Russian military intelligence hackers have begun using fake CAPTCHA prompts on compromised websites to trick Ukrainian targets into infecting their own computers, researchers have found. Ukraine's computer emergency response team (CERT-UA) observed a shift this spring and summer in how the Kremlin-backed hacking group Sandworm gains initial access to the systems of Ukrainian targets, with further coverage provided by The Record.The Sandworm group, linked to Russia's GRU, is employing the social engineering technique called ClickFix. Victims visiting compromised websites are presented with a fake CAPTCHA security check and instructed to copy and paste a PowerShell command into their Windows computers. This command downloads malware, such as GhettoVibe, which allows hackers to maintain access and deploy further malicious tools. Reconnaissance tools like ScoutCurl and malware loaders like FluidLeech and LoadLoop have also been observed. CERT-UA noted this technique on over a dozen compromised websites in June and July.Sandworm continues to use other methods, including targeting Android devices with malware disguised as security apps distributed via messaging apps, and distributing backdoored Windows and Office installers through torrent sites. In one instance, this led to a destructive cyberattack on a Ukrainian government network. The group also targets victims through Signal, building trust before asking them to run malicious files, sometimes offering payment.Source: The Record
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds




