395255357443) |
| 7 APR | @h2jazi | CloudAtlas APT maldoc: "Composition_of_the_State_Defense_Committee_of_Donetsk_People_Republic.doc" | [twitter.com/h2jazi](https://twitter.com/h2jazi/status/1512076989556961286?s=21&t=zdqFNbXN9GnKZiKQNp-UqQ) |
| 7 APR | Facebook/Meta | Government-linked actors from Russia and Belarus engaged in cyber espionage and covert influence operations online. This activity included interest in the Ukrainian telecom industry; both global and Ukrainian defense and energy sectors; tech platforms; and journalists and activists in Ukraine, Russia, and abroad | [about.fb.com](https://about.fb.com/wp-content/uploads/2022/04/Meta-Quarterly-Adversarial-Threat-Report_Q1-2022.pdf) |
| 8 APR | Microsoft | Microsoft took down Strontium domains using this infrastructure for [phishing](https://twitter.com/dacuddy/status/1512193359602888725) to target Ukrainian institutions including media organizations. It was also targeting government institutions and think tanks in the United States and the European Union involved in foreign policy | [blogs.microsoft.com](https://blogs.microsoft.com/on-the-issues/2022/04/07/cyberattacks-ukraine-strontium-russia/) |
| 8 APR | MFA Finland | Russia accused of disruptions in the Foreign Ministry's online services: Um[.]fi and Finlanabroad[.]fi sites were targeted by DDoS | [twitter.com/Ulkoministerio](https://twitter.com/Ulkoministerio/status/1512368322012233731?s=20&t=Eh6rnggBh4Zvn8la45AL5Q) |
| 12 APR | CERT-UA | Sandworm launched Industroyer2 and CaddyWiper against Ukrainian Electrical Energy Facilities | [cert.gov.ua](https://cert.gov.ua/article/39518) |
| 12 APR | ESET | Sandworm's attack used an ICS-capable malware and regular disk wipers for Windows, Linux and Solaris operating systems | [welivesecurity.com](https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/) |
| 14 APR | CERT-UA | UAC-0097 Cyberattack on Ukrainian state organizations using XSS exploit vulnerability in Zimbra Collaboration Suite (CVE-2018-6882) | [cert.gov.ua](https://cert.gov.ua/article/39606) |
| 14 APR | CERT-UA | UAC-0098 Cyberattack on Ukrainian state organizations using icedID malware | [cert.gov.ua](https://cert.gov.ua/article/39609) |
| 18 APR | CERT-UA | UAC-0098 Cyberattack on Ukrainian state organizations using the Azovstal theme and the Cobalt Strike Beacon | [cert.gov.ua](https://cert.gov.ua/article/39708) |
| 19 APR | CERT-UA | Online fraud using the subject of "financial assistance from EU countries" | [cert.gov.ua](https://cert.gov.ua/article/39727) |
| 20 APR | Symantec | Shuckworm/Gamaredon/UAC-0010: Espionage Group Continues Intense Campaign Against Ukraine | [symantec.com](https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-intense-campaign-ukraine) |
| 20 APR | TheRecord | Interview with Natalia Tkachuk, head of the Information Security and Cybersecurity Service — part of the National Security and Defense Council of Ukraine | [therecord.media](https://therecord.media/from-the-front-lines-of-the-first-real-cyberwar/) |
| 22 APR | SSSCIP Ukraine | UAC-0010 (aka Armageddon), UAC-0051 (aka UNC1151), UAC-0028 (aka APT28) are the top three groups that have waged the most number of cyberattacks on Ukrainian infrastructure | [twitter.com/dsszzi](https://twitter.com/dsszzi/status/1517553942678446082?s=21&t=B45Ox-B9amKu9jTt0BT8Zw) |
| 23 APR | SSSCIP Ukraine | Details about Sandworm attacks against the Ukrainian electricity sector | [twitter.com/dsszzi](https://twitter.com/dsszzi/status/1517806362495012865) |
| 26 APR | CERT-UA | UAC-0056 group cyberattack using GraphSteel and GrimPlant malware and COVID-19 topics, the sending of e-mails was made from the compromised account of an employee of the state body of Ukraine | [cert.gov.ua](https://cert.gov.ua/article/39882) |
| 27 APR | Microsoft | STRONTIUM, IRIDIUM, DEV-0586, NOBELIUM, ACTINIUM, BROMINE, KRYPTON (aliases in the report) | [blogs.microsoft.com](https://blogs.microsoft.com/on-the-issues/2022/04/27/hybrid-war-ukraine-russia-cyberattacks/) |