Former members of the Conti group involved in cyber attacks on Ukraine

According to a warning issued by the Threat Intelligence Group (TAG), a division of Google that specializes in computer vulnerabilities.

Motivated by financial interests

Since the beginning of the invasion of Ukraine, tensions on the cybersecurity front have been particularly severe. From April to August 2022, TAG monitored “a growing number of threat actors targeting Ukraine that appear to be closely linked to Russian government-sponsored attacks.” They will be motivated by financial interests.

CERT, the Ukrainian National Computer Emergency Response Team, has already named one of these members “UAC-0098”. According to Google, the latter will actually be related to Conti. This ransomware was reportedly the most active piece of software in 2021, with at least $180 million extorted from it, according to research firm Chainalysis. Investigators believe he is closing his doors to other criminal activities.

Hotels and NGOs

According to TAG analysis, the criminals are behind phishing campaigns targeting a number of Ukrainian hospitality organizations that claim to belong to the computer security division of the Ukrainian police. They also attack humanitarian NGOs based in Italy with emails sent from a hacked Indian hotel email.

Other phishing campaigns posed as representatives of Starlink, a satellite internet system operated by SpaceX. These emails contained links to malware installers disguised as software needed to connect to the Internet.

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker.