Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Thursday, 30 March, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Separatists in Ukraine targeted by cyber espionage

by The Gurus
May 19, 2016
in Editor's News
Share on FacebookShare on Twitter

ESET researchers have discovered malware that has eluded the attention of anti-malware researchers since at least 2008. Detected by ESET as Win32/Prikormka, the malware is being used to carry out cyber-espionage activities in Ukraine, primarily targeting anti-government separatists in the self-declared Donetsk and Luhansk People’s Republics. 
“Along with the armed conflict in the East of Ukraine, the country has been encountering numerous targeted cyberattacks, or so-called advanced persistent threats. For example, we discovered several campaigns using the now infamous BlackEnergy malware family, one of which resulted in a massive power outage. But in Operation Groundbait, previously unknown malware is used,” notes Robert Lipovský, ESET Senior Malware Researcher.
The infection vector used to spread the malware in Operation Groundbait was mostly via spear-phishing emails. “During our research, we have observed a large number of samples, each with its designated campaign ID and an appealing file name to spark the target’s interest,” explains Anton Cherepanov, Malware Researcher at ESET.
The whole operation has been named Groundbait, by ESET researchers, after one of its particular campaigns. While the majority of campaigns used themes related to the current Ukrainian geopolitical situation and the war in Donbass to lure the victims into opening the malicious attachment, the campaign in question displayed a pricelist of fishing Groundbait instead.
“It’s the choice of this decoy document that we have so far been unable to explain.” says Lipovský.
As is usual with targeted attacks, attributing the source is tricky as conclusive evidence is difficult to find. Our research into the attacks has shown that the attackers most likely operate from within Ukraine. Whoever they are, it is probably fair to assume that this cyber-surveillance operation is politically motivated. “Any further attempt at attribution would at this point be speculative. In addition to separatists, the targets of this campaign include Ukrainian government officials, politicians and journalists. The possibility of false flags must be considered too,” concludes Robert Lipovský.
 
More details about Operation Groundbait campaigns and technical details of the malware used can be found in ESET’s comprehensive whitepaper.

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

General Data Protection Regulation: The compliance countdown has begun

Next Post

Accessing Pirated Versions of Game of Thrones? The Night’s Watch Cannot Save You

Recent News

cybersecurity training

Only 10% of workers remember all their cyber security training

March 30, 2023
Pie Chart, Purple

New API Report Shows 400% Increase in Attackers

March 29, 2023
Cato Networks delivers first CASB for instant visibility and control of cloud application data risk

Cato Networks Recognised as Leader in Single-Vendor SASE Quadrant Analysis

March 29, 2023
Outside of cinema with advertising

Back and Bigger Than Ever! The Inside Man Season 5 Takes a Stab at Power Hungry Adversaries

March 29, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information