The 31st of March, Cyber Digest

IN UKRAINE

Mass spread of MarsStealer malicious program among citizens of Ukraine and domestic organizations (CERT-UA # 4315)

The Governmental Computer Emergency Response Team of Ukraine CERT-UA has received information on the mass distribution of e-mails on the topic “New program for journal entry.” among citizens of Ukraine and domestic organizations. The text of the e-mail contains reports, allegedly from the Ministry of Education and Science of Ukraine, about “electronic educational journals”, as well as links to the “program” and the password to the archive. If you open the archive and run the EXE file, the computer will be affected by malware, which, due to a combination of features (despite some differences), is classified as MarsStealer. Detected activity is tracked by UAC-0041 as an activity of one of the groups aimed at stealing user authentication data. See the source

Ukrainian has hacked and actually destroyed one of the most dangerous Russian hacker groups

A Ukrainian anonymous person has hacked into the database of the Russian group Trickbot, which is believed to include some of the best Russian hackers who may have cooperated with the secret services. The Wall Street Journal told this story. US authorities have been following Trickbot for several years, but have not made significant progress in apprehending criminals. However, now the group was under attack, and much more serious than he could have imagined. An anonymous researcher from Ukraine published the source code of the Conti extortionist program on February 27 and then on March 22, as well as correspondence from hackers. He himself declined to comment further to the publication. The 22 participants whose e-mail addresses were highlighted in the group’s internal correspondence also did not respond to a request for comment. In late February, the group said it supported the Kremlin in the war against Ukraine. After a major leak, the group became close to collapse. Currently, its members are trying to recover what was lost, but have not had much success. Trickbot is much more concerned with hiding and destroying evidence. “Who drained us?” One of the hackers asks. See the source

A massive cyberattack is being carried out on the website of the Kyiv Regional Military Administration

Kyiv Regional Military Administration has reported a massive cyber attack on its official website.
Oleksandr Pavliuk, the head of Kyiv RMA, wrote about this in the Telegram. “Currently, a massive cyber attack is being carried out on the official website of the Kyiv Regional Military Administration,” he wrote. According to him, specialists are doing everything necessary to protect the resource, but allow interruptions in its work. If the site is not available, you can use other official communication channels of Kyiv RMA on Facebook and Telegram. See the source

Ukrainians have created another program that allows DDosit russian sites to anyone

Ukrainian crypto project disBalancer has created a Liberator program that attacks russian propaganda sites. In peacetime, a team of programmers developed a program to stress test and protect crypto projects from fraud. After the full-scale russian invasion, the developers decided to use their experience to attack russian web resources that spread propaganda and misinformation. It is noted that users have already attacked more than 200 sites, including the Kremlin, the FSB, the Ministry of Finance, the Ministry of Justice, the Ministry of Energy, russia Today, Channel One, Kommersant. The team’s goal is to gather 100,000 users online to attack more secure and inaccessible sites. The other day, the disBalancer team launched an update that makes it possible to increase the number of simultaneously attacking users. The updated disBalancer is aimed at both the Ukrainian audience and the global community, which is ready to help in the war against the invaders. To do this, download and install the application on the website. See the source