Ukrainian organizations are being besieged with cyberattacks from threat actors sympathetic to Russia amid the ongoing Russia-Ukraine war, reports Ars Technica.
Google's Threat Analysis Group discovered that Russian advanced persistent threat group Turla targeted pro-Ukrainian volunteers with Android apps hosted on a Ukrainian Azov Regiment-spoofing domain to facilitate distributed denial-of-service attacks.
Russian state-sponsored hacking groups Fancy Bear and Sandworm also exploited the Windows Follina vulnerability to compromise Ukrainian organizations, according to Google researchers.
Moreover, the U.S. Cyber Command noted that Ukrainian entities have been attacked with several malware types during the past few months, while Mandiant researchers said that Belarusian government-backed UNC1151 and pro-Russian UNC2589 have been leveraging malware in separate cyberespionage operations against Ukraine.
Meanwhile, Russia has been called out by the European Union regarding its continuous cyberattacks against Ukraine, the most recent of which was a DDoS campaign.
"Russia's unprovoked and unjustified military aggression against Ukraine has been accompanied by a significant increase of malicious cyber activities, including by a striking and concerning number of hackers and hacker groups indiscriminately targeting essential entities globally. This increase in malicious cyber activities, in the context of the war against Ukraine, creates unacceptable risks of spillover effects, misinterpretation, and possible escalation," said EU officials.
Change Healthcare attack linked to state-backed threat actors Major U.S. healthcare revenue and payment cycle management provider Change Healthcare was noted by its parent firm UnitedHealth Group to have been targeted by suspected state-sponsored threat actors in a cyberattack on Feb. 20, TechCrunch reports.