Skip to main content

Russia-Ukraine War: Phishing, Malware and Hackers Groups Taking Sides.

By Editor

 




Ukraine's Computer Emergency Response Team (CERT-UA) has warned of Belarusian state-sponsored hackers targeting its military personnel and related individuals as part of a phishing campaign mounted amidst Russia's military invasion of the country.


"Mass phishing emails have recently been observed targeting private 'i.ua' and 'meta.ua' accounts of Ukrainian military personnel and related individuals," the CERT-UA said. "After the account is compromised, the attackers, by the IMAP protocol, get access to all the messages."


Subsequently, the attacks leverage the contact information stored in the victim's address book to propagate the phishing messages to other targets.




The Ukrainian government attributed the activities to a threat actor tracked as UNC1151, a Minsk-based group whose "members are officers of the Ministry of Defence of the Republic of Belarus." In a follow-up update, the agency said the nation-state group also targets its own citizens, while simultaneously setting its sights on Russian entities –


Association of Belarusians of the World (International Social Union)

Belarusian Music Festival

Samara Oblasna Public Organization "Russian-Belarusian Fraternity 2000"

Dzêâslov, a Belarusian literary magazine

Soviet Belarus (Sovetskaya Belorussiya), a daily newspaper in Belarus

Employees of the National Academy of the Republic of Kazakhstan, and

Voice of the Motherland, a local newspaper in Belarus

UNC1151 is the Mandiant-assigned moniker to an uncategorized threat cluster, which operates with objectives that are aligned with Belarusian government interests. The hacking group is believed to have been active since at least 2016.



"UNC1151 has targeted a wide variety of governmental and private sector entities, with a focus in Ukraine, Lithuania, Latvia, Poland, and Germany," Mandiant researchers said in a November 2021 report. "The targeting also includes Belarusian dissidents, media entities, and journalists."


The state-backed cyber espionage group has also been linked to the Ghostwriter disinformation campaign that promulgated anti-NATO and corruption-themed narratives aimed at Lithuania, Latvia, and Poland with the likely goal of undermining the governments and creating tensions in the region.


What's more, the January defacement attacks of several Ukrainian government websites with threatening messages is believed to be the handiwork of UNC1151 as well.


Hacking Groups Take Sides

The development follows a barrage of data wiper and distributed-denial-of-service (DDoS) attacks against Ukrainian government agencies, even as various hacking groups and ransomware syndicates are capitalizing on the chaos to take sides and further their activities.



"The Anonymous collective is officially in cyber war against the Russian government," the decentralized hacktivist group tweeted, adding it "leaked the database of the Russian Ministry of Defense website."


Prevent Data Breaches

Another group that has declared its fealty to Ukraine is the vigilante group known as GhostSec (short for Ghost Security), which announced it had flooded Russian military websites with DDoS attacks "in support of the people in Ukraine."



The Conti ransomware cartel, which recently absorbed the now-shuttered TrickBot trojan, rallied its "full support" behind the Russian government, threatening to "strike back at the critical infrastructures of an enemy" should "anybody will decide to organize a cyber attack or any war activities against Russia."


The group, however, later rephrased its statement to state that "we do not ally with any government and we condemn the ongoing war." But the Conti team also maintained that it "will use our full capacity to deliver retaliatory measures in case the Western warmongers attempt to target critical infrastructure in Russia or any Russian-speaking region of the world."


Other hacking entities to declare allegiance to Russia are the RedBanditsRU cybercrime group and the lesser-known CoomingProject ransomware program, which pledged to "help the Russian government if cyber attacks and conduct against Russia."


#THN


#osutayusuf

Comments

  1. sam28 February 2022 at 12:34

    Thanks for sharing the information with us. I hope you will share some more information about Russia and Ukraine war. Please keep sharing!
    Best visa and travel agency

    ReplyDelete

Post a Comment

Popular posts from this blog

UGANDA ELECTORAL COMMISSION TO ELIMINATE NATIONAL IDENTIFICATION CARDS (IDs) FOR 2021 GENERAL ELECTIONS.

By Editor
The elimination of using National IDs (Ndagamuntu) for the 2021 elections should not have come as a surprise. One would be very NAIVE to think that Bobi Wine has not prepared for this in his Business Plan under the RISK section. It is public knowledge that our EC is not independent.  It is also public knowledge that Military Dictator Yoweri Museveni will never lose an election. What stunned us this morning is when we noticed that on social media, people were mocking Bobi with his "get your Ndagamuntu".  We are on record for saying to all Our readers that the National ID is like Apartheid in South Africa. Students of History would know how those IDs were being used to arrest people, deny them jobs, deny them basic services. Consequently, Bobi was not wrong and will never be wrong on the Ndagamuntu. Except the ones attacking him and mocking him forget that in Uganda, now, no National ID (Ndagamuntu), no service.  If you have not been denied registering your child i...
Post a Comment
Read more

Here is Why Our Utterances For Praying Jesus And God To Come Liberate Ugandans, May Be Misplaced. This Phrase is like inform of a Letter To Some Categorized Section Of Ugandans.

By Editor
https://m.facebook.com/yusufosuta/photos/a.1896701010557789/2070383359856219/?type=3 OPEN LETTER TO NRM SUPPORTERS - NATIONAL ROBBERS MOVEMENT. .................................................................................. Last week of March, a friend told me to pray for Uganda.  I told him that he was an Idiot and we have prayed for too long and we are still hungry and sick and Jesus is not coming soon to liberate us. He then ignored the STUPID and sent me a picture we all now know.  It got me totally messed up.  This guy was telling me to pray then sends a picture of men bowing down in blood.  He might have meant guns but I blocked him because his utterances of praying for Uganda were misplaced. I unblocked him 3 weeks later and asked him about praying and assassinations.  His reply "eithrr prayers or guns or both". I hate violence with a passion.  So he is now blocked in like FOREVER. Do you feel safe?  Do not feel safe. Uganda regim...
Post a Comment
Read more

Parliament Urges Government to Provide Shs 4 Billion to Media Houses to Run Awareness Campaign on Tourism in Uganda.

By Editor
Parliament also urged Gov’t to provide additional Shs4Bn to UTB to engage international and national media houses in production of positive media stories for improved destination image, following reports of drop in number of tourists from US, Europe and China visiting Uganda. "The National Development Plan targeted to cumulatively attract 281,760 International Tourist arrivals from US, Europe & China but only 67,252 arrivals were registered by the end of the first half of FY 2023/24. The U.S, Europe & China were key target source for leisure tourist who stay longer than business tourists. However, statistics show that international arrivals from the aforementioned areas have continue to drop. The UTB requires Shs4Bn to engage international & national media houses in production of positive tourism stories to improve destination perception in light of recent controversies that shade the destination in a bad light. However, this has remained unfunded,” said La...
Post a Comment
Read more