Ukraine's 'IT Army' Risks Being Hijacked By Malware

Uploaded on 2022-03-21 in TECHNOLOGY-Key Areas-Social Media, TECHNOLOGY--Hackers, GOVERNMENT-National, FREE TO VIEW

A new malware campaign is taking advantage of people's willingness to support Ukraine's cyber warfare against Russia to infect them with password-stealing Trojans.  

Ukraine’s vice prime minister, Mykhailo Fedorov, organised a volunteer group referred to as 'the IT army' of hackers to conduct DDoS attacks against Russian targets.

Threat actors are taking advantage of current events, such as the IT Army, to promote a fake DDoS tool on Telegram that installs a password and information-stealing Trojan.

Now security researchers have advised Ukrainian actors to beware of downloading DDoS tools to use in attacks against Russia, as they could contain information stealing malware. Cisco Talos has recently warned that cyber criminals have been seeking to exploit the support for Ukraine and installing the secret malware to get back at Ukrainian hackers. Specifically, they have detected DDoS tools available on Telegram  loaded with malware.

One of the tools offered by a group called disBalancer is offering a tool called Liberator that has been spoofed by threat actors. The malware-affected version has been spread on different platforms.

The versions detected on Telegram were found to be malware, specifically an information stealer that was designed to compromise those who wanted to use the Liberator malware. Those behind the activity have been distributing 'infostealers' since last November, stated Cisco. If Russia finds itself under persistent DDoS attack, these tactics could escalate.

Cyber security researchers have also warned that the spoofing attacks could be originating from a privateer group, a state sponsored actor, or a nation state. Russian state-backed hackers have well-established skills in causing temporary outages to multiple agency websites by targeting an externally loaded widget used to collect visitor statistics.

Understandably, people around the world are motivated to rake action and oppose the military invasion of Ukraine, but joining in cyber attacks can be unwise. Even when these actions appear to be sponsored by the Ukrainian government, which has the support of the aggregate international community, it does not make their use legal.

Users taking part in DDoS, defacement, or network breaching attacks are still at risk of running in to  trouble with their own country’s law enforcement agencies and this malware distributing campaign is yet another reason why you should avoid taking part in this kind of operation, as you put yourself at risk.

OodaloopRealHackerNewsBleeping Computer:   ABC:      Infosecuirity Magazine:      Venturecation:  

You Might Also Read: 

The Online Battle In Ukraine:

 

« Employees Blame Their Employer For Data Theft
Phishing Attack On US Government Linked To Chinese Hackers »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Biscom

Biscom

Biscom offers solutions for secure file transfer, synchronization, file translation, and mobile devices, designed to deliver mission-critical reliability, streamline workflows and reduce costs.

Gamma

Gamma

Gamma is a leading provider of Unified Communications as a Service (UCaaS) into the UK, Dutch, Spanish and German business markets.

Finjan Holdings

Finjan Holdings

Finjan solutions are aimed at keeping the web, networks, and endpoints safe from malicious code and security threats.

Odix

Odix

Odix security software neutralizes file embedded targeted cyber attacks before they enter your organization’s network.

GuardKnox

GuardKnox

GuardKnox protects the users of connected vehicles against threats that can endanger their physical safety and the safety of their personal information.

VMRay

VMRay

VMRay delivers advanced threat analysis and detection that combines a unique agentless hypervisor-based network sandbox with a real-time reputation engine.

Salt Communications

Salt Communications

Salt communications is a global leader in secure communications. Our bespoke platform is the secure communications solution that uniquely gives complete control to our customers.

Riverside Research

Riverside Research

Riverside Research is a not-for-profit organization chartered to advance scientific research in areas including Trusted & Resilient Systems.

Field Effect Software

Field Effect Software

Field Effect Software build sophisticated and integrated IT security, threat surface reduction, training and simulation capabilities for enterprises and small businesses.

CYSEC SA

CYSEC SA

Cysec is equipped to deliver agile security solutions for the most challenging IT infrastructures around the world.

ADGS

ADGS

ADGS is a deeptech company focused in the fields of Agent-Based simulations (Emergent Behavior), Cybersecurity and Biometrics, Social Dynamics, Natural Language Processing and Artificial Intelligence.

Query.ai

Query.ai

At Query.AI, we are committed to helping companies unlock the power of their security data, so they are empowered to meet security investigation and response goals while simultaneously reducing costs.

Elisity

Elisity

Elisity Cognitive Trust is a new security paradigm that combines Zero Trust Network Access and an AI-enabled Software Defined Perimeter.

The Hacking Games

The Hacking Games

The Hacking Games' Mission is to inspire, educate and mobilise a generation of ethical hackers to make the world a safer place.

Secur-Serv

Secur-Serv

Secur-Serv is a security-first managed services provider. We provides Managed IT, Managed Print, Managed Device, and Cybersecurity services to companies of every size.

Inoxoft

Inoxoft

Inoxoft delivers IT security consulting, assessment, and protection services to help businesses secure their infrastructure, applications, and sensitive data.