HomeUpdateHow did Russia-linked hacking, harm Ukranian organization ?

How did Russia-linked hacking, harm Ukranian organization ?

-

Last Updated on 03/02/2022 by Nidhi Khandelwal

Researchers stated on Monday that they discovered evidence of a Russia-linked hacking operation attempting to harm a Ukrainian organization in July 2021.

How did Russia-linked hacking, harm Ukranian organization ? 1

In a new analysis released Monday, Broadcom-owned Symantec blamed the attacks on an actor known as Gamaredon (aka Shuckworm or Armageddon), a cyber-espionage collective operating since at least 2013.

In November 2021, Ukrainian intelligence agencies labeled the organization a “special project” of Russia’s Federal Security Service (FSB), accusing it of carrying out over 5,000 cyberattacks against Ukrainian government officials and key infrastructure.

Phishing emails are commonly used in Gamaredon assaults to fool victims into installing Pterodo, a proprietary remote access trojan. The actor installed various variants of the backdoor as well as additional scripts and tools between July 14, 2021 and August 18, 2021, according to Symantec.

“The attack chain started with a malicious document, most likely sent by phishing email, that was opened by the user of the infected machine,” the researchers explained. The name of the organization that was harmed was not revealed.

How did Russia-linked hacking, harm Ukranian organization ? 2

The adversary used the implant to download and run an executable file that served as a dropper for a VNC client before establishing connections with a remote command-and-control server under their control at the end of July.

“This VNC client looks to be the ultimate payload for this assault,” the researchers said, adding that after the installation, they were able to examine a number of documents on the infected PC, ranging from job descriptions to confidential company information.

Nidhi Khandelwal
Nidhi Khandelwal
Nidhi is a tech news/research contributor at TheDigitalHacker. She publishes about techno geopolitics, privacy, and data breach.
- Advertisment -

Must Read

This is how Russia is being punished for the war

0
The developer of the popular "node-ipc" NPM package published a new modified version to denounce Russia's invasion of Ukraine, sparking concerns about open-source and...