New Russian Malware Targets Ukraine 

Uploaded on 2023-02-13 in INTELLIGENCE-Hot Spots-Russia, GOVERNMENT-Defence, FREE TO VIEW

A year after Russia launched its full-scale invasion of Ukraine, Russia remains unsuccessful in bringing Ukraine under its control as it struggles to overcome months of compounding strategic and tactical failures. Despite these challenges, Russia’s intent remains unchanged - leaving Ukraine and the international community in a state of heightened risk.

The crisis between NATO countries and Russia following Russia’s invasion of Ukraine has involved aggressive rhetoric, military warnings, sabotage of critical infrastructure, nuclear threats and cyber attacks.

Russian military’s most prolific hacking units continue to use destructive malware attack against Ukrainian and now security researchers have found a new information-stealing malware variant that is targeting Ukrainian organisations as Russia is getting ready for a new war offensive. 

The data-stealer has been named Graphiron and has been linked to the Russia Nodaria group. Symantec, the security firm that found the information stealer, states that the group has been active since at least March 2021. 
Like earlier info-stealing tools used by the group, such as GraphSteel and GrimPlant, Graphiron is written in Go, communicates with a C&C server using port 443, and is likely deployed via spear-phishing emails.

Nodaria was first recognised for the WhisperGate attacks that targeted Ukrainian organisations at the beginning of the conflict.

Similar to other exploits used by the group, Graphiron is written in Go and likely deployed via spear phishing emails. The malware consists of a downloader and a payload and can steal data such as system information, files, screenshots, and credentials. Security experts have warned of a new slate of cyber attacks on Ukrainian critical infrastructure ahead of a Russian offensive in Donbas. 

The threat intelligence experts at Recorded Future said wiper attacks had been a feature of the winter so far, echoing activity seen before the start of the war. “Russian state-sponsored cyber threat actors, as well as pro-Russian cyber criminals and hacktivists, will almost certainly support this campaign through continued targeting of Ukrainian critical infrastructure, at least in part in an attempt to further degrade Ukraine’s morale and will to fight.” 

It will continue not only to draw upon hacktivists and cyber crime groups to attack allied countries with plausible deniability, but also pro-Russia influence networks in an attempt to win the information war, the report claimed.

Council on Foreign Relations:    Recorded Future:   Oodaloop:   

Infosecurity Magazine:   Bleeping Computer:    Cyberscoop

You Might Also Read: 

Ukraine Signs Cyber Security Deal With NATO:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Specialist Marine Cyber Insurance For Ports & Vessels
Rising Cybercrime Means SMEs Should Seek Cyber Insurance »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Pervade Software

Pervade Software

Pervade Software is a global provider of dedicated compliance tracking software with monitoring & reporting capabilities.

IP Performance

IP Performance

IP Performance Limited is a leading supplier of customised network infrastructure and security solutions.

Professional Information Security Association (PISA)

Professional Information Security Association (PISA)

PISA is an independent and not-for-profit organization for information security professionals, with the primary objective of promoting information security awareness and best practice.

L J Kushner & Associates

L J Kushner & Associates

L.J. Kushner is a leading Information Security recruiting firm.

Cyberwatch

Cyberwatch

Cyberwatch is a Vulnerability Scanner & Fixer software that helps you to detect and fix the vulnerabilities of your Information System.

Atomicorp

Atomicorp

Atomicorp, the leader in Secure Linux, is a developer of solutions for the protection and support of cloud, virtual, shared, and dedicated web hosting environments.

RedLock

RedLock

The RedLock Cloud 360TM platform correlates disparate security data sets to provide a unified view of risks across fragmented cloud environments.

Sikur

Sikur

Sikur have developed a communication platform that sets new boundaries for corporate privacy and security.

Micro Strategies Inc.

Micro Strategies Inc.

Micro Strategies provides IT solutions that help businesses tackle digital transformation in style.

Healthcare Fraud Shield (HCFS)

Healthcare Fraud Shield (HCFS)

The focus of Healthcare Fraud Shield is solely on healthcare fraud prevention and payment integrity with a successful approach based on many unique advantages we deliver to our clients.

CybrHawk

CybrHawk

CybrHawk is a leading provider of information security-driven risk intelligence solutions focused solely on protecting clients from cyber-attacks.

DeFY Security

DeFY Security

DeFY Security is a Cyber Security solutions provider with more than 20 years of experience securing financial institutions, healthcare, manufacturing and retail.

ramsac

ramsac

ramsac provide secure, resilient IT management, cybersecurity, 24 hour support and IT strategy to businesses in London and the South East.

Creative ITC

Creative ITC

Creative ITC is a leading infrastructure and cloud enablement company. We design and deliver exceptional managed services and cloud solutions.

Execweb

Execweb

Execweb are a cybersecurity executive network, comprised of 400+ security practitioners who work at Fortune 500 and SME companies.

WinMagic

WinMagic

At WinMagic, we’re dedicated to making authentication and encryption solutions that protect data without causing user friction so that everyone can work freely and securely.