4.4 KiB
4.4 KiB
July Threat Reports
| Date | Source | Threat(s) | URL |
|---|---|---|---|
| 5 JULY | CNN | Russian hacktivist group XakNet carried out a cyberattack on Ukraine's biggest private energy conglomerate, DTEK, in retaliation for its owner's opposition to Russia's war in Ukraine | cnn.com |
| 7 JULY | IBM Security X-Force | IBM has uncovered evidence indicating that the Russia-based cybercriminal “Trickbot group” has launched attacks on Ukraine since the Russian invasion — an unprecedented shift as the group had not previously targeted Ukraine (as RU eCrime usually avoids CIS countries) | securityintelligence.com |
| 8 JULY | Google TAG | The Turla APT group created a fake Android app (APK) designed to look like a DDoS hacktivist tool developed by the Ukrainian Azov Regiment. The APKs we have seen were hosted on a Turla controlled domain with links disseminated through 3rd party messaging services. They were not hosted on the Play Store. | twitter.com/billyleonard |
| 14 JULY | SSSCIP of Ukraine | SSSCIP published its statistics on vulnerability detection and cyber incidents for Q2 2022. Top APT groups includes UAC-0010, UAC-0056, UAC-0028, UAC-0098, UAC-0082/UAC-0113 | scpc.gov.ua |
| 18 JULY | Malwarebytes | UAC-0056 (AKA UNC2589, TA471, EmberBear, Lorec53) has repeatedly targeted the government entities in Ukraine via phishing campaigns, macro-docs, and Cobalt Strike Beacons | blog.malwarebytes.com |
| 19 JULY | Google TAG | Development of attack techniques of the UNC1151/Ghostwriter group | cert.pl |
| 19 JULY | CERT-PL | Continued cyber activity in Eastern Europe observed by TAG: Turla APKs, Follina vulnerability, Ghostwriter/UNC1151, COLDRIVER | blog.google |
| 20 JULY | US CYBERCOM | Cyber National Mission Force discloses IOCs from Ukrainian networks | cybercom.mil |
| 20 JULY | Mandiant | UNC1151 and suspected UNC2589 operations leveraging phishing with malicious documents leading to malware infection chains with themes related to public safety and humanitarian emergencies | mandiant.com |
| 20 JULY | CERT-UA | UAC-0120 - Cyber attack on state organizations of Ukraine using the OK theme "South" and the malicious program AgentTesla (CERT-UA#4987) | cert.gov.ua |
| 21 JULY | Talos | Attackers target Ukraine using GoMet backdoor | blog.talosintelligence.com |
| 21 JULY | CyberScoop | Cyber criminals attack Ukrainian radio network, broadcast fake message about Zelensky’s health | cyberscoop.com |
| 25 JULY | CERT-UA | UAC-0041 - Mass distribution of stealers (Formbook, Snake Keylogger) and use of RelicRace/RelicSource malware as a means of delivery (CERT-UA#5056) | cert.gov.ua |
| 26 JULY | CERT-UA | Cyber attacks of the UAC-0010 group (Armageddon) using the malicious program GammaLoad.PS1_v2 (CERT-UA#5003,5013,5069,5071) | cert.gov.ua |
| 27 JULY | CERT-UA | UAC-0100 - Online fraud using the subject of "aid from the Red Cross" (CERT-UA#5063) | cert.gov.ua |
| 27 JULY | VxUnderground | VX-Underground uploads sample of malware used by Killnet to DDos Lithuania | twitter.com |
| 27 JULY | US DHS CISA | United States (CISA) and Ukraine Expand Cooperation on Cybersecurity | cisa.gov |