#### `July Threat Reports`
| Date | Source | Threat(s) | URL |
| --- | --- | --- | --- |
| 5 JULY | CNN | Russian hacktivist group XakNet carried out a cyberattack on Ukraine's biggest private energy conglomerate, DTEK, in retaliation for its owner's opposition to Russia's war in Ukraine | [cnn.com](https://edition.cnn.com/2022/07/01/politics/russia-ukraine-dtek-hack/index.html) |
| 7 JULY | IBM Security X-Force | IBM has uncovered evidence indicating that the Russia-based cybercriminal “Trickbot group” has launched attacks on Ukraine since the Russian invasion — an unprecedented shift as the group had not previously targeted Ukraine (as RU eCrime usually avoids CIS countries) | [securityintelligence.com](https://securityintelligence.com/posts/trickbot-group-systematically-attacking-ukraine/) |
| 8 JULY | Google TAG | The Turla APT group created a fake Android app (APK) designed to look like a DDoS hacktivist tool developed by the Ukrainian Azov Regiment. The APKs we have seen were hosted on a Turla controlled domain with links disseminated through 3rd party messaging services. They were not hosted on the Play Store. | [twitter.com/billyleonard](https://twitter.com/billyleonard/status/1545461166377508865) |
| 14 JULY | SSSCIP of Ukraine | SSSCIP published its statistics on vulnerability detection and cyber incidents for Q2 2022. Top APT groups includes UAC-0010, UAC-0056, UAC-0028, UAC-0098, UAC-0082/UAC-0113 | [scpc.gov.ua](https://scpc.gov.ua/api/docs/19b0a96e-8c31-44bf-863e-cd3e0b651f21/19b0a96e-8c31-44bf-863e-cd3e0b651f21.pdf) |
| 18 JULY | Malwarebytes | UAC-0056 (AKA UNC2589, TA471, EmberBear, Lorec53) has repeatedly targeted the government entities in Ukraine via phishing campaigns, macro-docs, and Cobalt Strike Beacons | [blog.malwarebytes.com](https://blog.malwarebytes.com/threat-intelligence/2022/07/cobalt-strikes-again-uac-0056-continues-to-target-ukraine-in-its-latest-campaign/) |
| 19 JULY | Google TAG | Development of attack techniques of the UNC1151/Ghostwriter group | [cert.pl](https://cert.pl/posts/2022/07/techniki-unc1151/) |
| 19 JULY | CERT-PL | Continued cyber activity in Eastern Europe observed by TAG: Turla APKs, Follina vulnerability, Ghostwriter/UNC1151, COLDRIVER | [blog.google](https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag/) |
| 20 JULY | US CYBERCOM | Cyber National Mission Force discloses IOCs from Ukrainian networks | [cybercom.mil](https://www.cybercom.mil/Media/News/Article/3098856/cyber-national-mission-force-discloses-iocs-from-ukrainian-networks/) |
| 20 JULY | Mandiant | UNC1151 and suspected UNC2589 operations leveraging phishing with malicious documents leading to malware infection chains with themes related to public safety and humanitarian emergencies | [mandiant.com](https://www.mandiant.com/resources/spear-phish-ukrainian-entities) |
| 20 JULY | CERT-UA | UAC-0120 - Cyber attack on state organizations of Ukraine using the OK theme "South" and the malicious program AgentTesla (CERT-UA#4987) | [cert.gov.ua](https://cert.gov.ua/article/861292) |
| 21 JULY | Talos | Attackers target Ukraine using GoMet backdoor | [blog.talosintelligence.com](https://blog.talosintelligence.com/attackers-target-ukraine-using-gomet/) |
| 21 JULY | CyberScoop | Cyber criminals attack Ukrainian radio network, broadcast fake message about Zelensky’s health | [cyberscoop.com](https://cyberscoop.com/hackers-infiltrate-ukrainian-radio-network-broadcast-fake-message-about-zelenskys-health/) |
| 25 JULY | CERT-UA | UAC-0041 - Mass distribution of stealers (Formbook, Snake Keylogger) and use of RelicRace/RelicSource malware as a means of delivery (CERT-UA#5056) | [cert.gov.ua](https://cert.gov.ua/article/955924) |
| 26 JULY | CERT-UA | Cyber attacks of the UAC-0010 group (Armageddon) using the malicious program GammaLoad.PS1_v2 (CERT-UA#5003,5013,5069,5071) | [cert.gov.ua](https://cert.gov.ua/article/971405) |
| 27 JULY | CERT-UA | UAC-0100 - Online fraud using the subject of "aid from the Red Cross" (CERT-UA#5063) | [cert.gov.ua](https://cert.gov.ua/article/987552) |
| 27 JULY | VxUnderground | VX-Underground uploads sample of malware used by Killnet to DDos Lithuania | [twitter.com](https://twitter.com/vxunderground/status/1552361257822478341) |
| 27 JULY | US DHS CISA | United States (CISA) and Ukraine Expand Cooperation on Cybersecurity| [cisa.gov](https://www.cisa.gov/news/2022/07/27/united-states-and-ukraine-expand-cooperation-cybersecurity) |