Ukraine is being subjected to attacks with the novel Graphiron information-stealing malware by the Russian cyberespionage operation Nodaria, also known as UAC-0056, reports The Hacker News.
Based on the Go programming language, the Graphiron malware builds upon Nodaria's custom GraphSteel backdoor and could facilitate the execution of shell commands and the exfiltration of credentials, screenshots, files, and system information, according to a report from the Symantec Threat Hunter Team.
Nodaria's attacks against Ukraine involve a two-stage infection chain that includes a downloader enabling the retrieval of Graphiron.
"While Nodaria was relatively unknown prior to the Russian invasion of Ukraine, the group's high-level activity over the past year suggests that it is now one of the key players in Russia's ongoing cyber campaigns against Ukraine," said Symantec.
The attacks launched by Nodaria follow recently reported intrusions by Russian state-backed hacking group Gamaredon against Ukrainian military and law enforcement authorities through Telegram.
Cybercrime operation Gold Melody, also known as UNC961 and Prophet Spider, has been discovered by SecureWorks Counter Threat Unit researchers to be an initial access broker peddling compromised network access for further attacks, according to The Hacker News.