Russian-linked threat actors harnessed a commercial security tool to launch cyberattacks on Ukrainian government organizations and a series of phishing attacks designed to infiltrate key systems amid Russia’s invasion of Ukraine, according to
new research published today by Trustwave.
The research reveals how cybercriminals, ransomware operators and other threat actors can manipulate legitimate penetration tools to conduct espionage and other destructive attacks on connected systems.
Cybercriminal groups reportedly associated with Russia's Foreign Intelligence Service and Federal Security Service used a commercial penetration tool called Cobalt Strike in at least six cyber and phishing attacks against the Ukrainian government between March and July.
Some of the attacks were designed to make systems inoperable while others were designed “to establish a foothold and exfiltrate data from targeted systems." Researchers noted that Sandworm – a Russian-linked cybercriminal group – targeted a Ukrainian energy company shortly after the invasion was launched.
fcw.com
