Russia takes unusual route to hack Starlink-connected devices in Ukraine
Russian hackers, known as Secret Blizzard, are targeting Starlink-connected devices used by Ukrainian forces, employing spear phishing and malware from other groups to enhance their cyber operations.
Read original article
Russian hackers, identified as Secret Blizzard, have employed an unconventional strategy to infiltrate Starlink-connected devices used by Ukrainian military personnel. This group has utilized the infrastructure and malware of at least six other cyber threat actors over the past seven years, including Storm-1919 and Storm-1837, to conduct their operations. Microsoft reported that Secret Blizzard has primarily relied on spear phishing for initial access, but has also appropriated resources from other groups to enhance their attacks. In particular, they have used the Amadey bot, typically associated with cryptojacking, to deploy a backdoor known as Tavdig, which allows for reconnaissance on targeted devices. This backdoor collects sensitive information, including user credentials and system details, particularly from devices linked to Starlink, which are commonly used by Ukrainian forces. Microsoft noted that while this method of leveraging third-party infrastructure can be effective, it may be less useful against well-defended networks. The report highlights the ongoing cyber warfare dynamics in the context of the Ukraine conflict, emphasizing the innovative tactics employed by Russian state-sponsored hackers.
- Russian hackers are using third-party infrastructure to target Ukrainian military devices.
- Secret Blizzard has co-opted resources from multiple cyber threat groups for their operations.
- The group primarily uses spear phishing and malware like Amadey and Tavdig for reconnaissance.
- Their attacks focus on devices connected to Starlink, crucial for Ukrainian military communications.
- Microsoft warns that while this approach can be effective, it may struggle against robust cybersecurity defenses.
Related
China-linked cyber-spies infect Russian govt, IT sector
Chinese cyber-spies compromised Russian government and IT systems using malware, including GrewApacha and CloudSorcerer, through phishing emails and cloud services, indicating collaboration among state-sponsored hacking groups.
Ukraine Discovers Starlink on Downed Russian Shahed Drone: Report
Ukrainian media reports that Russia has upgraded Shahed drones with Starlink terminals, enhancing their capabilities. Ukrainian defenses intercepted many drones, while SpaceX and the Pentagon deny Russian dealings with Starlink.
Russian spies use remote desktop protocol files in unusual mass phishing drive
Microsoft reported a mass phishing campaign by the Russian SVR's Midnight Blizzard group, targeting various organizations with RDP file attachments in emails, potentially exposing sensitive data and enabling malware installation.
Hacked TP-Link routers used in years-long account takeover attacks
Hackers linked to the Chinese government are using a botnet of TP-Link routers for password-spraying attacks on Microsoft Azure accounts, employing evasive techniques and targeting various organizations.
Russia takes unusual route to hack Starlink-connected devices in Ukraine
Russian hackers known as Secret Blizzard are targeting Ukrainian military devices using malware and tactics from other cybercriminal groups, including spear phishing and exploiting compromised servers, while adapting their methods over time.
0 commentsRelated
China-linked cyber-spies infect Russian govt, IT sector
Chinese cyber-spies compromised Russian government and IT systems using malware, including GrewApacha and CloudSorcerer, through phishing emails and cloud services, indicating collaboration among state-sponsored hacking groups.
Ukraine Discovers Starlink on Downed Russian Shahed Drone: Report
Ukrainian media reports that Russia has upgraded Shahed drones with Starlink terminals, enhancing their capabilities. Ukrainian defenses intercepted many drones, while SpaceX and the Pentagon deny Russian dealings with Starlink.
Russian spies use remote desktop protocol files in unusual mass phishing drive
Microsoft reported a mass phishing campaign by the Russian SVR's Midnight Blizzard group, targeting various organizations with RDP file attachments in emails, potentially exposing sensitive data and enabling malware installation.
Hacked TP-Link routers used in years-long account takeover attacks
Hackers linked to the Chinese government are using a botnet of TP-Link routers for password-spraying attacks on Microsoft Azure accounts, employing evasive techniques and targeting various organizations.
Russia takes unusual route to hack Starlink-connected devices in Ukraine
Russian hackers known as Secret Blizzard are targeting Ukrainian military devices using malware and tactics from other cybercriminal groups, including spear phishing and exploiting compromised servers, while adapting their methods over time.