Since the Russian-Ukrainian war started in late February 2022, the TrickBot malware operators have taken an unexpected turn. They have chosen to systematically target Ukraine. This occurred in at least six phishing campaigns aimed at targets aligning with Russian state interests. Cybercriminals used emails as lures to deliver malicious software. This includes Meterpreter, AnchoirMail, CobaltStrike, and IceID.
The cyber attacks have been tracked under Wizard Spider, Gold Blackburn, and ITG23. They are familiar with developing the TrickBot banking trojan. Weeks later, after subsuming into the now-discontinued Conti ransomware cartel, the financially motivated TrickBot gang resurfaces with a version of the AnchorDNS called AnchorMail. They use SMTPS and IMAP protocols for command-and-control communications.
TrickBot Gang Targest Ukraine
The IBM Security X-Force analyst Ole Villadsen noted in the technical report that these ITG23’S campaigns are notable since it targets Ukraine. In fact, they aimed at Ukraine with some payloads suggesting a higher degree of target selection. Moreover, the campaigns took unprecedented twists. This is due to the never-before-seen deployment of Meterpreter, CobaltStrike, and AnchorMail as first-stage payloads and Microsoft Excel downloaders. Most of these cyber attacks are believed to have started in mid-April 2022.
The Cobalt Strike deployed in a May 2022 campaign utilizing a crypter dubbed Forest to evade detection. The tactic of leveraging the specter of nuclear war was repeated by the Russian nation-state group APT28 just two months later. It spread data-stealing malware in Ukraine. Because it has been used in conjunction with the Bumblebee malware, many theories suggest that the TrickBot gang operates the loader.
Ukraine’s Computer Emergency Response Team states that the UAC-0056 group stroke state organizations aimed to drop Cobalt Strike Beacons on the hosts. The Ukrainian agency also pointed out that a China-based actor named Tonto Team has used the Royal Road RTF weaponized, targeting technical and scientific enterprises in Russia with the Bisonal malware.
These attacks have been attributed to the advanced persistent threat (APT) group. It suggests that they are a continuous effort on the part of the Chinese intelligence apparatus to target mode Russian-linked entities and organizations.
Best Cybersecurity Practices to Protect Yourself and Your Business
You should follow some essential things to improve your business’s security practices. As they can make a difference between a typical day and a significant security breach that harms your reputation, here is what to consider:
- Update your security policies because they are the foundation of your security. It’s recommended to update your policies first and then the security practices. If needed, train your family or employees so they can fully understand the new guidelines.
- Use a virtual private network (VPN). You can secure online traffic and data against cybercriminals and constant ad-tracking. Use VPN on all your devices, including a VPN for Android and other operating systems. Doing so will keep your phone secure while concealing your online identity. It will encrypt ongoing and outgoing data.
- Require strong authentication for all users because hackers use compromised accounts to reach the business’s internal resources. You can opt for multi-factor authentication. This includes a smart card with a biometric or PIN. If this doesn’t suit your needs, at least use stronger passwords.
- Avoid unknown emails, links, and pop-ups. In 2020, more than 5.6 billion malware infections were reported. This includes viruses, spyware, or trojan horses.
- Back up your data to defeat ransomware and continue your business. Ideally, it would be best if you opted for automatic backups weekly. Even better: store your data in the cloud.
- Connect to secure Wi-Fi, or else you may face numerous risks. It’s imperative to secure any personal Wi-Fi networks and avoid unsecured public networks. Give your family or employees a VPN to securely connect to the business network remotely.
Wrapping it Up
Cybersecurity threats increased considerably in the past years. But so do the cybersecurity practices aiming to help entities. There are many efficient methods that more people should consider.
Want more news from the Tech world for Gaming Peripherals to Hardware Click Here
You must be logged in to post a comment.