Tag: ukraine
-
CERT-UA reports attacks in March 2025 targeting Ukrainian agencies with WRECKSTEEL Malware
by
in SecurityNewsCERT-UA reported three cyberattacks targeting Ukraine’s state agencies and critical infrastructure to steal sensitive data. The Computer Emergency Response Team of Ukraine (CERT-UA) reported three cyberattacks in March 2025 targeting Ukrainian agencies and infrastructure to steal sensitive data. This activity is tracked under the identifier UAC-0219. >>The Ukrainian government’s computer emergency response team, CERT-UA, is…
-
CERT-UA Reports Cyberattacks Targeting Ukrainian State Systems with WRECKSTEEL Malware
by
in SecurityNews
Tags: attack, computer, country, cyber, cyberattack, email, infrastructure, malware, phishing, ukraineThe Computer Emergency Response Team of Ukraine (CERT-UA) has revealed that no less than three cyber attacks were recorded against state administration bodies and critical infrastructure facilities in the country with an aim to steal sensitive data.The campaign, the agency said, involved the use of compromised email accounts to send phishing messages containing links pointing…
-
One mighty fine-looking report
by
in SecurityNewsHazel highlights the key findings within Cisco Talos’ 2024 Year in Review (now available for download) and details our active tracking of an ongoing campaign targeting users in Ukraine with malicious LNK files. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/one-mighty-fine-looking-report/
-
Hackers hit Ukrainian state agencies, critical infrastructure with new ‘Wrecksteel’ malware
by
in SecurityNewsA Ukrainian cyber agency said a suspected espionage campaign using the new malware has been active seen the fall, with at least three incidents detected in March. First seen on therecord.media Jump to article: therecord.media/hackers-ukraine-critical-infrastructure-malware
-
UAC-0219 Hackers Leverage WRECKSTEEL PowerShell Stealer to Extract Data from Computers
by
in SecurityNews
Tags: attack, computer, cyber, cyberattack, data, government, group, hacker, malware, powershell, tool, ukraineIn a concerning development, CERT-UA, Ukraine’s Computer Emergency Response Team, has reported a series of cyberattacks attributed to the hacker group identified as UAC-0219. These attacks, which have been ongoing since the fall of 2024, utilize an advanced PowerShell-based malware tool named WRECKSTEEL to infiltrate computers and extract sensitive data. The primary targets include government…
-
Hackers hit Ukrainian state agencies, critical infrastructure with new ‘Wrecksteel’ malware
by
in SecurityNewsA Ukrainian cyber agency said a suspected espionage campaign using the new malware has been active seen the fall, with at least three incidents detected in March. First seen on therecord.media Jump to article: therecord.media/hackers-ukraine-critical-infrastructure-malware
-
UAC-0219 Hackers Leverage WRECKSTEEL PowerShell Stealer to Extract Data from Computers
by
in SecurityNews
Tags: attack, computer, cyber, cyberattack, data, government, group, hacker, malware, powershell, tool, ukraineIn a concerning development, CERT-UA, Ukraine’s Computer Emergency Response Team, has reported a series of cyberattacks attributed to the hacker group identified as UAC-0219. These attacks, which have been ongoing since the fall of 2024, utilize an advanced PowerShell-based malware tool named WRECKSTEEL to infiltrate computers and extract sensitive data. The primary targets include government…
-
Hackers target Ukrainian state agencies, critical infrastructure with new ‘Wrecksteel’ malware
by
in SecurityNewsA Ukrainian cyber agency said a suspected espionage campaign using the new malware has been active seen the fall, with at least three incidents detected in March. First seen on therecord.media Jump to article: therecord.media/hackers-ukraine-critical-infrastructure-malware
-
SmokeLoader Malware Uses Weaponized 7z Archives to Deliver Infostealers
by
in SecurityNewsA recent malware campaign has been observed targeting the First Ukrainian International Bank (PUMB), utilizing a stealthy malware loader, Emmenhtal, in conjunction with the SmokeLoader malware. This campaign demonstrates advanced tactics by financially motivated threat actors to distribute infostealers like CryptBot and Lumma Stealer. The attack chain begins with weaponized 7z archives and culminates in…
-
Western cyber aid to Ukraine faces strain as Russia’s war drags on
by
in SecurityNewsAs the war between Russian and Ukraine continues, Western cyber support is waning, raising growing concerns about the long-term effectiveness of these efforts. First seen on therecord.media Jump to article: therecord.media/western-cyber-aid-to-ukraine-faces-strain-war-drags
-
Ongoing Gamaredon phishing campaign targets Ukraine with Remcos RAT
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/ongoing-gamaredon-phishing-campaign-targets-ukraine-with-remcos-rat
-
Ukraine Blames Russia for Railway Hack, Labels It Act of Terrorism
by
in SecurityNewsThe CERT-UA investigation concluded that the attack’s techniques were “characteristic of Russian intelligence services” First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ukraine-russia-railway-hack/
-
Latest gambit for Gamaredon: Fake Ukraine troop movement documents with malicious links
The Kremlin-linked hacking group Gamaredon appears to be behind a recent campaign that aims to install a malicious version of the Remcos tool on Ukrainian computers. First seen on therecord.media Jump to article: therecord.media/gamaredon-phishing-campaign-fake-ukraine-documents-remcos
-
Moscow subway app and website disrupted in possible retaliation for Ukraine railway hack
by
in SecurityNews
Tags: ukraineDuring an outage of the Moscow subway system’s app and website, the site displayed a message purportedly from Ukraine’s national railway operator, which was recently hit by a large-scale cyberattack. First seen on therecord.media Jump to article: therecord.media/moscow-subway-system-disruption-ukraine-hack-message
