8.8 KiB
8.8 KiB
April Threat Reports
| Date | Source | Threat(s) | URL |
|---|---|---|---|
| 1 APR | Malwarebytes | UAC-0056 (aka SaintBear, UNC2589 and TA471) is a cyber espionage actor that has been active since early 2021 and has mainly targeted Ukraine and Georgia | blog.malwarebytes.com |
| 2 APR | Ukraine SBU | According to preliminary data, the organization of cyber sabotage was carried out by the Russian special services, and specialized hacker groups APT28, ART29, Sandworm, BerserkBear, Gamaredon, Vermin, etc. were implemented. | t.me/SBUkr |
| 3 APR | ETAC | Low-detect BlackGuard infostealer uploaded to AnyRun from Ukraine | twitter.com/BushidoToken |
| 4 APR | Intezer | Elephant Framework Delivered in Phishing Attacks Against Ukrainian Organizations | intezer.com |
| 4 APR | CERT-UA | UAC-0010 (Armageddon) cyberattack on Ukrainian state organizations, phishing w/ RAR -> HTA -> VBS | cert.gov.ua |
| 4 APR | CERT-UA | UAC-0010 (Armageddon) cyberattack on state institutions of the European Union countries, phishing w/ RAR -> LNK | cert.gov.ua |
| 5 APR | CERT-UA | UAC-0094 targets Telegram users via SMS phishing, stealing session data, the list of contacts and conversation history | cert.gov.ua |
| 5 APR | @h2jazi | RedlineStealer is taking advantage of War in Ukraine | twitter.com/h2jazi |
| 6 APR | US Department of Justice | DOJ Operation that Copied and Removed Malware Known as “Cyclops Blink” from the Botnet’s Command-And-Control Devices, Disrupting the GRU’s Control Over Thousands of Infected Devices Worldwide. | justice.gov |
| 6 APR | @youranontv | "BlackRabbit" who operates in behalf of Anonymous #OpRussia gained access to the Kremlin CCTV system | twitter.com/youranontv |
| 7 APR | @iiyonite | IT ARMY of Ukraine breached a database of Rossgram beta sign-ups (Russian Instagram clone), then created a fake Rossgram app, send invites to said beta users, then pushed notifications out to those users that Rossgram was hacked and then leaked the data of the beta users | twitter.com/iiyonite |
| 7 APR | @h2jazi | CloudAtlas APT maldoc: "Composition_of_the_State_Defense_Committee_of_Donetsk_People_Republic.doc" | twitter.com/h2jazi |
| 7 APR | Facebook/Meta | Government-linked actors from Russia and Belarus engaged in cyber espionage and covert influence operations online. This activity included interest in the Ukrainian telecom industry; both global and Ukrainian defense and energy sectors; tech platforms; and journalists and activists in Ukraine, Russia, and abroad | about.fb.com |
| 8 APR | Microsoft | Microsoft took down Strontium domains using this infrastructure for phishing to target Ukrainian institutions including media organizations. It was also targeting government institutions and think tanks in the United States and the European Union involved in foreign policy | blogs.microsoft.com |
| 8 APR | MFA Finland | Russia accused of disruptions in the Foreign Ministry's online services: Um[.]fi and Finlanabroad[.]fi sites were targeted by DDoS | twitter.com/Ulkoministerio |
| 12 APR | CERT-UA | Sandworm launched Industroyer2 and CaddyWiper against Ukrainian Electrical Energy Facilities | cert.gov.ua |
| 12 APR | ESET | Sandworm's attack used an ICS-capable malware and regular disk wipers for Windows, Linux and Solaris operating systems | welivesecurity.com |
| 14 APR | CERT-UA | UAC-0097 Cyberattack on Ukrainian state organizations using XSS exploit vulnerability in Zimbra Collaboration Suite (CVE-2018-6882) | cert.gov.ua |
| 14 APR | CERT-UA | UAC-0098 Cyberattack on Ukrainian state organizations using icedID malware | cert.gov.ua |
| 18 APR | CERT-UA | UAC-0098 Cyberattack on Ukrainian state organizations using the Azovstal theme and the Cobalt Strike Beacon | cert.gov.ua |
| 19 APR | CERT-UA | Online fraud using the subject of "financial assistance from EU countries" | cert.gov.ua |
| 20 APR | Symantec | Shuckworm/Gamaredon/UAC-0010: Espionage Group Continues Intense Campaign Against Ukraine | symantec.com |
| 20 APR | TheRecord | Interview with Natalia Tkachuk, head of the Information Security and Cybersecurity Service — part of the National Security and Defense Council of Ukraine | therecord.media |
| 22 APR | SSSCIP Ukraine | UAC-0010 (aka Armageddon), UAC-0051 (aka UNC1151), UAC-0028 (aka APT28) are the top three groups that have waged the most number of cyberattacks on Ukrainian infrastructure | twitter.com/dsszzi |
| 23 APR | SSSCIP Ukraine | Details about Sandworm attacks against the Ukrainian electricity sector | twitter.com/dsszzi |
| 25 APR | BitDefender | Deep Dive into the Elephant Framework – A New Cyber Threat in Ukraine | bitdefender.com |
| 26 APR | CERT-UA | UAC-0056 group cyberattack using GraphSteel and GrimPlant malware and COVID-19 topics, the sending of e-mails was made from the compromised account of an employee of the state body of Ukraine | cert.gov.ua |
| 26 APR | SSSCIP Ukraine | In Q1 2022, CERT-UA recorded 802 cyberattacks against the Government and Defense sector of Ukraine. Also, the five most attacked industries included the financial sector, telecommunications, and software developers, as well as the logistics and energy sector | twitter.com/dsszzi |
| 27 APR | Microsoft | STRONTIUM, IRIDIUM, DEV-0586, NOBELIUM, ACTINIUM, BROMINE, KRYPTON, SEABORGIUM, DEV-0257 (some aliases in the report) | blogs.microsoft.com |
| 28 APR | CERT-UA | UAC-0101 DDoS attacks using malicious JavaScript code (dubbed BrownFlood) which is placed on compromised websites (mainly running WordPress) | cert.gov.ua |
| 28 APR | Fortinet | Analysis of WhisperGate, HermeticWiper, IsaacWiper, CaddyWiper, DoupleZero, AcidRain | fortinet.com |
| 28 APR | Mandiant | Since early 2021, Mandiant has been tracking extensive APT29 phishing campaigns targeting diplomatic organizations in Europe, the Americas, and Asia. APT29 has developed two new malware families in 2022, BEATDROP and BOOMMIC. The group's latest detection evasion techniques includes the abuse of Atlassian's Trello service | mandiant.com |
| 28 APR | CERT-UA | UAC-0098 cyberattack on Ukrainian state authorities using metasploit framework | cert.gov.ua |
| 29 APR | Trustwave | Stormous: The Pro-Russian, Clout Hungry Ransomware Gang Targets the US and Ukraine | trustwave.com |
| 29 APR | ATTACKIQ | Attack Graph Response to UNC1151 Continued Targeting of Ukraine | attackiq.com |