Ukrainian military systems under attack: Microsoft reveals tactics of Russian hackers

13 December 11:39

Microsoft has reported that the Russian hacker group Secret Blizzard has been conducting cyberattacks on Ukrainian military technology using access points obtained from other cybercriminals. These attacks are aimed at spying and installing backdoors on devices in Ukraine. This is reported by techradar, according to Komersant ukrainskyi.

Typically, Secret Blizzard gains initial access through phishing attacks and then spreads through the network by exploiting vulnerabilities in servers and peripherals. After penetrating the device, they use Amady malware, which collects information about the system configuration and transmits it to the command server.

Follow us on Telegram: the main news in a nutshell

Amadey also collects data about the installed antivirus software and installs additional plugins to collect information from the clipboard and browser credentials. The hackers pay special attention to devices using Starlink IP addresses, applying special algorithms to steal data such as directory structure, system information, active sessions, and security settings.

Microsoft also found that Secret Blizzard uses the command line to obtain information from Windows Defender about the presence of previous versions of Amady on the system to determine whether the device is interesting for further attacks.

These actions underscore the ongoing threat posed by Russian cybercriminals trying to gain access to critical information and technology in Ukraine.

Follow us on Telegram: the main news in a nutshell

Остафійчук Ярослав
Editor