A group of Russian cybercriminals who previously deployed the WhisperGate malware is now back with another campaign.
According to cybersecurity experts, the same crew of hackers is now spreading new data-stealing malware to Ukrainian organizations.
Russian Hackers Launch Graphiron Campaign
After the "WhisperGate" campaign, the Russian hackers are back once again to deliver a new form of information-stealing malware.
According to a blog post by Symantec's Threat Hunter Team on Wednesday, Feb. 8, the TA471 group which is said to have originated from Russia is currently operating across North America and Europe.
This state-sponsored group of Russian hijackers continues their mission to hit Ukrainian entities in a series of malware campaigns.
Initially, it was linked to WhisperGate which first hit Ukraine in January 2022. This shape-shifting malware might be seen as simple ransomware by unsuspected victims.
Symantec confirms that the same group behind WhisperGate is now deploying a new form of data-wiping malware to the same country. The so-called "Graphiron" is hitting Ukrainian systems from October 2022 until mid-January 2023.
This dangerous malware can wipe out the system's files and infect all of its content, according to security analysts.
Related Article: Russia and Iran State-Linked Hackers Are Increasingly Attacking Politicians, Journalists - UK Cybersecurity Center Alleges
Graphiron Disguises Itself as Microsoft Office File
In another report by TechCrunch, Graphiron works by disguising itself as a Microsoft Office file on a computer. After masking the said data-stealing malware as GrimPlant or GraphSteel, it will obtain more data in the system such as the SSH keys and several screenshots.
"That information could be useful in itself from an intelligence perspective, or it could be used to penetrate deeper into the targeted organization or to launch destructive attacks," Symantec Threat Hunter Team's principal intelligence analyst Dick'O Brien said in an interview with TechCrunch.
To date, TA471 is still using this information-stealing malware in their campaigns pointed at the Ukrainian government and computers.
Ukraine is not only battling with TA471 spies. Actually, the country is also fighting UAC-0010, another known Russian group of hackers that are receiving support from the government.
State-sponsored hackers are observed to be increasing in numbers each year as authorities crack down on people who sell their products on the dark web.
The State Cyber Protection Center of Ukraine says that more cybercriminal groups are getting smarter with their methods of deploying malware. Some variants now bypass their security gates and become undetected even with extra security protection.
For Ukrainian officials, improving the overall cybersecurity of the country is an utmost priority to address this year. Companies and organizations lose millions of dollars in revenue with each strike of these Russian groups.
Meanwhile, a notorious hacker from Russia has pleaded guilty in the US because of money laundering cases, per The Hacker News.
The authorities learned that the 30-year-old Denis Mihaqlovic Dubnikov was connected to the Ryuk ransomware attacks. He will be sentenced on April 11, 2023.
