2.7 KiB
2.7 KiB
July Threat Reports
| Date | Source | Threat(s) | URL |
|---|---|---|---|
| 5 JULY | CNN | Russian hacktivist group XakNet carried out a cyberattack on Ukraine's biggest private energy conglomerate, DTEK, in retaliation for its owner's opposition to Russia's war in Ukraine | cnn.com |
| 7 JULY | IBM Security X-Force | IBM has uncovered evidence indicating that the Russia-based cybercriminal “Trickbot group” has launched attacks on Ukraine since the Russian invasion — an unprecedented shift as the group had not previously targeted Ukraine (as RU eCrime usually avoids CIS countries) | securityintelligence.com |
| 8 JULY | Google TAG | The Turla APT group created a fake Android app (APK) designed to look like a DDoS hacktivist tool developed by the Ukrainian Azov Regiment. The APKs we have seen were hosted on a Turla controlled domain with links disseminated through 3rd party messaging services. They were not hosted on the Play Store. | twitter.com/billyleonard |
| 14 JULY | SSSCIP of Ukraine | SSSCIP published its statistics on vulnerability detection and cyber incidents for Q2 2022. Top APT groups includes UAC-0010, UAC-0056, UAC-0028, UAC-0098, UAC-0082/UAC-0113 | scpc.gov.ua |
| 18 JULY | Malwarebytes | UAC-0056 (AKA UNC2589, TA471, EmberBear, Lorec53) has repeatedly targeted the government entities in Ukraine via phishing campaigns, macro-docs, and Cobalt Strike Beacons | blog.malwarebytes.com |
| 19 JULY | Google TAG | Continued cyber activity in Eastern Europe observed by TAG: Turla APKs, Follina vulnerability, Ghostwriter/UNC1151, COLDRIVER | blog.google |
| 20 JULY | US CYBERCOM | Cyber National Mission Force discloses IOCs from Ukrainian networks | cybercom.mil |
| 20 JULY | Mandiant | UNC1151 and suspected UNC2589 operations leveraging phishing with malicious documents leading to malware infection chains with themes related to public safety and humanitarian emergencies | mandiant.com |