Cyberattack was attempted against a western government ‘entity’ in Ukraine, researchers say

Join online with today’s leading executives at the Data Summit on March 9th. Register here.


Last month, a dangerous Russian-linked actor attempted a cyber attack on an “entity” in Ukraine that is part of an unidentified Western government, according to researchers at the Unit 42 organization of the Palo Alto Networks.

The attack was attempted on January 19, and was carried out by a group called Unit 42 “Gameradon”. The group is led by five Russian Federal Security Service officials, Ukraine’s security service said earlier.

In a blog post today, Unit 42 researchers said that since 2013, Gamerado has been “primarily focused on its cyber campaigns against Ukrainian government officials and organizations.”

The researchers said they were keeping a close eye on Gameradon’s activities because of its focus on the geopolitical situation and the group’s goals.

The attack comes amid estimates that Russia has deployed more than 100,000 troops on Ukraine’s eastern border. On Wednesday, President Joe Biden approved sending an additional 3,000 U.S. troops to Eastern Europe.

A ‘precision’ attack

Unit 42 stated that it has mapped three clusters of GameRadon’s infrastructure used to support malware and phishing activities – including more than 100 samples of malware, 700 malicious domains and 215 IP addresses.

“Observing these clusters, we saw in January an attempt to reconcile with a Western government entity in Ukraine. 19, 2022, “the researchers said.

The attack involved a “targeted phishing attempt,” Unit 42 reported.

“In this endeavor, instead of emailing [malware] Downloaders directly at their target, artists instead took advantage of job search and employment services in Ukraine, “the researchers said.” In doing so, artists searched for active job postings, uploaded their downloaders as resumes and sent them to Western government entities through job search platforms. Submitted. “

Unit 42 stated in its post that “due to the measures and precision distribution involved in this campaign, it appears that this may be a definite, deliberate attempt by Gameradon to reconcile with the Western government body.”

This post does not identify or describe the Western government entity. When contacted by VentureBeat today, Unit42 said it did not provide further details.

More than 70 Ukrainian government websites were attacked in less than a week after the new “Whispergate” family of malware was targeted.

Global tensions

The US Department of Homeland Security (DHS) suggested last month that Russia could keep a close eye on cyber attacks on US infrastructure amid tensions between countries over Ukraine.

The DHS Intelligence Bulletin suggested that if Russia invaded Ukraine, the US or NATO response to the invasion could encourage cyber aggression from Russia against US-based targets. Attacks targeting crucial infrastructure, according to a January 23 bulletin, cited by CNN.

Kevin Brin, director of cybersecurity research at Immersive Labs, said in an earlier statement: “We’ve seen significant ransomware groups in the region, including REvil and DarkSide, with the ability to quickly and largely compromise large networks. “

“It would be wrong to assume that the nation-state that harbors such criminal elements does not have the matching capacity,” Brain said.

Venturebeat’s mission Transformative Enterprise is about to become a digital town square for technology decision makers to gain knowledge about technology and transactions. Learn more

Similar Posts

Leave a Reply

Your email address will not be published.