HomeSecurity OperationsRussian hackers use Windows KMS activator to steal Ukrainians' personal data.

Russian hackers use Windows KMS activator to steal Ukrainians’ personal data.

Published on

spot_img

In a recent discovery by EclecticIQ researchers, a cyberattack has been uncovered that targets Ukrainian Windows users. The attack, attributed to the Sandworm (APT44) group, utilizes Trojans embedded in fake Windows KMS activators and fake updates to infiltrate devices. These attacks began in late 2023 and have since been a cause for concern among cybersecurity experts.

The hackers behind the attack have been using the BACKORDER downloader to distribute the DarkCrystal RAT (DcRAT) malware. Additionally, they have been registering attack domains via ProtonMail, a secure email service. By deploying Trojans through fake Windows KMS activators, the hackers gain access to sensitive information on infected devices. Once installed, the Trojans disable Windows Defender, record keystrokes, steal cookies, passwords, and system information, and then transmit this data to the attackers’ servers.

One of the primary reasons for the success of these attacks is the prevalence of pirated software in Ukraine, including within government institutions. This means that a large number of devices are at risk of infection, creating a significant threat to national security and critical infrastructure. EclecticIQ has issued a warning about the seriousness of these Sandworm attacks and the need for enhanced cybersecurity measures to mitigate the risks.

In a related development, a recent analytical report titled “Russian Cyber Operations” for the first half of 2024 has highlighted a shift in focus by Russian hacker groups towards military operations and service providers. Unlike previous one-time attacks, the current strategy of these hackers involves entrenching in systems, covertly collecting information, and using cyber means to gather data on the outcomes of physical strikes.

The State Service for Communications, which prepared the report, noted that the IT sector has shown resilience in recovering from cyberattacks and has even strengthened its defenses after each incident. The report also delves into new trends in Russian hacker tactics, identifies emerging threats, and offers insights from Ukrainian cybersecurity experts on lessons learned from dealing with these cyber threats.

Overall, the evolving landscape of cybersecurity threats demands constant vigilance and proactive measures to safeguard sensitive information and critical infrastructure from malicious actors. The collaboration between cybersecurity researchers, government agencies, and industry stakeholders is crucial in addressing these challenges and ensuring a secure digital environment for all users.

Source link

Latest articles

Keeper Security Enhances Its Partner Programme

Keeper Security has recently rolled out the updated Keeper Partner Programme, aimed at assisting...

AI Chatbot DeepSeek R1 Vulnerable to Manipulation for Malware Creation

Tenable Research recently uncovered a concerning discovery regarding the AI chatbot DeepSeek R1, shedding...

Bipartisan Senate bill aims to enhance cybersecurity for water utilities

In a bipartisan effort to strengthen cybersecurity defenses for small water and wastewater utilities,...

Microsoft 365 Phishing Scam Fooled Users into Contacting Fake Support

Guardz, a cybersecurity company, has issued a warning to Microsoft 365 users regarding a...

More like this

Keeper Security Enhances Its Partner Programme

Keeper Security has recently rolled out the updated Keeper Partner Programme, aimed at assisting...

AI Chatbot DeepSeek R1 Vulnerable to Manipulation for Malware Creation

Tenable Research recently uncovered a concerning discovery regarding the AI chatbot DeepSeek R1, shedding...

Bipartisan Senate bill aims to enhance cybersecurity for water utilities

In a bipartisan effort to strengthen cybersecurity defenses for small water and wastewater utilities,...