Since the release of WhisperGate malware in 2016, security researchers have been warning about Russian hacking crews that are still active and targeting Ukrainian entities with new information-stealing malware. Experts believe that this latest malware campaign is another attempt by the Kremlin to spread discord and destabilize Ukraine.
TA471 is a prolific cyber threat actor that has targeted Ukrainian targets in the past, but has also been active against NATO member states in North America and Europe. The malware used by TA471, WhisperGate, was linked to multiple destructive cyber attacks against Ukrainian targets in January 2022. If not detected and countered early, this threat actor could cause massive damage to organizations across the globe.
The hacking crew’s latest campaign relies on a newly discovered malware called Graphiron. According to Symantec, the malware was used to steal data from infected machines from October 2022 until at least mid-January 2023. It’s likely that the Graphiron malware remains part of the hackers’ toolkit, and future attacks could target Ukrainian organizations.
Cybercriminals are increasingly using information-stealing malware to target victims around the world. One such malware is GraphSteel, which was used in a recent spear-phishing campaign specifically targeting Ukrainian state bodies. But Symantec warns that Graphiron is designed to steal even more data, including screenshots and private SSH keys. This type of malware poses a serious threat to businesses and individuals who rely on electronic communication and access to important files.
There is no telling what kind of information could be valuable to a malicious actor if they were able to infiltrate a target organization. From there, they could collect sensitive data or use the target’s resources for their own gain.
Experts have long speculated that the Russian hacking crew TA471 is responsible for a significant number of cyberattacks against Ukrainian targets. TA471 has become one of the key players in Russia’s ongoing cyber campaigns against Ukraine, which experts believe is part of a larger attempt to destabilize the country.
Recently, it was announced that TA471, a Russian state-sponsored hacking group, is currently active in conducting espionage campaigns against Ukrainian organizations. This follows news earlier this year of another Russian state-sponsored hacking group, dubbed UAC-0010, which continues to conduct frequent cyber attack campaigns against Ukrainian organizations. The two groups are believed to be operating independently of one another, but both are believed to be connected to the Russian government.
Cyber-attacks are a constant worry for businesses, with sophisticated adversaries constantly evolving their tactics in order to stay undetected. One of the biggest threats facing these organizations is malware – often used as a means of attack – which can be difficult to detect and prevent. This makes cybersecurity an ongoing challenge for companies everywhere, and particularly so in Ukraine, where cyber-attackers are still relatively new players on the scene.