Attacks with the nascent Wrecksteel malware were disclosed by Ukraine's Computer Emergency Response Team to have been launched by the UAC-0219 hacking operation against the country's government entities and critical infrastructure organizations last month as part of a cyberespionage campaign that commenced last fall, reports The Record, a news site by cybersecurity firm Recorded Future.
Hacked email accounts have been leveraged by UAC-0219 to distribute phishing messages with links redirecting to Google Drive and DropMeFiles that facilitate the execution of a PowerShell script enabling data extraction and screenshot captures, according to CERT-UA. Additional information linking UAC-0219 to a specific country remains lacking but Russia was previously identified as being behind a majority of phishing-based cyberespionage against Ukraine. Ukraine was recently reported by Cisco Talos researchers to have been targeted by Russian state-sponsored cyberespionage operation Gamaredon in a phishing campaign involving troop-related lures while the country's national railway operator Ukrzaliznytsia had its online systems taken down last week by a cyberattack also linked to Russia.
Cybernews reports that Caritas Internationalis, the Catholic Church's official charity organization, had at least 17 websites of its Spanish arm compromised as part of a web skimmer campaign that commenced in February 2024.
Israel subjected to persistent targeting by Iranian hackers The Hacker News reports that Iran-linked threat operations have continued launching malware attacks against Israel last year.
Security researchers have detailed the evolving tactics of the Russian-affiliated threat group Gamaredon, particularly its use of the PteroLNK variant within the Pterodo malware family, GBHackers reports.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
