Skip to main content

Shuckworm Malware is Attacking Ukraine, Sponsored by Russia?

Hackers allegedly supported by the Russian government, again attacked several institutions in Ukraine and carried out information theft by placing malware as an espionage operation.

Symantec is a security firm that released several names of malware used by these hackers. The malware includes Shuckworm, which other security vendors call Actinium, Armageddon, Gamaredon, PrimitiveBear and Trident Ursa.

According to Symantec, these hackers have been active since 2013 and are indeed a syndicate for theft of public and private information in Ukraine. The intensity of this theft increased with the Russian military invasion of Ukraine in early 2022 yesterday.

The findings follow an alert from CERT-UA, which cautioned of "systematic, massive and geographically dispersed" phishing attacks involving the use of a .NET downloader called RelicRace to execute payloads such as Formbook and Snake Keylogger.

The latest set of attacks are said to have commenced on July 15, 2022, and ongoing as recently as August 8, with the infection chains leveraging phishing emails disguised as newsletters and combat orders, ultimately leading to the deployment of a PowerShell stealer malware dubbed GammaLoad .PS1_v2.

Also delivered to the compromised machines are two backdoors named Giddome and Pterodo, both of which are trademark Shuckworm tools that have been continually redeveloped by the attackers in a bid to stay ahead of detection.


Comments

Popular posts from this blog

Cara Disable Antimalware Service Executable di Windows 10

Disadari atau tidak, Windows 10 (dan juga windows-windows lainnya) hadir dengan banyak sekali aplikasi bloatware (aplikasi yang tidak perlu-perlu amat dimiliki oleh end user). Contohnya, adalah aplikasi yang seharusnya sudah tergantikan fungsinya oleh antivirus, seperti Antimalware Service Executable . Aplikasi ini dicurigai membuat Windows 10 mengalami inefisiensi memori/RAM, memakan resource yang tinggi, dengan Load yang tinggi (tanpa limit terkadang). Nah, berikut adalah cara men-disable nya: Tekan tombol Windows + I untuk membuka apliaksi Windows Setting. Pilih icon menu Update and Security Pilih lagi menu disamping kiri Windows Security Pada jendela baru yang muncul, ada pilihan Virus & Threat protection Klik ini Lalu matikan proses Real-time protection tersebut. Dengan Regedit. Buka dialog regedit, Windows + R dan ketik ‘regedit’ Cari Folder regedit ini HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Buat sebuah DWORD baru dengan klik kanan

Setup Debian 11 Official Repository In sources.list (/etc/apt/sources.list)

When you install Debian 11 using a DVD, the OS installer sets the DVD as the source for getting packages for your system if you didn't choose to scan for network mirrors. Due to this reason, the system would ask you to insert a DVD if the disc is not present in the DVD drive when you try to install any software.  Also, the packages on DVD may not be the latest release.  So, we need to get the packages from the Internet. Media change: please insert the disc labeled 'Debian GNU/Linux 11.0.0 _Bullseye_ - Official amd64 DVD Binary-1 20210814-10:04' in the drive '/media/cdrom/' and press [Enter] The /etc/apt/sources.list file with DVD as a source would look something like below. # deb cdrom:[Debian GNU/Linux 11.0.0 _Bullseye_ - Official amd64 DVD Binary-1 20210814-10:04]/ bullseye contrib main deb cdrom:[Debian GNU/Linux 11.0.0 _Bullseye_ - Official amd64 DVD Binary-1 20210814-10:04]/ bullseye contrib main deb http://security.debian.org/debian-security bullseye-security

How to Install Traefik in Debian (Without Docker)

 Download the suitable version of Traefik for your system from here: https://github.com/traefik/traefik/releases as an example, we'll be download the linux 64 bit version: wget https://github.com/traefik/traefik/releases/download/v2.8.7/traefik_v2.8.7_linux_amd64.tar.gz extract those package: tar -xzvf traefik_v2.8.7_linux_amd64.tar.gz set the traefik as executable and move the traefik binary to linux bin folder