Skip to content

A mysterious group has links to 15 years of hacks between Ukraine and Russia

Featured Sponsor

Store Link Sample Product
UK Artful Impressions Premiere Etsy Store


Russian security company Kaspersky today launched a new investigation that adds another piece to the puzzle of a group of hackers whose operations appear to extend further than researchers previously thought.

Research published last week by security firm Malwarebytes shed new light on a group of hackers, Red Stinger, which has been conducting espionage operations against pro-Ukrainian victims in central Ukraine and pro-Russian victims in eastern Ukraine. The findings were intriguing due to the ideological mix of the targets and the lack of connections to other known hacker groups. A few weeks before Malwarebytes published its report, Kaspersky had also published research into the group, which he calls Bad Magic, and similarly concluded that the malware used in the attacks had no connections to any other known hacking tools. The research that Kaspersky published today finally links the group to past activities and provides preliminary context for understanding the possible motivations of the attackers.

Adding Malwarebytes’ research to what they had independently found, the Kaspersky researchers combed through historical telemetry data to look for connections. Eventually, they discovered that some of the cloud infrastructure and malware the group was using had similarities to spying campaigns in Ukraine that the security company ESET identified in 2016as well as signature campaigns CyberX discovered in 2017.

β€œMalwarebytes found out more about the initial infection stage and then about the installer” used in some of the group’s attacks since 2020, says Georgy Kucherin, a malware researcher at Kaspersky. β€œAfter publishing our report on the malware, we decided to look at historical data on similar campaigns that have similar goals and that have occurred in the past. This is how we discovered the two similar campaigns from ESET and CyberX, and concluded with medium to high confidence that the campaigns are linked and are likely all executed by the same actor.”

Different activities over time have similar victimology, meaning the group targeted the same types of targets, including officials working for pro-Russian factions inside Ukraine and Ukrainian government officials, politicians, and institutions. . Kucherin also notes that he and his colleagues found similarities and multiple overlaps in the code of the plugins used by the group’s malware. Some codes even seemed to be copied and pasted from one campaign to the next. And the researchers observed similar use of cloud storage and characteristic file formats in the files the group exported to its servers.

Malwarebytes research published last week documented five campaigns since 2020 by the hacking group, including one targeting a member of the Ukrainian military working on Ukraine’s critical infrastructure. Another campaign targeted pro-Russian election officials in eastern Ukraine, an adviser to Russia’s Central Election Commission and one who works in transportation in the region.

In 2016, ESET wrote about the activity that it dubbed “Operation Groundbait”: “The main point that distinguishes Operation Groundbait from the other attacks is that it has primarily targeted anti-government separatists in the self-proclaimed Donetsk and Luhansk People’s Republics. If While the attackers appear to be most interested in separatists and self-proclaimed governments in the eastern Ukraine war zones, there have been a host of other targets as well, including but not limited to Ukrainian government officials, politicians and journalists. ”.


—————————————————-

Source link

We’re happy to share our sponsored content because that’s how we monetize our site!

Article Link
UK Artful Impressions Premiere Etsy Store
Sponsored Content View
ASUS Vivobook Review View
Ted Lasso’s MacBook Guide View
Alpilean Energy Boost View
Japanese Weight Loss View
MacBook Air i3 vs i5 View
Liberty Shield View
πŸ”₯πŸ“° For more news and articles, click here to see our full list. 🌟✨

πŸ‘πŸŽ‰ Don’t forget to follow and like our Facebook page for more updates and amazing content: Decorris List on Facebook πŸŒŸπŸ’―

πŸ“Έβœ¨ Follow us on Instagram for more news and updates: @decorrislist πŸš€πŸŒ

🎨✨ Follow UK Artful Impressions on Instagram for more digital creative designs: @ukartfulimpressions πŸš€πŸŒ

🎨✨ Follow our Premier Etsy Store, UK Artful Impressions, for more digital templates and updates: UK Artful Impressions πŸš€πŸŒ