US Cyber Command shared the technical information about what the agency describes as different types of malware that has been used in attacks targeting networks of government bodies and other entities in Ukraine, including 20 previously unreported samples of malicious code.
The malware samples were provided to the USCYBERCOM’s Cyber National Mission Force by the Security Service of Ukraine.
“In close coordination with the Security Service of Ukraine, USCYBERCOM’s Cyber National Mission Force is disclosing these indicators of compromise. In the last few months, the Security Service of Ukraine discovered several types of malware in their country, and have analyzed the samples and identified IOCs. The IOCs included 20 novel indicators in various formats,” Cyber Command said in a press release.
Cyber Command has not attributed the malware to any specific threat actor. However, the cybersecurity firm Mandiant has released its own report regarding malicious activity in Ukraine which describes cyber operations conducted by cyber-espionage groups tracked as UNC2589 and UNC1151.
UNC1151 is a group thought to be working for the Belarusian government. The group has frequently used the access and information gained by their intrusions to support information operations tracked as “Ghostwriter.” Since the beginning of the Russia-Ukraine war on February 24, UNC1151 has been actively targeting Ukraine.
UNC2589 is believed to act in support of Russian government interest and has been conducting extensive espionage collection in Ukraine. The researchers believe that this group was behind the January disruptive attack on Ukrainian entities that deployed the WhisperGate malware. WhisperGate was used in a series of defacement attacks that affected at least 70 website domains belonging to the Ukrainian government.