Malware, Vulnerability Management

Ukraine targeted with new hacking operations

Share
Two new hacking campaigns against Ukraine have been confimed by the country's Computer Emergency Response Team, according to CyberScoop. Unspecified Ukrainian critical infrastructure has been targeted by the first campaign believed to be perpetrated by the UAC-0098 threat group, which has been suspected to be behind numerous cyberattacks against Ukraine following Russia's invasion in February, as well as associated with the TrickBot malware, according to Ukraine's State Service of Special Communications. Attackers delivered a malicious Microsoft Word document purporting to be from the State Tax Service of Ukraine, which would trigger a Cobalt Strike beacon once opened. Meanwhile, the second campaign, which may have commenced on June 10, involved the exploitation of the Follina vulnerability, tracked as CVE-2022-30190, to facilitate system takeovers and CredoMap malware deployment. "According to the set of characteristic features, we consider it possible to associate the detected activity with the activities of the APT28 group," said CERT-UA officials.

Related

UEFI malware delivery possible with PKfail issue

Such a vulnerability stems from impacted devices' usage of an American Megatrends International-generated Platform Key with the "DO NOT TRUST" tag that the vendors should have replaced, according to a report from the Binarly Research Team.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.