"US Cyber Command Spots Another 20 Malware Strains Targeting Ukraine"

US Cyber Command has revealed 20 new strains of malware being used against Ukrainian targets. The Pentagon's cyberspace wing made indicators of compromise (IOCs) associated with various malware strains discovered in Ukrainian networks by the country's security service publicly available. The warning comes as several private security researchers recently released their own threat research related to the Russian invasion. The threat intelligence firm Mandiant released research detailing network intrusion attempts by cyberespionage gangs linked to the Belarusian government and the Kremlin. In February and March, these campaigns targeted Ukrainian organizations, using phony public safety documents as bait to entice intended victims to open spear-phishing attachments. In March, Cisco Talos security researchers discovered a fairly uncommon type of malware targeting a large software development company, the software of which is used by several Ukrainian state organizations. Talos believes this campaign is being carried out by Russian state-sponsored criminals, who are using a modified version of the GoMet open-source backdoor to gain persistent access to the software firm's networks. Mandiant's most recent research on state-sponsored cyberspies provides threat intelligence on two criminal groups, one of which is tracked as UNC1151 and links to the Belarusian government. Since the war began, UNC1151 has targeted Ukrainian and Polish organizations, and its most recent attempts use a modified version of MicroBackdoor that allows screenshots to be taken of victims' devices. UNC1151 used a compromised Ukrainian account to send phishing emails, which included a ZIP file containing the malicious payload. After tricking victims into opening the file, the backdoor malware is downloaded to their computer, which can upload and download files, execute commands, update itself, and take screenshots. For traffic routing, MicroBackdoor supports HTTP, Socks4, and Socks5 proxies. This article continues to discuss the malware strains being used against Ukraine.

The Register reports "US Cyber Command Spots Another 20 Malware Strains Targeting Ukraine"