There have been active cyberattacks against the governments and companies of both countries since the beginning of the Russian-Ukraine war. Researchers have discovered three different DDoS, malware, and infrastructure disruption attacks against Ukraine.
Attack by DDoS
Cybercriminals used WordPress sites to install a malicious software that utilises users’ browsers to launch DDoS assaults on Ukrainian websites.
A WordPress site was hacked in order to employ this script, which was used to launch DDoS assaults on ten Ukrainian websites. With a sluggish web browser, the assault happens in the background, without the user’s knowledge.
Government offices, think tanks, financial sites, recruiting sites for the International Legion of Defense of Ukraine, and other pro-Ukraine websites are among the sites targeted.
Disruption of infrastructure
Meanwhile, Ukrtelecom, a fixed-line telecommunications company, has become the target of yet another hack. The hack was one of the most serious since the Russian invasion, disrupting services throughout the nation.
It was unclear if Ukrtelecom was subjected to a DDoS attack or a more sophisticated infiltration.
In reaction to consumer comments on Facebook, Ukrtelecom admitted the hack.
An assault with ransomware
The Ukraine CERT has issued a warning on the GhostWriter APT group’s use of Cobalt Strike Beacon to target governmental entities.
A spear-phishing effort was carried out by the Belarus-based APT organisation.
A Saboteurs[.]rar archive is used in the phishing mails, which includes the RAR-archive Saboteurs 21[.]03[.]rar.
Cobalt Strike Beacon, a malicious application, is delivered at the end of the attack chain.
Parallel to the Russian invasion, there has been a significant surge in cyberattacks directed at Ukraine. It’s possible that future cyberattacks may be launched against Ukrainian targets. As a result, government entities and enterprises should heed the CERT-UA warning to be safe.