Ukraine has been targeted by Trickbot malware operators since the Russia-Ukraine war commenced in February, representing a significant shift in the operations of Trickbot, according to The Hacker News.
Despite being absorbed by the Conti ransomware group earlier this year, Trickbot also known as ITG23, Wizard Spider, and Gold Blackburn has reemerged weeks later to launch phishing campaigns leveraging Cobalt Strike, AnchorMail, IcedID, and Meterpreter against Ukrainian targets, a report from IBM Security X-Force showed.
"ITG23's campaigns against Ukraine are notable due to the extent to which this activity differs from historical precedent and the fact that these campaigns appeared specifically aimed at Ukraine with some payloads that suggest a higher degree of target selection," wrote report author Ole Villadsen.
Attacks using AnchorMail, Meterpreter, and Cobalt Strike were launched by Trickbot in April, with Russian state-backed group APT28 also leveraging the nuclear war lure used to spread the AnchorMail implant in attacks in June.
"Ideological divisions and allegiances have increasingly become apparent within the Russian-speaking cybercriminal ecosystem this year. These campaigns provide evidence that Ukraine is in the crosshairs of prominent Russian cybercriminal groups," said Villadsen.
Trickbot’s shift to attacks vs Ukraine examined
Ukraine has been targeted by Trickbot malware operators since the Russia-Ukraine war commenced in February, representing a significant shift in the operations of Trickbot, according to The Hacker News.
Malicious QR code messages have also been increasingly leveraged to compromise the sector, with Office 365 used to send over 15,000 of such messages to education entities, a Microsoft Threat Intelligence report showed.
Misconfigured Magento or OpenCart instances may have been targeted to facilitate the deployment of Mongolian Skimmer, which uses various event-handling methods to ensure extensive compatibility while hiding malicious activity with heavy Unicode character utilization.