From there, attackers deploy basic scripts to act as a backdoor and a loader for malware. The campaigns begin with phishing attacks to distribute malicious links that lead to tainted ZIP files, malicious documents, and special Windows linking files. One target was an adviser to Russia's Central Election Commission, and another works on transportation-possibly railroad infrastructure-in the region. In Operation Five, the group targeted multiple election officials running Russian referendums in disputed cities in Ukraine, including Donetsk and Mariupol. During this campaign, attackers compromised victims' devices to exfiltrate screenshots and documents, and even record audio from their microphones. The campaign that Malwarebytes calls “Operation Four” targeted a member of Ukraine's military who works on Ukrainian critical infrastructure, as well as other individuals whose potential intelligence value is less obvious. The group's motives and allegiance aren't yet clear, but the digital campaigns are noteworthy for their persistence, aggressiveness, and lack of ties to other known actors. Malwarebytes attributes five operations between 2020 and the present to the group, which it has dubbed Red Stinger, though the researchers only have insights into two of the campaigns conducted in the past year. Amidst all of this and activity from other governments and hacktivists, researchers from the security firm Malwarebytes say that they've been tracking a new hacking group that has been conducting espionage operations since 2020 against both pro-Ukraine targets in central Ukraine and pro-Russia targets in eastern Ukraine. Ukrainian networks have been on the receiving end of grimly sophisticated and innovative cyberattacks from Russia for nearly a decade, and Ukraine has increasingly struck back, particularly since the Kremlin's invasion last year.
0 kommentar(er)
