Next Wave of Ukraine Attacks - DDoS, Malicious Tools, and Infrastructure Disruptions
Since the onset of Russian-Ukraine conflict, there have been aggressive cyberattacks against the government and businesses entities of both the countries. Lately, researchers found three separate attack incidents of DDoS, malicious tools, and infrastructure disruption, that were launched against Ukraine.
DDoS attack
Cybercriminals targeted WordPress sites to add a malicious script that ultimately uses visitors' browsers to carry out DDoS attacks on Ukrainian websites.
- A WordPress site was compromised to use this script, targeting 10 Ukrainian websites with DDoS attacks. The attack occurs in the background, without the user's knowledge, with a slow web browser.
- The targeted websites include government agencies, think tanks, financial sites, recruitment sites for the International Legion of Defense of Ukraine, and other pro-Ukrainian sites.
Infrastructure disruption
- Meanwhile, another cyberattack has hit the fixed-line telecommunications firm, Ukrtelecom. The attack is one of the most severe cyberattacks since the Russian invasion and disrupted services across the country.
- It could not be identified if Ukrtelecom was hit by a DDoS attack or a more sophisticated intrusion.
- The attack was acknowledged by Ukrtelecom in response to customers making comments on Facebook.
Ransomware attack
The Ukraine CERT has warned against the GhostWriter APT group targeting state entities using Cobalt Strike Beacon.
- The Belarus-linked APT group has conducted a spear-phishing campaign.
- The phishing messages use a Saboteurs[.]rar archive including RAR-archive Saboteurs 21[.]03[.]rar.
- The attack chain finishes up with the delivery of a malicious program known as Cobalt Strike Beacon.
Conclusion
The recent increase in cyberattacks aimed at Ukraine is ongoing in parallel with the Russian invasion. There could be more cyberattacks launched targeting Ukrainian entities. Thus, government agencies and businesses are recommended to follow the CERT-UA advisory to stay protected.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_145352986.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/7d44_shutterstock_1508385932.jpg)
