Russia-linked cyber groups used commercial security tools to target Ukraine


Level 5
Thread author
Aug 19, 2022

Russian-linked threat actors harnessed a commercial security tool to launch cyberattacks on Ukrainian government organizations and a series of phishing attacks designed to infiltrate key systems amid Russia’s invasion of Ukraine, according to new research published today by Trustwave.

The research reveals how cybercriminals, ransomware operators and other threat actors can manipulate legitimate penetration tools to conduct espionage and other destructive attacks on connected systems.

Cybercriminal groups reportedly associated with Russia's Foreign Intelligence Service and Federal Security Service used a commercial penetration tool called Cobalt Strike in at least six cyber and phishing attacks against the Ukrainian government between March and July.

Some of the attacks were designed to make systems inoperable while others were designed “to establish a foothold and exfiltrate data from targeted systems." Researchers noted that Sandworm – a Russian-linked cybercriminal group – targeted a Ukrainian energy company shortly after the invasion was launched.
Last edited by a moderator:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.