Camouflage: Russian Threat Actors Use Sensitive Ukrainian File For Exploit

Recent reports have found that Russian Threat Actors are using sensitive Ukrainian war files for cyber attacks.

Google Threat Analysis Group’s (TAG) said that threat actors from China, Iran, North Korea, and Russia, as well as unidentified groups, gained access to malicious emails and phishing links to deploy their treacherous acts.

Leonard added that “obsessed criminal actors would go to any extent to target their users by undergoing a fully documented research on this target.”

China’s People’s Liberation Army Strategic Support Force (PLA SSF) hackers, Curious Gorge was said to have used these sensitive files to attack government, military, logistics, and manufacturing organizations in Ukraine, Russia, and Central Asia.

Russia and various regulatory bodies have been targeted by attacks on the ministry of foreign affairs with extra concessions that overcome Russian defense contractors and manufacturers as well as an unknown logistics company.

Research has shown that a China-linked government-sponsored threat actor known as Mustang Panda (aka Bronze President) has started employing an updated version of a remote access trojan called Plug on Russian government officials. This has led to the loss of infrastructure and sensitive data breaches to the outside world.

APT28 (aka Fancy Bear) joins the list of hackers affiliated with the said act. They launch offensives with a .NET malware that’s capable of extracting cookies and passwords from Chrome, Edge, and Firefox browsers of Ukrainian users.

Russian Hackers Not Excempted From the List

Russia-based threat groups, including Turla (aka Venomous Bear) and COLDRIVER (aka Calisto), as well as a Belarusian hacking crew named Ghostwriter, are part of various credential phishing campaigns targeting defense and cybersecurity organizations in the Baltic region and high-risk individuals in Ukraine.

Detailed information on the Denial of Service attack has been received by the Computer Emergency Response Team of Ukraine (CERT-UA) which targeted the administrative sectors by injecting a malicious JavaScript (dubbed “BrownFlood”) into the vulnerable website. Thus, enhancing these hackers to gain full coverage of all the policies and compliance from this sector.

Users have been addressed in Lithuania, Estonia, and Russia in the telecommunications, electronics, and industrial sectors that the Russian-language emails from the Russian government’s Federal Bailiffs Service were from campaign masquerades.

Applying forensics to data can be used to retrieve lost and deleted information from a source, but due to geopolitical tensions and military invasions, forensic evidence has been destroyed. Ukraine has faced a huge data loss.

Threat actors use Denial of Service attacks on public and private firms by disrupting their normal interference online. Last week, Romania’s National Directorate of Cyber ​​Security (DNSC) reported that several websites would be unavailable due to a flood of actors.