locsec/Ukraine-Cyber-Operations
1
Форкнуть 0
Код Задачи Запросы на слияние Действия Пакеты Проекты Релизы Вики Активность
Ukraine-Cyber-Operations/Threat Reports/July.md
Kyle c5df6a083f Updated Threat Report Timelines 
Updated Threat Report Timelines
2023-03-14 14:18:44 -04:00

20 строки
4.4 KiB
Markdown
Исходник Ответственный История

Этот файл содержит неоднозначные символы Юникода

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#### `July Threat Reports`
| Date | Source | Threat(s) | URL |
| --- | --- | --- | --- |
| 5 JULY | CNN | Russian hacktivist group XakNet carried out a cyberattack on Ukraine's biggest private energy conglomerate, DTEK, in retaliation for its owner's opposition to Russia's war in Ukraine | [cnn.com](https://edition.cnn.com/2022/07/01/politics/russia-ukraine-dtek-hack/index.html) |
| 7 JULY | IBM Security X-Force | IBM has uncovered evidence indicating that the Russia-based cybercriminal “Trickbot group” has launched attacks on Ukraine since the Russian invasion — an unprecedented shift as the group had not previously targeted Ukraine (as RU eCrime usually avoids CIS countries) | [securityintelligence.com](https://securityintelligence.com/posts/trickbot-group-systematically-attacking-ukraine/) |
| 8 JULY | Google TAG | The Turla APT group created a fake Android app (APK) designed to look like a DDoS hacktivist tool developed by the Ukrainian Azov Regiment. The APKs we have seen were hosted on a Turla controlled domain with links disseminated through 3rd party messaging services. They were not hosted on the Play Store. | [twitter.com/billyleonard](https://twitter.com/billyleonard/status/1545461166377508865) |
| 14 JULY | SSSCIP of Ukraine | SSSCIP published its statistics on vulnerability detection and cyber incidents for Q2 2022. Top APT groups includes UAC-0010, UAC-0056, UAC-0028, UAC-0098, UAC-0082/UAC-0113 | [scpc.gov.ua](https://scpc.gov.ua/api/docs/19b0a96e-8c31-44bf-863e-cd3e0b651f21/19b0a96e-8c31-44bf-863e-cd3e0b651f21.pdf) |
| 18 JULY | Malwarebytes | UAC-0056 (AKA UNC2589, TA471, EmberBear, Lorec53) has repeatedly targeted the government entities in Ukraine via phishing campaigns, macro-docs, and Cobalt Strike Beacons | [blog.malwarebytes.com](https://blog.malwarebytes.com/threat-intelligence/2022/07/cobalt-strikes-again-uac-0056-continues-to-target-ukraine-in-its-latest-campaign/) |
| 19 JULY | Google TAG | Development of attack techniques of the UNC1151/Ghostwriter group | [cert.pl](https://cert.pl/posts/2022/07/techniki-unc1151/) |
| 19 JULY | CERT-PL | Continued cyber activity in Eastern Europe observed by TAG: Turla APKs, Follina vulnerability, Ghostwriter/UNC1151, COLDRIVER | [blog.google](https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag/) |
| 20 JULY | US CYBERCOM | Cyber National Mission Force discloses IOCs from Ukrainian networks | [cybercom.mil](https://www.cybercom.mil/Media/News/Article/3098856/cyber-national-mission-force-discloses-iocs-from-ukrainian-networks/) |
| 20 JULY | Mandiant | UNC1151 and suspected UNC2589 operations leveraging phishing with malicious documents leading to malware infection chains with themes related to public safety and humanitarian emergencies | [mandiant.com](https://www.mandiant.com/resources/spear-phish-ukrainian-entities) |
| 20 JULY | CERT-UA | UAC-0120 - Cyber attack on state organizations of Ukraine using the OK theme "South" and the malicious program AgentTesla (CERT-UA#4987) | [cert.gov.ua](https://cert.gov.ua/article/861292) |
| 21 JULY | Talos | Attackers target Ukraine using GoMet backdoor | [blog.talosintelligence.com](https://blog.talosintelligence.com/attackers-target-ukraine-using-gomet/) |
| 21 JULY | CyberScoop | Cyber criminals attack Ukrainian radio network, broadcast fake message about Zelenskys health | [cyberscoop.com](https://cyberscoop.com/hackers-infiltrate-ukrainian-radio-network-broadcast-fake-message-about-zelenskys-health/) |
| 25 JULY | CERT-UA | UAC-0041 - Mass distribution of stealers (Formbook, Snake Keylogger) and use of RelicRace/RelicSource malware as a means of delivery (CERT-UA#5056) | [cert.gov.ua](https://cert.gov.ua/article/955924) |
| 26 JULY | CERT-UA | Cyber attacks of the UAC-0010 group (Armageddon) using the malicious program GammaLoad.PS1_v2 (CERT-UA#5003,5013,5069,5071) | [cert.gov.ua](https://cert.gov.ua/article/971405) |
| 27 JULY | CERT-UA | UAC-0100 - Online fraud using the subject of "aid from the Red Cross" (CERT-UA#5063) | [cert.gov.ua](https://cert.gov.ua/article/987552) |
| 27 JULY | VxUnderground | VX-Underground uploads sample of malware used by Killnet to DDos Lithuania | [twitter.com](https://twitter.com/vxunderground/status/1552361257822478341) |
| 27 JULY | US DHS CISA | United States (CISA) and Ukraine Expand Cooperation on Cybersecurity| [cisa.gov](https://www.cisa.gov/news/2022/07/27/united-states-and-ukraine-expand-cooperation-cybersecurity) |
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку