The 30th of March, Cyber Digest


Since the beginning of the war, the SSU has eliminated 5 enemy boot farms with a capacity of over 100,000 fake accounts

Such fake accounts were operating in Kharkiv, Cherkasy, Ternopil, Poltava and Zakarpattia and were created on various social networks, including those that are currently banned in Ukraine. Because of this “army of bots”, fakes about the Russian war in Ukraine were being spread, and Russian aggression and ideology were being imposed and justified en masse. Thus, the enemy tried to inspire panic among Ukrainian citizens and destabilize the socio-political situation in various regions. According to the facts, the SSU has already initiated criminal proceedings under the article 110 of the Criminal Code of Ukraine. See the source

Enemy hackers were gathering the information from computers, parasitizing on the subject of the war

The government team for responding to computer emergencies of Ukraine CERT-UA, which operates under the State Special Communications Service, has revealed the distribution of the archive “Information_about_the_ losses of servicemen_of_the_UF_Ukraine.docx.exe”. It contains the bait file “Loss-1001.docx” and the compressed file “googleupdate.exe”. After analysing, CERT-UA experts classified the mentioned EXE-file as a malicious program PseudoSteel. This will make the information in these files available to attackers. With a low level of confidence, the activity is associated with the activities of the group UAC-0010 (Armageddon). See the source


russian hackers have had access to Hungarian Foreign Ministry’s IT system for years, opposition demands the resignation of Siyarto

Hungarian portal Telex.hu has published an investigation as to attacking Hungary by russian hackers, including the Foreign Ministry, led by Peter Siyarto, for at least a decade. According to the article, at least some of the attacks are supported by russian government agencies, and cyberattacks are so successful that even now, during the war in Ukraine, hackers have access to some of the information transmitted through the Hungarian Foreign Ministry. See the source


The new spyware program uses the theme of invading Ukraine

ESET warns of detection of new spy activity by the Mustang Panda cybercrime group using a previously unknown version of the Korplug malware. The attackers use the topic of the war in Ukraine and other current European news as bait. Notable victims include research organizations, Internet service providers and European diplomatic missions, mostly located in East and Southeast Asia. ESET researchers named this new version of Korplug – Hodur – because of its similarity to the THOR version discovered in 2020. In Norse mythology, Hodur is the half-brother of Thor. Other phishing lures mention updated restrictions on travel through COVID-19, an approved regional aid map for Greece and a resolution of the European Parliament and the Council. The final lure is a real document available on the European Council’s website. This indicates that the APT group behind this harmful activity monitors current events and can react quickly to them. See the source