| 5 JULY |
CNN |
Russian hacktivist group XakNet carried out a cyberattack on Ukraine's biggest private energy conglomerate, DTEK, in retaliation for its owner's opposition to Russia's war in Ukraine |
cnn.com |
| 7 JULY |
IBM Security X-Force |
IBM has uncovered evidence indicating that the Russia-based cybercriminal “Trickbot group” has launched attacks on Ukraine since the Russian invasion — an unprecedented shift as the group had not previously targeted Ukraine (as RU eCrime usually avoids CIS countries) |
securityintelligence.com |
| 8 JULY |
Google TAG |
The Turla APT group created a fake Android app (APK) designed to look like a DDoS hacktivist tool developed by the Ukrainian Azov Regiment. The APKs we have seen were hosted on a Turla controlled domain with links disseminated through 3rd party messaging services. They were not hosted on the Play Store. |
twitter.com/billyleonard |
| 14 JULY |
SSSCIP of Ukraine |
SSSCIP published its statistics on vulnerability detection and cyber incidents for Q2 2022. Top APT groups includes UAC-0010, UAC-0056, UAC-0028, UAC-0098, UAC-0082/UAC-0113 |
scpc.gov.ua |
| 18 JULY |
Malwarebytes |
UAC-0056 (AKA UNC2589, TA471, EmberBear, Lorec53) has repeatedly targeted the government entities in Ukraine via phishing campaigns, macro-docs, and Cobalt Strike Beacons |
blog.malwarebytes.com |
| 19 JULY |
Google TAG |
Development of attack techniques of the UNC1151/Ghostwriter group |
cert.pl |
| 19 JULY |
CERT-PL |
Continued cyber activity in Eastern Europe observed by TAG: Turla APKs, Follina vulnerability, Ghostwriter/UNC1151, COLDRIVER |
blog.google |
| 20 JULY |
US CYBERCOM |
Cyber National Mission Force discloses IOCs from Ukrainian networks |
cybercom.mil |
| 20 JULY |
Mandiant |
UNC1151 and suspected UNC2589 operations leveraging phishing with malicious documents leading to malware infection chains with themes related to public safety and humanitarian emergencies |
mandiant.com |
| 20 JULY |
CERT-UA |
UAC-0120 - Cyber attack on state organizations of Ukraine using the OK theme "South" and the malicious program AgentTesla (CERT-UA#4987) |
cert.gov.ua |
| 21 JULY |
Talos |
Attackers target Ukraine using GoMet backdoor |
blog.talosintelligence.com |
| 21 JULY |
CyberScoop |
Cyber criminals attack Ukrainian radio network, broadcast fake message about Zelensky’s health |
cyberscoop.com |
| 25 JULY |
CERT-UA |
UAC-0041 - Mass distribution of stealers (Formbook, Snake Keylogger) and use of RelicRace/RelicSource malware as a means of delivery (CERT-UA#5056) |
cert.gov.ua |
| 26 JULY |
CERT-UA |
Cyber attacks of the UAC-0010 group (Armageddon) using the malicious program GammaLoad.PS1_v2 (CERT-UA#5003,5013,5069,5071) |
cert.gov.ua |
| 27 JULY |
CERT-UA |
UAC-0100 - Online fraud using the subject of "aid from the Red Cross" (CERT-UA#5063) |
cert.gov.ua |
| 27 JULY |
VxUnderground |
VX-Underground uploads sample of malware used by Killnet to DDos Lithuania |
twitter.com |
| 27 JULY |
US DHS CISA |
United States (CISA) and Ukraine Expand Cooperation on Cybersecurity |
cisa.gov |