locsec/Ukraine-Cyber-Operations
1
Форкнуть 0
Код Задачи Запросы на слияние Действия Пакеты Проекты Релизы Вики Активность
Ukraine-Cyber-Operations/Threat Reports/April.md
BushidoToken f457bdb865
Update April.md
2022-05-03 21:48:48 +01:00

37 строки
8.2 KiB
Markdown
Исходник Ответственный История

Этот файл содержит неоднозначные символы Юникода

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#### `April Threat Reports`
| Date | Source | Threat(s) | URL |
| --- | --- | --- | --- |
| 1 APR | Malwarebytes | UAC-0056 (aka SaintBear, UNC2589 and TA471) is a cyber espionage actor that has been active since early 2021 and has mainly targeted Ukraine and Georgia | [blog.malwarebytes.com](https://blog.malwarebytes.com/threat-intelligence/2022/04/new-uac-0056-activity-theres-a-go-elephant-in-the-room/) |
| 2 APR | Ukraine SBU | According to preliminary data, the organization of cyber sabotage was carried out by the Russian special services, and specialized hacker groups APT28, ART29, Sandworm, BerserkBear, Gamaredon, Vermin, etc. were implemented. | [t.me/SBUkr](https://t.me/SBUkr/4043) |
| 3 APR | ETAC | Low-detect BlackGuard infostealer uploaded to AnyRun from Ukraine | [twitter.com/BushidoToken](https://twitter.com/BushidoToken/status/1510619652946378754) |
| 4 APR | Intezer | Elephant Framework Delivered in Phishing Attacks Against Ukrainian Organizations | [intezer.com](https://www.intezer.com/blog/research/elephant-malware-targeting-ukrainian-orgs/) |
| 4 APR | CERT-UA | UAC-0010 (Armageddon) cyberattack on Ukrainian state organizations, phishing w/ RAR -> HTA -> VBS | [cert.gov.ua](https://cert.gov.ua/article/39138) |
| 4 APR | CERT-UA | UAC-0010 (Armageddon) cyberattack on state institutions of the European Union countries, phishing w/ RAR -> LNK | [cert.gov.ua](https://cert.gov.ua/article/39086) |
| 5 APR | CERT-UA | UAC-0094 targets Telegram users via SMS phishing, stealing session data, the list of contacts and conversation history | [cert.gov.ua](https://cert.gov.ua/article/39253) |
| 5 APR | @h2jazi | RedlineStealer is taking advantage of War in Ukraine | [twitter.com/h2jazi](https://twitter.com/h2jazi/status/1511473962315919362?s=21&t=4UqYDl6bWvvNPPS9NG4TOQ) |
| 6 APR | US Department of Justice | DOJ Operation that Copied and Removed Malware Known as “Cyclops Blink” from the Botnets Command-And-Control Devices, Disrupting the GRUs Control Over Thousands of Infected Devices Worldwide. | [justice.gov](https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-disruption-botnet-controlled-russian-federation) |
| 6 APR | @youranontv | "BlackRabbit" who operates in behalf of Anonymous #OpRussia gained access to the Kremlin CCTV system | [twitter.com/youranontv](https://twitter.com/youranontv/status/1511656225687154688) |
| 7 APR | @iiyonite | IT ARMY of Ukraine breached a database of Rossgram beta sign-ups (Russian Instagram clone), then created a fake Rossgram app, send invites to said beta users, then pushed notifications out to those users that Rossgram was hacked and then leaked the data of the beta users | [twitter.com/iiyonite](https://twitter.com/iiyonite/status/1512001395255357443) |
| 7 APR | @h2jazi | CloudAtlas APT maldoc: "Composition_of_the_State_Defense_Committee_of_Donetsk_People_Republic.doc" | [twitter.com/h2jazi](https://twitter.com/h2jazi/status/1512076989556961286?s=21&t=zdqFNbXN9GnKZiKQNp-UqQ) |
| 7 APR | Facebook/Meta | Government-linked actors from Russia and Belarus engaged in cyber espionage and covert influence operations online. This activity included interest in the Ukrainian telecom industry; both global and Ukrainian defense and energy sectors; tech platforms; and journalists and activists in Ukraine, Russia, and abroad | [about.fb.com](https://about.fb.com/wp-content/uploads/2022/04/Meta-Quarterly-Adversarial-Threat-Report_Q1-2022.pdf) |
| 8 APR | Microsoft | Microsoft took down Strontium domains using this infrastructure for [phishing](https://twitter.com/dacuddy/status/1512193359602888725) to target Ukrainian institutions including media organizations. It was also targeting government institutions and think tanks in the United States and the European Union involved in foreign policy | [blogs.microsoft.com](https://blogs.microsoft.com/on-the-issues/2022/04/07/cyberattacks-ukraine-strontium-russia/) |
