Ukraine's 'IT Army' Risks Being Hijacked By Malware

A new malware campaign is taking advantage of people's willingness to support Ukraine's cyber warfare against Russia to infect them with password-stealing Trojans.  

Ukraine’s vice prime minister, Mykhailo Fedorov, organised a volunteer group referred to as 'the IT army' of hackers to conduct DDoS attacks against Russian targets.

Threat actors are taking advantage of current events, such as the IT Army, to promote a fake DDoS tool on Telegram that installs a password and information-stealing Trojan.

Now security researchers have advised Ukrainian actors to beware of downloading DDoS tools to use in attacks against Russia, as they could contain information stealing malware. Cisco Talos has recently warned that cyber criminals have been seeking to exploit the support for Ukraine and installing the secret malware to get back at Ukrainian hackers. Specifically, they have detected DDoS tools available on Telegram  loaded with malware.

One of the tools offered by a group called disBalancer is offering a tool called Liberator that has been spoofed by threat actors. The malware-affected version has been spread on different platforms.

The versions detected on Telegram were found to be malware, specifically an information stealer that was designed to compromise those who wanted to use the Liberator malware. Those behind the activity have been distributing 'infostealers' since last November, stated Cisco. If Russia finds itself under persistent DDoS attack, these tactics could escalate.

Cyber security researchers have also warned that the spoofing attacks could be originating from a privateer group, a state sponsored actor, or a nation state. Russian state-backed hackers have well-established skills in causing temporary outages to multiple agency websites by targeting an externally loaded widget used to collect visitor statistics.

Understandably, people around the world are motivated to rake action and oppose the military invasion of Ukraine, but joining in cyber attacks can be unwise. Even when these actions appear to be sponsored by the Ukrainian government, which has the support of the aggregate international community, it does not make their use legal.

Users taking part in DDoS, defacement, or network breaching attacks are still at risk of running in to  trouble with their own country’s law enforcement agencies and this malware distributing campaign is yet another reason why you should avoid taking part in this kind of operation, as you put yourself at risk.

OodaloopRealHackerNewsBleeping Computer:   ABC:      Infosecuirity Magazine:      Venturecation:  

You Might Also Read: 

The Online Battle In Ukraine:

 

« Employees Blame Their Employer For Data Theft
Phishing Attack On US Government Linked To Chinese Hackers »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ForgeRock

ForgeRock

ForgeRock, the leader in digital identity, delivers comprehensive Identity and Access Management solutions for consumers, employees and things to simply and safely access the connected world.

Snow Software

Snow Software

Snow Software is changing the way organizations think about their technology investments, empowering IT and business leaders to drive transformation with precision and agility.

Sogeti

Sogeti

Sogeti deliver solutions that enable digital transformation and offer cutting-edge expertise in Cloud, Cybersecurity, Digital Manufacturing, Quality Assurance, Testing, and emerging technologies.

Falanx Cyber

Falanx Cyber

Falanx Cyber provides enterprise-class cyber security services and solutions. We deliver end-to-end cyber capabilities, either as specific engagements or as fully-managed services.

Volatility Foundation

Volatility Foundation

Volatility is an open source memory forensics framework for incident response and malware analysis.

QuickLaunch

QuickLaunch

QuickLaunch transforms how cloud-savvy institutions and companies manage human and device authentication, authorization, access control and integration.

Razorpoint Cybersecurity

Razorpoint Cybersecurity

Razorpoint’s world-class security experts have provided advanced, effective cybersecurity expertise to corporate and public-sector organizations around the world.

Spohn Solutions

Spohn Solutions

Spohn combines highly-experienced staff with a vendor neutral approach to deliver optimal solutions for IT Security and Compliance.

Wolverhampton Cyber Research Institute (WCRI)

Wolverhampton Cyber Research Institute (WCRI)

Wolverhampton Cyber Research Institute builds on the strength of its members in the area of network and communication security, artificial intelligence, big data and cyber physical systems.

IQ4 - Cybersecurity Workforce Alliance (CWA)

IQ4 - Cybersecurity Workforce Alliance (CWA)

Cybersecurity Workforce Alliance, a division of iQ4, is an organization comprised of a diverse range of professionals dedicated to the development of the cybersecurity workforce.

DatChat

DatChat

DatChat Inc. is a blockchain, cybersecurity, and social media company that focuses on protecting privacy on our devices and also protecting our information after we have shared it with others.

TempoCap

TempoCap

TempoCap is a European growth-stage technology fund with offices in London and Berlin. We invest across a variety of high- growth sectors including cybersecurity.

Kivera

Kivera

Kivera enforces your organisation governance and security policies across cloud deployments preventing misconfigurations turning into attack vectors.

Certcube Labs

Certcube Labs

Certcube Labs provide a broad range of services in the areas of Assessments, Development, Risk Advisory, Blockchain, Forensics Investigations, Managed Security Solutions, and IT Security Trainings.

Project Cypher

Project Cypher

Project Cypher leverages the latest cybersecurity developments, a world class team of hackers and constant R&D to provide you with unparalleled cybersecurity offerings.

AUCloud

AUCloud

AUCloud is a leading Australian cyber security and secure cloud provider, specialising in supporting businesses and Governments with the latest cloud infrastructure.