{"id":605834,"date":"2023-02-08T07:49:29","date_gmt":"2023-02-08T13:49:29","guid":{"rendered":"https:\/\/news.sellorbuyhomefast.com\/index.php\/2023\/02\/08\/russian-whispergate-hackers-are-using-new-data-stealing-malware-to-target-ukraine\/"},"modified":"2023-02-08T07:49:29","modified_gmt":"2023-02-08T13:49:29","slug":"russian-whispergate-hackers-are-using-new-data-stealing-malware-to-target-ukraine","status":"publish","type":"post","link":"https:\/\/newsycanuse.com\/index.php\/2023\/02\/08\/russian-whispergate-hackers-are-using-new-data-stealing-malware-to-target-ukraine\/","title":{"rendered":"Russian \u2018WhisperGate\u2019 hackers are using new data-stealing malware to target Ukraine"},"content":{"rendered":"
\n

Security researchers say they have recently observed a Russian hacking crew, who were behind the destructive WhisperGate malware cyberattacks, targeting Ukrainian entities with a new information-stealing malware.<\/p>\n

Symantec\u2019s Threat Hunter Team has attributed<\/a> this campaign to a Russia-linked cyber threat actor, widely known as TA471 (or UAC-0056), which has been active since early 2021. The group is known<\/a> to support Russian government interests, and while it primarily targets Ukraine, the group has also been active against NATO member states in North America and Europe. TA471 has been linked to WhisperGate<\/a>, a destructive data-wiping malware that was used in multiple cyberattacks against Ukrainian targets in January 2022. The malware masquerades as ransomware, but renders targeted devices completely inoperable and unable to recover files even if a ransom demand is paid.<\/p>\n

According to Symantec, the hacking crew\u2019s latest campaign relies on\u00a0previously unseen information-stealing malware it calls \u201cGraphiron\u201d for targeting Ukrainian organizations. The malware was used to steal data from infected machines from October 2022 until at least mid-January 2023, according to the researchers, reasonable to assume that it remains part of the [hackers\u2019] toolkit.\u201d<\/p>\n

The info-stealing malware uses file names designed to masquerade as legitimate Microsoft Office files, and is similar to other TA471 tools, such as GraphSteel and GrimPlant<\/a>, which were previously used as part of a spear-phishing campaign specifically targeting Ukrainian state bodies. But Symantec says that Graphiron is designed to exfiltrate far more data, including screenshots and private SSH keys.<\/p>\n

\u201cThat information could be useful in itself from an intelligence perspective, or it could be used to penetrate deeper into the targeted organization or to launch destructive attacks,\u201d Dick O\u2019Brien, principal intelligence analyst Symantec Threat Hunter Team, told TechCrunch.<\/p>\n

O\u2019Brien said that while little is known about the hacking crew\u2019s origin or strategy, TA471 has become one of the key players in Russia\u2019s ongoing cyber campaigns against Ukraine.<\/p>\n

News of TA471\u2019s latest espionage campaign comes days after the Ukrainian government sounded the alarm<\/a> on another Russian state-sponsored hacking group, dubbed UAC-0010, which continues to conduct frequent cyber attack campaigns against Ukrainian organizations.<\/p>\n

\u201cDespite using mainly repeated sets of techniques and procedures, adversaries slowly but insistently evolve in their tactics and redevelop used malware variants to stay undetected,\u201d said Ukraine\u2019s State Cyber Protection Centre. \u201cTherefore, it remains one of the key cyber threats facing organizations in our country.\u201d<\/p>\n<\/p><\/div>\n

Read More<\/a>
\n Carly Page<\/p>\n","protected":false},"excerpt":{"rendered":"

Security researchers say they have recently observed a Russian hacking crew, who were behind the destructive WhisperGate malware cyberattacks, targeting Ukrainian entities with a new information-stealing malware. Symantec\u2019s Threat Hunter Team has attributed this campaign to a Russia-linked cyber threat actor, widely known as TA471 (or UAC-0056), which has been active since early 2021. The<\/p>\n","protected":false},"author":1,"featured_media":605835,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[118959,776,46],"tags":[],"class_list":{"0":"post-605834","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-whispergate","8":"category-russian","9":"category-technology"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/605834","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/comments?post=605834"}],"version-history":[{"count":0,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/605834\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media\/605835"}],"wp:attachment":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media?parent=605834"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/categories?post=605834"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/tags?post=605834"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}