6.2 KiB
6.2 KiB
May Threat Reports
| Date | Source | Threat(s) | URL |
|---|---|---|---|
| 2 MAY | @h2jazi | UAC-0056 (aka TA471, UNC2589, SaintBear, EmberBear) APT activity is using Covid19 as lure to target Ukraine | twitter.com/h2jazi |
| 2 MAY | TheRecord by Recorded Future | Russia reroutes internet in occupied Ukrainian territory through Russian telcos | therecord.media |
| 2 MAY | SSSCIP Ukraine | The official website of Lviv Regional Administration was hit by a concentrated DDoS attack, even though the Russian army is focused on capturing the East. The attack on the Lviv RA website lasted over 12 hours | cip.gov.ua |
| 3 MAY | Google TAG | APT28 (FancyBear), Turla, COLDRIVER (Callisto), Ghostwriter (UNC1151), Curious Gorge (China PLA SSF) | blog.google |
| 3 MAY | Washington Post | CIA instructs Russians on how to share secrets with the spy agency | washingtonpost.com |
| 6 MAY | CERT-UA | APT28 cyberattack using CredoMap_v2 malware | cert.gov.ua |
| 7 MAY | CERT-UA | Mass distribution of JesterStealer malware using chemical attack themes | cert.gov.ua |
| 7 MAY | SSSCIP | While Odessa is being assaulted by Russian tropps, messages in Russian online resources appeared and ordered attacks on the Odesa City Council website | twitter.com/dsszzi |
| 8 MAY | IronNet | Tracking Cobalt Strike Servers Used in Cyberattacks on Ukraine | ironnet.com |
| 10 MAY | @h2jazi | Maldoc with CVE-2021-40444 exploit called "The increasingly complicated Russia-Ukraine crisis explained.docx" | twitter.com/h2jazi |
| 10 MAY | US State Department | Attribution of Russia’s Malicious Cyber Activity Against Ukraine | state.gov |
| 10 MAY | European Union | Russian cyber operations against Ukraine: Declaration by the High Representative on behalf of the European Union | consilium.europa.eu |
| 11 MAY | @BitsOfBinary | Quasar RAT sample called "US and Allies provide chemical weapons to Ukraine's military.pdf.exe" | twitter.com/bitsofbinary |
| 11 MAY | ZDnet | Posting a link to a story about the Viasat attack, Elon Musk noted on Twitter: "Starlink has resisted Russian cyberwar jamming & hacking attempts so far, but they're ramping up their efforts." | zdnet.com |
| 12 MAY | TheRecord | The websites of Italy’s parliament, military and National Health Institute faced disruptions on Thursday by a pro-Russian hacking group previously implicated in a similar cyberattack on the Romanian government | therecord.media |
| 12 MAY | CERT-UA | Uac-0010 (Armageddon) cyberattacks using GammaLoad.PS1_v2 malware | cert.gov.ua |
| 12 MAY | Cisco | Network Footprints of Gamaredon Group | blogs.cisco.com |
| 12 MAY | Blackberry | Threat Thursday: Malware Rebooted - How Industroyer2 Takes Aim at Ukraine Infrastructure | blogs.blackberry.com |
| 13 MAY | SSSCIP of Ukraine | Invaders use blackmailing and intimidation to force Ukrainian Internet service providers to connect to russian networks | cip.gov.ua |
| 14 MAY | CERT-UA | Online fraud using the topic of "monetary assistance within the framework of the UN social program" | cert.gov.ua |
| 16 MAY | @h2jazi | Gamaredon APT's self-extracting archive files | twitter.com/h2jazi |
| 16 MAY | Malwayrebytes | Custom PowerShell RAT targets Germans seeking information about the Ukraine crisis | blog.malwarebytes.com |
| 17 MAY | CyberPolice of Ukraine | Cyber police have arrested a fraudster hacking social media accounts who defrauded at least 50 people for more than 200k hryvnias | cyberpolice.gov.ua |
| 18 MAY | SSSCIP of Ukraine | On 9 May 2022, SSSCIP observed a large-scale DDoS attack on the sites of leading Ukrainian telecom operators | twitter.com/dsszzi |
| 19 MAY | Mandiant | The IO Offensive: Information Operations Surrounding the Russian Invasion of Ukraine | mandiant.com |
| 19 MAY | CyberKnow | Overview of KillNet: Pro-Russian Hacktivists | cyberknow.medium.com |
| 20 MAY | ESET | Sandworm continues attacks in Ukraine, ESET found an evolution of a malware loader dubbed ArguePatch used during the Industroyer2 attacks. ArguePatch was used to launch CaddyWiper | twitter.com/esetresearch |