Ukraine-Cyber-Operations/Threat Reports/May.md

May Threat Reports

Date	Source	Threat(s)	URL
2 MAY	@h2jazi	UAC-0056 (aka TA471, UNC2589, SaintBear, EmberBear) APT activity is using Covid19 as lure to target Ukraine	twitter.com/h2jazi
2 MAY	TheRecord by Recorded Future	Russia reroutes internet in occupied Ukrainian territory through Russian telcos	therecord.media
2 MAY	SSSCIP Ukraine	The official website of Lviv Regional Administration was hit by a concentrated DDoS attack, even though the Russian army is focused on capturing the East. The attack on the Lviv RA website lasted over 12 hours	cip.gov.ua
3 MAY	Google TAG	APT28 (FancyBear), Turla, COLDRIVER (Callisto), Ghostwriter (UNC1151), Curious Gorge (China PLA SSF)	blog.google
3 MAY	Washington Post	CIA instructs Russians on how to share secrets with the spy agency	washingtonpost.com
6 MAY	CERT-UA	APT28 cyberattack using CredoMap_v2 malware	cert.gov.ua
7 MAY	CERT-UA	Mass distribution of JesterStealer malware using chemical attack themes	cert.gov.ua
7 MAY	SSSCIP	While Odessa is being assaulted by Russian tropps, messages in Russian online resources appeared and ordered attacks on the Odesa City Council website	twitter.com/dsszzi
8 MAY	IronNet	Tracking Cobalt Strike Servers Used in Cyberattacks on Ukraine	ironnet.com
10 MAY	@h2jazi	Maldoc with CVE-2021-40444 exploit called "The increasingly complicated Russia-Ukraine crisis explained.docx"	twitter.com/h2jazi
10 MAY	US State Department	Attribution of Russia’s Malicious Cyber Activity Against Ukraine	state.gov
10 MAY	European Union	Russian cyber operations against Ukraine: Declaration by the High Representative on behalf of the European Union	consilium.europa.eu
11 MAY	@BitsOfBinary	Quasar RAT sample called "US and Allies provide chemical weapons to Ukraine's military.pdf.exe"	twitter.com/bitsofbinary
11 MAY	ZDnet	Posting a link to a story about the Viasat attack, Elon Musk noted on Twitter: "Starlink has resisted Russian cyberwar jamming & hacking attempts so far, but they're ramping up their efforts."	zdnet.com