The geopolitical war between Ukraine and Russia is still far from its conclusion, so researchers are still expecting several new cyberattacks that either of the two countries will conduct.
Researchers recently discovered three separate cyberattacks using malicious tools, distributed denial-of-service, and infrastructure disruption that Russian hackers launched against Ukraine.
Different cyberattacks have been deployed by Russian hackers and their affiliates against the invaded country.
For the distributed denial-of-service attacks, the threat actors targeted WordPress sites to include a malicious code that will use visitors’ browsers to operate a cyberattack against Ukraine.
Russian threat groups compromised a WordPress site to use the script that targeted ten websites in Ukraine. The attack happened in the background, where the user’s awareness was not alerted by the targeted system. The DDoS targeted websites include think tanks, recruitment sites, financial sites for the Legion of Defence of Ukraine, pro-Ukrainian sites, and government agencies.
For the infrastructure disruption, the malicious threat actors opposing the Ukrainian government have struck a fixed-line telecom firm called Ukrtelecom. According to researchers, it was the most disruptive attack by Russian hackers since the start of the invasion last March. The disruption has impacted the services, which affected both mobile and internet users across the county.
However, researchers could not determine whether Ukrtelecom was hit by a DDoS campaign or a more sophisticated attack. The affected telecommunication provider then confirmed the disruption in response to the clients expressing their concerns on social media platforms like Facebook.
For the ransomware attack, the Ukrainian CERT warned its citizens about the Ghostwriter advanced persistent threat group that targets state entities by utilising the Cobalt Strike Beacon.
Moreover, the Belarus-affiliated APT gang has operated a spear-phishing campaign in the entire Ukrainian region. The phishing message user a RAR-archive Saboteurs 21[.]03[.]rar. That includes the Saboteurs[.]rar archive.
The threat campaign ends by delivering a compromised program called Cobalt Strike Beacon.
The latest upsurge of cyberattacks against Ukraine is parallel with the Russian invasion. Experts claimed that Russian hackers could deploy more cyberattacks to target Ukrainian organisations and the government.
Security agencies suggested that organisations and businesses follow the CERT-UA advisory to remain protected from possible cyberattacks.