🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

CERT-UA detected #SpearPhishing #CyberAttack against #UA government themed with Armed Forces of Ukraine using #RomCom backdoor. Potential links to #CubaRansomware operators: #TropicalScorpius (Unit 42) or #UNC2596 (Mandiant (part of Google Cloud)). Article: cert.gov.ua/article/2394117.

CERT-UA to detect #CyberAttack by #UAC-0140 against #UA GOV entities themed with #Shahed-136 impersonating State Emergency Service of Ukraine using #DolphinCape #backdoor. Details (UA only): cert.gov.ua/article/3192088.

We cover recent activity of #TridentUrsa, aka #Gamaredon, known as one of the most pervasive, intrusive, continuously active and focused APTs targeting Ukraine. We cover shifts in the group's TTPs as their reach continues to expand. bit.ly/3HOIHys

UPDATE: UAC-0082 (suspected #Sandworm) to target Ukrinform using 5 variants of destructive software: CaddyWiper, ZeroWipe, SDelete, AwfulShred, BidSwipe. Details: cert.gov.ua/article/3718487 (UA only)

UAC-0114 aka Winter Vivern to target Ukrainian and Polish GOV entities CERT_UA In cooperation with PL colleagues detected web pages which mimic government agencies' websites and lure users to download #malware software. Details: cert.gov.ua/article/3761104

UAC-0056 to attack 20+ #UA GOV entities using backdoors planted 1-2 years ago, among them: #CredPump (SSH backdoor in a for of PAM module), HoaxPen (#backdoor, ELF), #HoaxApe (Apache module), as well as #GOST (Go Simple Tunnel) and #Ngrok. Details: cert.gov.ua/article/3947787

UAC-0063 to #cyberespionage against UA,KZ,KG,TJ,IN,IL using VBScript encoded loader HATVIBE, C++ file stealer STILLARCH (aka DownEx) as well as PyArmor/Themida-protected keylogger LOGPIE and backdoor CHERRYSPY. Details: cert.gov.ua/article/4697016 (UA).

Thrilled to see our very first partner in Ukraine CERT-UA in Kyiv last week. Their work on unmasking threat actors, publishing deep reports on malware/ TTPs, and being an incredible sharer of intelligence is a role model for all national CERTs around the world - thank you

Recorded Future’s Insikt Group in collaboration with CERT-UA, has detected a campaign exploiting vulnerable Roundcube servers in #Ukraine, cross-correlated with a spearfishing campaign uncovered by Recorded Future’s Network Traffic Intelligence.

CERT-UA in collab w/ Microsoft Threat Intelligence investigated UAC-0024 (susp. #Turla) using CAPIBAR & KAZUAR to target UA GOV entities. Details: cert.gov.ua/article/5213167 (UA only)

Moderate confidence UAC-0001 (#APT28) PowerShell in clipboard, METASPLOIT, Roundcube vulnerability and more. Details in new post: cert.gov.ua/article/6281123

UAC-0050 engages in fincrime using LITEMANAGER. Details: cert.gov.ua/article/6281202 (UA only)

New TTPs of UAC-0099 #LONEPAGE #WinRar #Malware Details: cert.gov.ua/article/6281681 (UA only)

UAC-0125 (Sufficient confidence level #Sandworm) attack with fake Army+ application. Details: cert.gov.ua/article/6281701 (UA only)

UAC-0212 (subcluster of #Sandworm) targets transport and energy Details: cert.gov.ua/article/6282517 (UA only)

UAC-0173 targets notaries. Again Details: cert.gov.ua/article/6282536 (UA only)

UAC-0219: Cyber Espionage using #PowerShell #stealer #WRECKSTEEL Details: cert.gov.ua/article/6282902 (UA only)

New activity UAC-0226: #espionage using #GIFTEDCROOK and #PowerShell reverse shell Details: cert.gov.ua/article/6282946 (UA only)

Russian cyber operations: attack automation, espionage against the defense sector, and new tactics. Analysis for the Second Half of 2024 from CERT-UA. Read and download report 👉 bit.ly/42yWN0X

New activity UAC-0001 (#APT28): #espionage using #BEARDSHELL and #SLIMAGENT Details: cert.gov.ua/article/6284080 (UA only)