Background
CERT-UA recently released an advisory on IcedID, a modular banking trojan being dropped via a social engineering campaign targeting Ukrainian government entities, and related Zimbra exploits.
IcedID and Zimbra Exploits Target Ukrainian Government Entities
Apr 22, 2022 1:38:37 PM / by PolySwarm Tech Team posted in Ukraine, Threat Bulletin, Infostealer, IcedID, BokBot, UAC-0098, UAC-0097, Zimbra
Industroyer2 Targets Ukrainian Energy Company
Apr 15, 2022 1:06:29 PM / by PolySwarm Tech Team posted in Ukraine, Russia, Threat Bulletin, Wiper, Critical Infrastructure, Industroyer2, Sandworm, Voodoobear
Background
ESET recently reported on Industroyer2, a multi-component ICS malware used to target a Ukrainian energy company.
CaddyWiper
Mar 21, 2022 1:45:31 PM / by PolySwarm Tech Team posted in Ukraine, Threat Bulletin, Wiper, CaddyWiper
Background
Since January, Ukraine has been targeted by several wiper malware families. In early February, we reported on the WhisperGate wiper. Earlier this month we spotlighted HermeticWiper and IsaacWiper. Ukraine was recently under attack by yet another wiper malware. ESET announced the discovery of CaddyWiper on March 14th in a tweet. Cisco Talos followed up a day later with more information on this malware.
MicroBackdoor
Mar 11, 2022 1:28:25 PM / by PolySwarm Tech Team posted in Ukraine, Threat Bulletin, MicroBackdoor, UNC1151, Belarus, First Seen
Background
CERT-UA, the Ukraine government’s incident response team, recently released a report on MicroBackdoor. CERT-UA did not provide further information on the scope of the incident leading to the discovery of this malware.
HermeticWiper & IsaacWiper Target Ukraine
Mar 9, 2022 1:34:55 PM / by PolySwarm Tech Team posted in Ukraine, Threat Bulletin, IsaacWiper, HermeticWiper, WhisperGate, HermeticWizard, HermeticRansom, FoxBlade
Background
Ukraine was recently targeted by several wiper malware families. In January, WhisperGate, which was attributed to a Belarusian threat actor group known as Ghostwriter/UNC1151, targeted Ukraine’s government, non-profit, and technology verticals. On February 23, another wiper malware dubbed HermeticWiper or FoxBlade was used to target Ukraine. On February 24, a third wiper malware was observed targeting Ukrainian entities. This new malware was dubbed IsaacWiper. ESET recently published research on HermeticWiper and IsaacWiper.
Russian Websites Down As Russia Fears Critical Infrastructure Attacks
Feb 25, 2022 4:06:31 PM / by PolySwarm Tech Team posted in Ukraine, Russia, Threat Bulletin, Critical Infrastructure
PolySwarm Threat Bulletin
THIS THREAT BULLETIN IS PROVIDED FOR SITUATIONAL AWARENESS
Background
This report is part of our ongoing coverage of the Russia-Ukraine conflict and cyber implications.
PolySwarm recently released the following publications and blog posts discussing Russia-Ukraine tensions and the potential for both kinetic and cyber conflict:
DDoS Attacks and New Wiper Malware Target Ukraine
Feb 25, 2022 2:37:21 PM / by PolySwarm Tech Team posted in Ukraine, Russia, Threat Bulletin, Financial, Wiper, Malware, DDoS, Katana, Government, Defense
PolySwarm Threat Bulletin
THIS THREAT BULLETIN IS PROVIDED FOR SITUATIONAL AWARENESS
Background
PolySwarm recently released several publications and blog posts discussing Russia-Ukraine tensions and the potential for both kinetic and cyber conflict:
PolySwarm Threat Bulletin: Armageddon Activity Targeting Ukraine
Feb 9, 2022 2:16:05 PM / by PolySwarm Team posted in Ukraine, Russia, Threat Bulletin