Home Security Russian Hackers Utilizing Graphiron Malware to Steal Knowledge from Ukraine

Russian Hackers Utilizing Graphiron Malware to Steal Knowledge from Ukraine

by crpt os


Feb 08, 2023Ravie LakshmananThreat Intelligence / Data Safety

A Russia-linked threat actor has been observed deploying a new information-stealing malware in cyber attacks targeting Ukraine.

Dubbed Graphiron by Broadcom-owned Symantec, the malware is the handiwork of an espionage group known as Nodaria, which is tracked by the Computer Emergency Response Team of Ukraine (CERT-UA) as UAC-0056.

“The malware is written in Go and is designed to harvest a wide range of information from the infected computer, including system information, credentials, screenshots, and files,” the Symantec Threat Hunter Team said in a report shared with The Hacker News.

Nodaria was first spotlighted by CERT-UA in January 2022, calling attention to the adversary’s use of SaintBot and OutSteel malware in spear-phishing attacks targeting government entities.

The group, which is said to be active since at least April 2021, has since repeatedly deployed custom backdoors such as GraphSteel and GrimPlant in various campaigns since Russia’s military invasion of Ukraine. Select intrusions have also entailed the delivery of Cobalt Strike Beacon for post-exploitation.

Graphiron, the latest program added to the group’s arsenal, is an improved version of GraphSteel, packing in features to run shell commands and harvest system information, files, credentials, screenshots, and SSH keys.

Another notable aspect is that while GraphSteel and GrimPlant made use of Go version 1.16, Graphiron relies on version 1.18, which officially shipped in March 2022. This also suggests that Graphiron is a more recent development.

Furthermore, an analysis of the infection chains reveals the presence of two stages, a downloader that’s responsible for retrieving an encrypted payload containing the Graphiron malware from a remote server.

With the latest findings, Nodaria joins another Russian state-sponsored group referred to as Gamaredon in extensively singling out Ukraine.

“While Nodaria was relatively unknown prior to the Russian invasion of Ukraine, the group’s high-level activity over the past year suggests that it is now one of the key players in Russia’s ongoing cyber campaigns against Ukraine,” Symantec said.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex