Ukraine Cyber-Attack : Government and Embassy Websites Targeted

upnorth

upnorth

Level 68
Thread author
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458
Content source
https://www.bbc.com/news/world-europe-59992531
More than a dozen Ukrainian government websites went down on Friday, in a cyber-attack that also targeted embassies.

The foreign and education ministries were among those hit, along with embassies in the UK, US and Sweden. Before the sites went down a message appeared warning Ukrainians to "prepare for the worst".
Click to expand...
www.bbc.com

Ukraine cyber-attack: Russia to blame for hack, says Kyiv

About 70 Ukrainian government websites were targeted, including the foreign and energy ministries.
www.bbc.com www.bbc.com
 
  • Wow
  • Sad
  • +Reputation
Reactions: Zartarra, SpiderWeb, Venustus and 7 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,259
Destructive malware targeting Ukrainian organizations
Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a destructive malware operation targeting multiple organizations in Ukraine. This malware first appeared on victim systems in Ukraine on January 13, 2022. Microsoft is aware of the ongoing geopolitical events in Ukraine and surrounding region and encourages organizations to use the information in this post to proactively protect from any malicious activity.
Click to expand...
Observed actor activity
Stage 1: Overwrite Master Boot Record to display a faked ransom note
Stage 2: File corrupter malware
Click to expand...
Recommended customer actions
The techniques used by the actor and described in the this post can be mitigated by adopting the security considerations provided below:
  • Use the included indicators of compromise to investigate whether they exist in your environment and assess for potential intrusion.
  • Review all authentication activity for remote access infrastructure, with a particular focus on accounts configured with single factor authentication, to confirm authenticity and investigate any anomalous activity.
  • Enable multifactor authentication (MFA) to mitigate potentially compromised credentials and ensure that MFA is enforced for all remote connectivity. NOTE: Microsoft strongly encourages all customers download and use password-less solutions like Microsoft Authenticator to secure accounts.
  • Enable Controlled folder Access (CFA) in Microsoft Defender for Endpoint to prevent MBR/VBR modification.
Click to expand...
www.microsoft.com

Destructive malware targeting Ukrainian organizations | Microsoft Security Blog

Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a destructive malware operation targeting multiple organizations in Ukraine.
www.microsoft.com www.microsoft.com
 
  • Like
Reactions: Venustus, Zartarra, woodrowbone and 2 others
You must log in or register to reply here.

Similar threads

oldschool
    • Like
    • +Reputation
    • Applause
Security Firms Aiding Ukraine During War Could Be Considered Participants in Conflict
Replies
3
Views
1,136
News Archive
Bumblebee Uncle
Bumblebee Uncle
oldschool
    • Like
    • Applause
    • +Reputation
How the tech community has rallied to Ukraine’s cyber-defence
Replies
2
Views
1,300
News Archive
plat
P
M
    • Like
Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials
Replies
0
Views
697
Microsoft Defender
Microsoft Threat Intelligence
M

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top