-
Russia-linked Gamaredon targets Ukraine with Remcos RAT
by
in SecurityNews
Tags: apt, attack, cyberespionage, group, phishing, powershell, rat, russia, spear-phishing, ukraineRussia-linked Gamaredon targets Ukraine with a phishing campaign using troop-related lures to deploy the Remcos RAT via PowerShell downloader. Talos researchers warn that Russia-linked APT group Gamaredon (a.k.a. Armageddon, Primitive Bear, ACTINIUM, Callisto) targets Ukraine with a phishing campaign. The cyberespionage group is behind a long series of spear-phishing attacks targeting Ukrainian entities, and organizations related…
-
Russia-Linked Gamaredon Uses Troop-Related Lures to Deploy Remcos RAT in Ukraine
by
in SecurityNewsEntities in Ukraine have been targeted as part of a phishing campaign designed to distribute a remote access trojan called Remcos RAT.”The file names use Russian words related to the movement of troops in Ukraine as a lure,” Cisco Talos researcher Guilherme Venere said in a report published last week. “The PowerShell downloader contacts geo-fenced…
-
Russia-Linked Gamaredon Uses Troop-Related Lures to Deploy Remcos RAT in Ukraine
by
in SecurityNewsEntities in Ukraine have been targeted as part of a phishing campaign designed to distribute a remote access trojan called Remcos RAT.”The file names use Russian words related to the movement of troops in Ukraine as a lure,” Cisco Talos researcher Guilherme Venere said in a report published last week. “The PowerShell downloader contacts geo-fenced…
-
Gamaredon Hackers Weaponize LNK Files to Deliver Remcos Backdoor
by
in SecurityNewsCisco Talos has uncovered an ongoing cyber campaign by the Gamaredon threat actor group, targeting Ukrainian users with malicious LNK files to deliver the Remcos backdoor. Active since at least November 2024, this campaign employs spear-phishing tactics, leveraging themes related to the Ukraine conflict to lure victims into executing the malicious files. The LNK files,…
-
Gamaredon campaign abuses LNK files to distribute Remcos backdoor
by
in SecurityNewsCisco Talos is actively tracking an ongoing campaign, targeting users in Ukraine with malicious LNK files which run a PowerShell downloader since at least November 2024. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/gamaredon-campaign-distribute-remcos/
-
Russian Phishing Uses Fake CIA Sites to Target Anti-war, Ukraine Supporters
by
in SecurityNewsThe phishing campaign is highly sophisticated! First seen on hackread.com Jump to article: hackread.com/russia-phishing-fake-cia-sites-anti-war-ukraine-supporters/
-
Russian Hackers Impersonate CIA to Steal Ukrainian Defense Intelligence Data
by
in SecurityNewsIn a complex cyber operation discovered by Silent Push Threat Analysts, Russian hackers have launched a multi-pronged phishing campaign impersonating various organizations, including the CIA, to gather intelligence on individuals sympathetic to Ukraine’s defense efforts. The campaign, believed to be orchestrated by Russian Intelligence Services or aligned actors, utilizes a network of fraudulent websites to…
-
Russian internet provider purportedly breached by Ukrainian hacktivists
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/russian-internet-provider-purportedly-breached-by-ukrainian-hacktivists
-
Ukraine’s state railway restores online ticket sales after major cyberattack
by
in SecurityNewsUkraine’s state railway operator, Ukrzaliznytsia, has resumed online ticket sales after a cyberattack brought down its systems earlier in the week. First seen on therecord.media Jump to article: therecord.media/ukraine-state-railway-restores-online-ticketing-after-cyberattack
-
Austria uncovers alleged Russian disinformation campaign spreading lies about Ukraine
by
in SecurityNewsThe campaign was identified during an investigation into a Bulgarian woman accused of spying for Russia earlier this year. First seen on therecord.media Jump to article: therecord.media/austria-uncovers-russian-disinfo-campaign
-
Ukrainian state railway’s online services hit by disruptive cyberattack
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/ukrainian-state-railways-online-services-hit-by-disruptive-cyberattack
-
Lengthy disruption of Russian internet provider claimed by Ukrainian hacker group
A multi-day outage of internet services by Lovit, a widely used provider in cities such as Moscow and St. Petersburg, was claimed by the IT Army, a pro-Ukraine hacking group. First seen on therecord.media Jump to article: therecord.media/russia-isp-lovit-outages-claimed-ukraine-it-army
-
Massive Cyberattack Disrupts Ukrainian State Railway’s Online Services
by
in SecurityNewsThe Ukrainian State Railways, known as Ukrzaliznytsia, has experienced a massive disruption to its online services. The railway company issued a statement acknowledging an IT failure, which has temporarily suspended all online operations, impacting ticket sales and other digital services. According to Ukrzaliznytsia’s communication, the shutdown of online services is due to a technical issue,…
-
A cyberattack hits Ukraine’s national railway operator Ukrzaliznytsia
by
in SecurityNewsA cyberattack on Ukraine’s national railway operator Ukrzaliznytsia disrupted online ticket services, causing long lines at Kyiv’s station. The Record Media first reported the news of a cyber attack on Ukraine’s national railway operator Ukrzaliznytsia that disrupted online ticket services, causing long lines at Kyiv’s station. The incident led to overcrowding and long delays as…
-
Cyberattack takes down Ukrainian state railway’s online services
by
in SecurityNewsUkrzaliznytsia, Ukraine’s national railway operator, has been hit by a massive cyberattack that disrupted online services for buying tickets both through mobile apps and the website. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cyberattack-takes-down-ukrainian-state-railways-online-services/