Ukraine's 'IT Army' Risks Being Hijacked By Malware

Uploaded on 2022-03-21 in TECHNOLOGY-Key Areas-Social Media, TECHNOLOGY--Hackers, GOVERNMENT-National, FREE TO VIEW

A new malware campaign is taking advantage of people's willingness to support Ukraine's cyber warfare against Russia to infect them with password-stealing Trojans.  

Ukraine’s vice prime minister, Mykhailo Fedorov, organised a volunteer group referred to as 'the IT army' of hackers to conduct DDoS attacks against Russian targets.

Threat actors are taking advantage of current events, such as the IT Army, to promote a fake DDoS tool on Telegram that installs a password and information-stealing Trojan.

Now security researchers have advised Ukrainian actors to beware of downloading DDoS tools to use in attacks against Russia, as they could contain information stealing malware. Cisco Talos has recently warned that cyber criminals have been seeking to exploit the support for Ukraine and installing the secret malware to get back at Ukrainian hackers. Specifically, they have detected DDoS tools available on Telegram  loaded with malware.

One of the tools offered by a group called disBalancer is offering a tool called Liberator that has been spoofed by threat actors. The malware-affected version has been spread on different platforms.

The versions detected on Telegram were found to be malware, specifically an information stealer that was designed to compromise those who wanted to use the Liberator malware. Those behind the activity have been distributing 'infostealers' since last November, stated Cisco. If Russia finds itself under persistent DDoS attack, these tactics could escalate.

Cyber security researchers have also warned that the spoofing attacks could be originating from a privateer group, a state sponsored actor, or a nation state. Russian state-backed hackers have well-established skills in causing temporary outages to multiple agency websites by targeting an externally loaded widget used to collect visitor statistics.

Understandably, people around the world are motivated to rake action and oppose the military invasion of Ukraine, but joining in cyber attacks can be unwise. Even when these actions appear to be sponsored by the Ukrainian government, which has the support of the aggregate international community, it does not make their use legal.

Users taking part in DDoS, defacement, or network breaching attacks are still at risk of running in to  trouble with their own country’s law enforcement agencies and this malware distributing campaign is yet another reason why you should avoid taking part in this kind of operation, as you put yourself at risk.

OodaloopRealHackerNewsBleeping Computer:   ABC:      Infosecuirity Magazine:      Venturecation:  

You Might Also Read: 

The Online Battle In Ukraine:

 

« Employees Blame Their Employer For Data Theft
Phishing Attack On US Government Linked To Chinese Hackers »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Caldew Consulting

Caldew Consulting

Caldew specialise in providing information assurance and cyber security consultancy, covering the full spectrum of the security life cycle.

Software Factory

Software Factory

Software Factory develops custom-built high-performance software solutions and products for applications including industrial cyber security.

Referentia

Referentia

Referentia leads the development of critical infrastructure solutions that benefit society, including cyber security and network performance management.

Rhebo

Rhebo

Rhebo Industrial Protector monitors and ensures the continuous, correct, and predictable operation of real-time Industrial Control Systems to prevent outages and reduce downtimes.

Cyverse

Cyverse

Cyverse is a cyber-security firm which provides corporations with state-of-the-art cyber-security service-based and technological solutions made in Israel.

G DATA CyberDefense

G DATA CyberDefense

G Data developed the world's first antivirus software. We now ensure the security of small, large and medium-sized companies all over the world.

ES2

ES2

ES2 is a consulting organisation specialising in Enterprise Security and Solutions Services.

Scout Ventures

Scout Ventures

Scout Ventures is an early stage venture capital firm that is making the world a better, safer place by cultivating standout frontier technologies.

Connectria

Connectria

Connectria provides cloud hosting, remote monitoring, and compliant cloud security solutions and services to enterprises, medium and small businesses.

Almond

Almond

Almond is positioned as a key independent French player in audit and consulting in the fields of Cybersecurity, Cloud and Infrastructure.

Cyware

Cyware

Cyware is the only company building Virtual Cyber Fusion Centers enabling end-to-end threat intelligence automation, sharing, and unprecedented threat response for organizations globally.

ACI Learning

ACI Learning

ACI Learning - Training tomorrow’s industry leaders with formats for all types of learners in Audit, Cybersecurity, and IT.

Avint

Avint

Avint delivers transformational cybersecurity solutions that help both commercial and government entities achieve mission success.

Check Point Software Technologies

Check Point Software Technologies

Check Point Software Technologies is a leading provider of cyber security solutions to governments and corporate enterprises globally.

Space Hellas

Space Hellas

Space Hellas is a dynamic, established System Integrator and Value Added Solutions Provider, holding a leading position in the high technology arena.

SixMap

SixMap

SixMap is a continuous threat exposure management platform that automatically provides comprehensive enterprise visibility, contextual threat intelligence, and a suite of remediation actions.