Heimdal
article featured image

Contents:

Cyber researchers’ study proves that Russian threat actors use vulnerable networks from countries around the world to attack Ukrainian organizations. 

Even though those countries support Ukraine, like the UK, US, or France, Russian cybercriminals managed to take advantage of them, while trying to meet their goals. Until now, a dam monitoring system, a Fortune Top 500 company, and various other western organizations were used for launching cyberattacks on Ukraine.

Honey-Trapping the Malicious Actors

In order to attract Russian hackers and collect intelligence about their way of working, researchers planted a number of decoys that masqueraded as Ukrainian important websites and documents.

The operation was a great success, as a huge number of threat actors fell into the trap and tried using them for cyberattacking Ukraine. Researchers point to the case of a piece of data that has attracted up to 60 human cybercriminals in about a minute after being published.

The Three Different Types of Decoys the Study Used:

  • Fake documents that seemed to contain important information for threat actors were intentionally leaked on Russian forums and pro-Russian groups. The documents were set to send a beacon once opened.
  • Decoy websites, pretending to belong to the Ukrainian government or other political institutions, were also used to lure cybercriminals.
  • SSH services configured to accept fake credentials taken from fake websites and report a critical attack.

What Do Russian Threat Actors Want

According to the researchers, their decoys were the target of various types of attacks. Exploiting them, threat actors tried to collect intelligence and even recruit them as bots to perform DDoS attacks. They also tried SQL injection, RCE attacks, the use of known CVEs, and docker exploitation.

Since researchers also set up non-Ukrainian decoys, they were able to deduce that threat actors were significantly more aggressive towards lures imitating Ukrainian organizations. For example, threat actors were prone to using scripts to attack Ukrainian websites, institutions, and websites supporting Kyiv in the war against Russian occupation.

Source

Threat actors compromised the networks of companies, healthcare organizations, and a dam monitoring system in order to reroute their attacks on fake targets in Ukraine.

The study also revealed the disturbing fact that Russian cybercriminals are significantly present in western networks, even in countries like the US, UK, and France, that specifically support the Ukrainians.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.

Author Profile

Livia Gyongyoși

Communications and PR Officer

Livia Gyongyoși is a Communications and PR Officer within Heimdal®, passionate about cybersecurity. Always interested in being up to date with the latest news regarding this domain, Livia's goal is to keep others informed about best practices and solutions that help avoid cyberattacks.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE