In a recent discovery by EclecticIQ researchers, a cyberattack has been uncovered that targets Ukrainian Windows users. The attack, attributed to the Sandworm (APT44) group, utilizes Trojans embedded in fake Windows KMS activators and fake updates to infiltrate devices. These attacks began in late 2023 and have since been a cause for concern among cybersecurity experts.
The hackers behind the attack have been using the BACKORDER downloader to distribute the DarkCrystal RAT (DcRAT) malware. Additionally, they have been registering attack domains via ProtonMail, a secure email service. By deploying Trojans through fake Windows KMS activators, the hackers gain access to sensitive information on infected devices. Once installed, the Trojans disable Windows Defender, record keystrokes, steal cookies, passwords, and system information, and then transmit this data to the attackers’ servers.
One of the primary reasons for the success of these attacks is the prevalence of pirated software in Ukraine, including within government institutions. This means that a large number of devices are at risk of infection, creating a significant threat to national security and critical infrastructure. EclecticIQ has issued a warning about the seriousness of these Sandworm attacks and the need for enhanced cybersecurity measures to mitigate the risks.
In a related development, a recent analytical report titled “Russian Cyber Operations” for the first half of 2024 has highlighted a shift in focus by Russian hacker groups towards military operations and service providers. Unlike previous one-time attacks, the current strategy of these hackers involves entrenching in systems, covertly collecting information, and using cyber means to gather data on the outcomes of physical strikes.
The State Service for Communications, which prepared the report, noted that the IT sector has shown resilience in recovering from cyberattacks and has even strengthened its defenses after each incident. The report also delves into new trends in Russian hacker tactics, identifies emerging threats, and offers insights from Ukrainian cybersecurity experts on lessons learned from dealing with these cyber threats.
Overall, the evolving landscape of cybersecurity threats demands constant vigilance and proactive measures to safeguard sensitive information and critical infrastructure from malicious actors. The collaboration between cybersecurity researchers, government agencies, and industry stakeholders is crucial in addressing these challenges and ensuring a secure digital environment for all users.