Russian spies target Ukrainian defence using cybercriminal tools, Microsoft report says
www.pravda.com.ua
Thu, 12 Dec 2024 19:04:35 +0200
A Russian governmentbacked hacker group known as Secret Blizzard has targeted Ukrainian military personnel by employing tools and infrastructure developed by cybercriminals.
The findings highlight the increasing complexity of cyberwarfare tactics, where state actors leverage resources from criminal organisations.
Source Microsoft report shared with TechCrunch prior to publicatio Details The report describes how Secret Blizzard, linked to Russias Federal Security Service FSB and also known as Turla by other cybersecurity firms, used a botnet named Amadey to attack devices connected to Ukrainian military personnel and border guards between March and April this year.
Amadey, commonly employed by cybercriminals for installing cryptominers, is sold on Russian hacker forums.
Microsoft researchers believe that Secret Blizzard either paid for access to the botnet as a service or hacked it.
Using such tools enables hackers to avoid detection and obscure their origin, explained Sherrod DeGrippo, Microsofts Director of Threat Intelligence Strategy.
The groups operations aim to gather intelligence and establish longterm espionage footholds.
Malware used in this campaign was designed to collect system information, such as device names and antivirus software, as a precursor to deploying additional malicious software or hacking tools.
Among the targets were devices using Starlink, SpaceXs satellite service that plays a crucial role in Ukrainian military operations.
Microsoft researchers also found that this is not the first instance of such activity.
Secret Blizzard has repeatedly used cybercriminal infrastructure for its operations in Ukraine since 2022, employing these tools to facilitate the deployment of its own malware.
Microsofts report indicates the Secret Blizzard group has a long history of attacks on foreign ministries, embassies, government agencies and defencerelated organisations worldwide.
The groups methods often involve using tools and infrastructure from other hacker groups.
For example, since 2017, Secret Blizzard has utilised statebacked hacking efforts from Iran, Kazakhstan, and Pakistan to conduct espionage campaigns in regions such as Afghanistan and India.
Last week, Microsoft and Black Lotus Labs reported that Secret Blizzard used tools from a Pakistani hacker group to target military and intelligence systems in Afghanistan and India.
This tool hijacking tactic has become a hallmark of Secret Blizzards activities.
Support UP or become our patron
Latest news
more news