New Russian Malware Targets Ukraine 

Uploaded on 2023-02-13 in INTELLIGENCE-Hot Spots-Russia, GOVERNMENT-Defence, FREE TO VIEW

A year after Russia launched its full-scale invasion of Ukraine, Russia remains unsuccessful in bringing Ukraine under its control as it struggles to overcome months of compounding strategic and tactical failures. Despite these challenges, Russia’s intent remains unchanged - leaving Ukraine and the international community in a state of heightened risk.

The crisis between NATO countries and Russia following Russia’s invasion of Ukraine has involved aggressive rhetoric, military warnings, sabotage of critical infrastructure, nuclear threats and cyber attacks.

Russian military’s most prolific hacking units continue to use destructive malware attack against Ukrainian and now security researchers have found a new information-stealing malware variant that is targeting Ukrainian organisations as Russia is getting ready for a new war offensive. 

The data-stealer has been named Graphiron and has been linked to the Russia Nodaria group. Symantec, the security firm that found the information stealer, states that the group has been active since at least March 2021. 
Like earlier info-stealing tools used by the group, such as GraphSteel and GrimPlant, Graphiron is written in Go, communicates with a C&C server using port 443, and is likely deployed via spear-phishing emails.

Nodaria was first recognised for the WhisperGate attacks that targeted Ukrainian organisations at the beginning of the conflict.

Similar to other exploits used by the group, Graphiron is written in Go and likely deployed via spear phishing emails. The malware consists of a downloader and a payload and can steal data such as system information, files, screenshots, and credentials. Security experts have warned of a new slate of cyber attacks on Ukrainian critical infrastructure ahead of a Russian offensive in Donbas. 

The threat intelligence experts at Recorded Future said wiper attacks had been a feature of the winter so far, echoing activity seen before the start of the war. “Russian state-sponsored cyber threat actors, as well as pro-Russian cyber criminals and hacktivists, will almost certainly support this campaign through continued targeting of Ukrainian critical infrastructure, at least in part in an attempt to further degrade Ukraine’s morale and will to fight.” 

It will continue not only to draw upon hacktivists and cyber crime groups to attack allied countries with plausible deniability, but also pro-Russia influence networks in an attempt to win the information war, the report claimed.

Council on Foreign Relations:    Recorded Future:   Oodaloop:   

Infosecurity Magazine:   Bleeping Computer:    Cyberscoop

You Might Also Read: 

Ukraine Signs Cyber Security Deal With NATO:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Specialist Marine Cyber Insurance For Ports & Vessels
Rising Cybercrime Means SMEs Should Seek Cyber Insurance »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

authen2cate

authen2cate

Authen2cate offers a simple way to provide application access with our Identity and Access Management (IAM) solutions for enterprise, small business, and individual customers alike.

AlgoSec

AlgoSec

The AlgoSec platform enables the world’s most complex organizations to gain visibility, reduce risk and process changes at zero-touch across the hybrid network.

Security Weekly

Security Weekly

Security Weekly provides free content within the subject areas of IT security news, vulnerabilities, hacking, and research.

Adeptis Group

Adeptis Group

Adeptis are experts in cyber security recruitment, providing bespoke staffing solutions to safeguard your organisation against ever-changing cyber threats.

QuintessenceLabs

QuintessenceLabs

QuintessenceLabs offers a suite of Data Security technology, products and solutions to secure digital information in-transit, at-rest or in-use.

Smokescreen

Smokescreen

Smokescreen's IllusionBLACK employs deception technology to detect, deflect and defeat advanced hacker attacks.

Corsa Security

Corsa Security

Corsa Security is leading the transformation of network security with a private cloud approach that helps scale network security services with unwavering performance and flexibility.

Isovalent

Isovalent

Isovalent deliver the most advanced Kubernetes networking & security capabilities to the most demanding of enterprise users.

Datenschutz Schmidt

Datenschutz Schmidt

Datenschutz Schmidt is a service provider with many years of experience, we support you in complying with numerous data protection guidelines, requirements and laws.

Moviri

Moviri

Moviri combines security technology engineering, intelligence expertise and our data science DNA to help companies manage digital risk end-to-end.

Wickr

Wickr

Wickr's mission is to secure the world's most critical communications. Wickr provides the highest standard of encryption trusted by millions worldwide.

Legit Security

Legit Security

Legit Security's mission is to secure every organization's software factory by protecting the pipelines, infrastructure, code and people for faster and more secure software releases.

Brightsolid

Brightsolid

Brightsolid are experts in Hybrid Cloud. We design, build and manage secure, scalable cloud environments that meet customers’ business ambitions.

Avocado Consulting

Avocado Consulting

Avocado helps clients deliver with certainty on their complex IT change, with technology services that automate, monitor and optimise.

NexGen Cyber

NexGen Cyber

NexGen Cyber helps customers in commercial SMB markets with IT security, security integration, service management, outsourced service transition, and transformative security solutions.

CyberXpert

CyberXpert

CyberXpert is your cybersecurity partner for the public and private sector in Belgium.