Ukraine now faces MicroBackdoor malware threat from Russia

1932

Ukraine’s critical infrastructure is being cyber-attacked by malware these days and highly placed sources state that the malicious software has compromised 13 computer networks operating for public utilities so far.

In a statement released on March 7, 2022, the Computer Emergency Response Team (CERT-UA) has confirmed that its digital infrastructure was constantly being hit by malicious attacks and phishing emails were acting as a source for the infiltration.

According to the details provided by CERT-UA, emails laced with a file named ‘Dovidka.zip’ were being distributed digitally containing images related to artillery shelling, war developments between Ukraine and Russia, negotiations, and some pictures related to the disaster. In actuality, when the images are clicked, they contain malicious codes as VBScript that downloads the Micro Backdoor Malware.

Security researchers from Mandiant have concluded that such backdoor laced emails are being circulated by a hacking group dubbed UAC-0051, apparently linked to Belarusian government, a region supporting Putin in the ongoing Russia Ukraine war.

Mandiant argues the backdoor was developed in January this year and was swung into action from February first week.

Previously, i.e. in prior weeks of this year, another campaign tracked back to Belarus and related to the spread of data-wiping malware was also discovered by some researchers from Cisco Talos on a government agency’s computer systems of the Zelenskyy led nation. And they now confirm that the malware dubbed ‘HermeticWiper’ had capabilities to steal and wipe data from critical systems.

Meaning, Putin’s mindset to attack Ukraine was already known to the Belarusian hackers, who started invading the Volodymyr Zelensky led nation digitally.

Wonder what will Vladimir Putin has achieved till date from the war and will achieve after!

 

Ad
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display