Home > News > Malware spike linked to Ukraine invasion

Malware spike linked to Ukraine invasion

News | 5 March, 2022 | 0

The Russian attack on Ukraine is a new kind of war, being fought in cyber space as much as it is on the city streets of Ukraine.

Microsoft reports that Ukrainian networks were targeted with FoxBlade malware several hours before the start of the invasion on the 24^th February.

Said Brad Smith, President & Vice Chair at Microsoft:

Several hours before the launch of missiles or movement of tanks on February 24, Microsoft’s Threat Intelligence Center (MSTIC) detected a new round of offensive and destructive cyberattacks directed against Ukraine’s digital infrastructure. We immediately advised the Ukrainian government about the situation, including our identification of the use of a new malware package (which we denominated FoxBlade), and provided technical advice on steps to prevent the malware’s success.

As the conflict continues, there has been a series of phishing based attacks which use the conflict as a theme to inspire the victim to open the malicious email attachment. Threat actors often use current global events are a theme to trick their victims into opening malicious attachments and emails.

Bitdefender labs have reported on two campaigns which starts on the 1^st of March which deliver Agent Tesla and Remcos Remote Access Trojans (RATs) by posing as suppliers or customers affected by supply chain disruption as a result of the conflict. Both of these campaigns pretend to deliver a survey for the victim to complete in order to help plan for supply chain disruptions.

There are also widespread charity scams from criminals pretending to collect donations to support the refugees and victims displaced by the war posing both as Unicef and the other charities working to support victims of the war. Some of the scams ask for donations in cryptocurrency due to the disruption to the global financial systems as a result of the sanctions imposed on Russia.

Anyone wanting to make a donation to support the victims of the conflict are advised to use a search engine to locate the website of a charity they know and trust rather than responding to unverified emails asking for donations.

Read our article on the impact of the Ukraine conflict on the cyber security of UK Businesses.

cyber security news, phishing

ZuoRAT Malware Targets Home-Office Routers

By Mark Faithfull

A multistage remote access trojan (RAT), known as ZuoRAT, has been specifically developed to attack small office/home office (SOHO) routers. These devices have been more frequently used for work since the increase in home-working inRead more
Microsoft Patches Linux Cluster Bug

By Mark Faithfull

The Microsoft Security Response Centre released a blog post this week about a Service Fabric (SF) Linux Cluster vulnerability. This bug has been identified on both Linux and Windows operating systems, however Microsoft claims only LinuxRead more
Vulnerability reported on QNAP NAS Devices

By Mark Faithfull

A Security Advisory was published by QNAP on Wednesday to advise their customers of the status of Remote Code Execution vulnerability that affects many of their products. The vulnerability is in the versions of PHPRead more
Cisco Small Business Routers Vulnerable to Attack

By Mark Faithfull

A zero-day vulnerability with a critical 9.8/10 severity rating has been identified in four Cisco Small Business RV Series Routers. These vulnerable products are RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPNRead more
Firefox Implements Total Cookie Protection by Default

By Mark Faithfull

Total Cookie Protection is a privacy feature that has been introduced by Mozilla over the past few years into different Firefox settings. As of this week, Total Cookie Protection has been rolled out globally toRead more