Moscow-linked hackers conducted a cyber-espionage operation against Ukraine through a maliciously inserted USB drive. The hack had started in December 2021.
The old techniques of cyber espionage still work. Moscow intelligence hackers infiltrated a Ukrainian computer from a USB key to prepare for the invasion of the country in December. Their modus operandi has been detailed by cyber researchers at Mandiant in a report published on January 5. The Kremlin hackers began their infiltration in December 2021 with a key provided to a Ukrainian victim or directly inserted into a post by an intelligence member. The installed files introduced Andromeda, a well-known botnet in the cyber community.
This network made it possible to infect hundreds of millions of computers in order to launch other malware afterwards. Provided publicly by criminal hackers and taken down by Europol in 2017, it was reused this time by members of Russian intelligence to attack Ukraine. They started using it in September 2022 to exfiltrate data from a backdoor in the system.
A group specializing in cyber espionage
This operation is attributed to Turla — known as Snake or Uroburos — a group linked to the Russian government. Specialized in cyber espionage, this collective had touched in 2015 more than 500 victims in 45 different countries around the world, including government agencies, military and diplomatic entities as prime targets of the group. ” Extensive profiling since January may have enabled the group to select specific victims and tailor its exploitation efforts to gather and exfiltrate information of strategic importance to inform Russian priorities. explain the Mandiant researchers.
When this operation was started [en décembre 2021], the Russian intelligence services described as ” absolutely false » claims that Moscow is planning an invasion of Ukraine.
USB drive attacks have become obsolete since cloud storage has become the norm. Mail services have also raised their maximum size limit in file transfers. However, USB keys can still be used in sensitive sectors, where we avoid going through the web to communicate. Mandiant had also detected a similar hacking campaign by Chinese hackers in December 2022. In 2023, a hacker is more important than James Bond.