| 8 APR | MFA Finland | Russia accused of disruptions in the Foreign Ministry's online services: Um[.]fi and Finlanabroad[.]fi sites were targeted by DDoS | [twitter.com/Ulkoministerio](https://twitter.com/Ulkoministerio/status/1512368322012233731?s=20&t=Eh6rnggBh4Zvn8la45AL5Q) |
| 12 APR | CERT-UA | Sandworm launched Industroyer2 and CaddyWiper against Ukrainian Electrical Energy Facilities | [cert.gov.ua](https://cert.gov.ua/article/39518) |
| 12 APR | ESET | Sandworm's attack used an ICS-capable malware and regular disk wipers for Windows, Linux and Solaris operating systems | [welivesecurity.com](https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/) |
| 14 APR | CERT-UA | UAC-0097 Cyberattack on Ukrainian state organizations using XSS exploit vulnerability in Zimbra Collaboration Suite (CVE-2018-6882) | [cert.gov.ua](https://cert.gov.ua/article/39606) |
| 14 APR | CERT-UA | UAC-0098 Cyberattack on Ukrainian state organizations using icedID malware | [cert.gov.ua](https://cert.gov.ua/article/39609) |
| 18 APR | CERT-UA | UAC-0098 Cyberattack on Ukrainian state organizations using the Azovstal theme and the Cobalt Strike Beacon | [cert.gov.ua](https://cert.gov.ua/article/39708) |
| 19 APR | CERT-UA | Online fraud using the subject of "financial assistance from EU countries" | [cert.gov.ua](https://cert.gov.ua/article/39727) |
| 20 APR | Symantec | Shuckworm/Gamaredon/UAC-0010: Espionage Group Continues Intense Campaign Against Ukraine | [symantec.com](https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-intense-campaign-ukraine) |
| 20 APR | TheRecord | Interview with Natalia Tkachuk, head of the Information Security and Cybersecurity Service — part of the National Security and Defense Council of Ukraine | [therecord.media](https://therecord.media/from-the-front-lines-of-the-first-real-cyberwar/) |
| 22 APR | SSSCIP Ukraine | UAC-0010 (aka Armageddon), UAC-0051 (aka UNC1151), UAC-0028 (aka APT28) are the top three groups that have waged the most number of cyberattacks on Ukrainian infrastructure | [twitter.com/dsszzi](https://twitter.com/dsszzi/status/1517553942678446082?s=21&t=B45Ox-B9amKu9jTt0BT8Zw) |
| 23 APR | SSSCIP Ukraine | Details about Sandworm attacks against the Ukrainian electricity sector | [twitter.com/dsszzi](https://twitter.com/dsszzi/status/1517806362495012865) |
| 25 APR | BitDefender | Deep Dive into the Elephant Framework – A New Cyber Threat in Ukraine | [bitdefender.com](https://businessinsights.bitdefender.com/deep-dive-into-the-elephant-framework-a-new-cyber-threat-in-ukraine) |
| 26 APR | CERT-UA | UAC-0056 group cyberattack using GraphSteel and GrimPlant malware and COVID-19 topics, the sending of e-mails was made from the compromised account of an employee of the state body of Ukraine | [cert.gov.ua](https://cert.gov.ua/article/39882) |
| 26 APR | SSSCIP Ukraine | In Q1 2022, CERT-UA recorded 802 cyberattacks against the Government and Defense sector of Ukraine. Also, the five most attacked industries included the financial sector, telecommunications, and software developers, as well as the logistics and energy sector | [twitter.com/dsszzi](https://twitter.com/dsszzi/status/1518950677602619395?s=20&t=GHyOzg-_BdwzcfTFzwwbng) |
| 27 APR | Microsoft | STRONTIUM, IRIDIUM, DEV-0586, NOBELIUM, ACTINIUM, BROMINE, KRYPTON (aliases in the report) | [blogs.microsoft.com](https://blogs.microsoft.com/on-the-issues/2022/04/27/hybrid-war-ukraine-russia-cyberattacks/) |
| 28 APR | CERT-UA | UAC-0101 DDoS attacks using malicious JavaScript code (dubbed BrownFlood) which is placed on compromised websites (mainly running WordPress) | [cert.gov.ua](https://cert.gov.ua/article/39923) |
| 28 APR | Fortinet | Analysis of WhisperGate, HermeticWiper, IsaacWiper, CaddyWiper, DoupleZero, AcidRain | [fortinet.com](https://www.fortinet.com/blog/threat-research/the-increasing-wiper-malware-threat) |
| 29 APR | Trustwave | Stormous: The Pro-Russian, Clout Hungry Ransomware Gang Targets the US and Ukraine | [trustwave.com](https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/stormous-the-pro-russian-clout-hungry-ransomware-gang-targets-the-us-and-ukraine/) |
| 29 APR | ATTACKIQ | Attack Graph Response to UNC1151 Continued Targeting of Ukraine | [attackiq.com](https://attackiq.com/2022/04/29/attack-graph-response-to-unc1151-continued-targeting-of-ukraine/) |
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку