Hacking team tied to Russia targeted Western 'government entity' in Ukraine -researchers
Reuters
Published Feb 03, 2022 04:48PM ET
Updated Feb 04, 2022 02:20PM ET
By James Pearson and Christopher Bing
(Reuters) -A hacking team that Ukraine says is controlled by Russian intelligence has targeted a wide range of organizations in the country, including a "western government entity," according to cybersecurity research published on Thursday and Friday.
The United States and other allies have sent military advisers and cybersecurity experts to Ukraine in recent months to help defend against Russian forces, now massed on the neighboring country's borders.
In a report issued on Friday, Microsoft Corp (NASDAQ:MSFT) said a group called "Gameredon" had tried to obtain sensitive information from a wide range of military, governmental and nongovernmental organizations in Ukraine since last October.
The report included a screen shot of one such attempt, which showed an email, embedded with malicious code, disguised as an official update on the COVID-19 pandemic from the World Health Organization (WHO).
On Thursday, cybersecurity company Palo Alto Networks (NASDAQ:PANW) Inc said in its report that Gamaredon attacked a Western government entity in Ukraine in January. The report did not name the entity, and a company representative declined to comment further.
Palo Alto Networks said it was able to track the Russian hacking mission by analyzing a maze of different malicious Web domains designed to infect Ukrainian computers with malware.
Russia has amassed more than 100,000 troops along the border with Ukraine, prompting fears of war. Although denying it plans an invasion, Russia is demanding sweeping security guarantees including a promise that NATO never admit Ukraine.
In November, Ukrainian security services publicly attributed Gamaredon to a team of Russian Federal Security Service officers based in Crimea. The Russian Embassy in Washington did not immediately reply to a request for comment about Gameredon.
“They were officers of the ‘Crimean’ FSB, as well as traitors who sided with the enemy during the occupation of the peninsula in 2014,” Ukraine's security service said in a November https://ssu.gov.ua/en/novyny/sbu-vstanovyla-khakeriv-fsb-yaki-zdiisnyly-ponad-5-tys-kiberatak-na-derzhavni-orhany-ukrainy news release, publicizing leaked audio https://www.youtube.com/watch?v=Rci5xiyMv7k&feature=emb_title of the hackers.
Also known as Primitive Bear by security researchers, Gamaredon is one of the most "active existing advanced persistent threats targeting Ukraine," the Palo Alto report said.
"Given the steps and precision delivery involved in this campaign, it appears this may have been a specific, deliberate attempt" to target a "Western government organization," a Palo Alto Networks spokesperson said in a statement.
Get The News You Want
A NATO spokesperson did not immediately respond to a request for comment.
Russia could use cyberattacks as part of its efforts to destabilize and further invade Ukraine, White House cyber official Anne Neuberger said on Wednesday, during a visit to her European counterparts.
Neuberger's visit came just weeks after a different cyberattack against Ukrainian government websites left a warning to visitors: "be afraid and expect the worst."
Written By: Reuters
Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.