Russian-Ukraine Cyber War: Boon to Hacker Community, Malware and Phishing

Ukraine's Computer Emergency Response Team (CERT-UA) has witnessed a threat from Belarusian state-sponsored hackers targeting military personnel and related individuals as part of a phishing campaign rising among Russia's military invasion of the country.A pile of phishing emails has recently been observed targeting private 'i.ua' and 'meta.ua' accounts of Ukrainian military personnel and allied individuals. Eventually, the attacks leverage the contact information stored in the victim's address book to cultivate the phishing messages to other targets. "UNC1151” has also targeted a huge variety of governmental and private sector entities, with a focus in Ukraine, Lithuania, Latvia, Poland, and Germany.

The state-sponsoredcyber-eavesdropping group has also been linked to the Ghost-writer deceit campaign that publicized anti-NATO and corruption-themed narratives aimed at Lithuania, Latvia, and Poland with the common objective of weakening the governments and creating threats and tensions in the region.UNC1151 is the Mandiant-designatedalias to an uncategorized threat troop, which operates with objectives that are line-up with Belarusian government interests. This hacking cluster is believed to have been active since at least 2016.

The Russia-Ukraine cyber warzone has split the Conti ransomware gang into conflicting coterie, leading to a Ukrainian member spilling 60,000 of the group’s internal chat messages online. According to Threat Post; an internet collection of malware source code, samples, and papers that’s generally considered to be a benign entity – shared on Twitter a message from a Conti member saying that “This is a friendly heads-up that the Conti gang has just lost all their shot.”The gang has also, evidently, lost a cache of chat data: the first scrap of what the poster promised would be multiple, “very attractive” leaks coming from Conti’s Jabber/XMPP server.

The development follows a cannonade of data eraser and distributed-denial-of-service (DDoS) attacks against Ukrainian government agencies, even as various hacking groups and ransomware syndicates are capitalizing on the chaos to take sides and increase their activities.The Russian government appears to have stationed a digital drawbridge to protect websites, the Ukrainian government has issued a call to arms among local hackers, and so-called hacktivists have claimed credit for knocking the website of Russia. After this attack, Russian government websites went dark in some parts of the world after being earmarked with a flood of web traffic via a distributed denial-of-service (DDoS) attack attempting to knock them offline.