The ongoing war between Russia and Ukraine has brought out the good, bad, and ugly in dark web hacking groups. Accordingly, the good hackers are busy protecting pivotal infrastructures and launching targeted hacks on the enemy. For now, Ukrainian soldiers could use all available help while on the front line battling to save the country’s sovereignty in the cruel and unprovoked war launched by Russia. And as such, the bad hackers are using the current war as a front to launch malicious cyber security scams.
The current reality is that dark web hackers have become quite mobile since the war began almost two weeks ago. They have been using the Ukraine invasion by Vladimir Putin as a cover to launch phishing malware disguised as websites related to the current war.
Cyber analyst tracking threat actors reported that the latest targets employed by dark web hackers are to launch infected malware such as trojans, RATs malware that includes the Remcos and Agent Tesla infectious viruses.
Remote Access Trojans Hack
It is common for malware distributors to take advantage of trending global events to trick recipients into opening email attachments, and at this time, there is nothing more closely watched than Russia’s invasion of Ukraine.
Using this war theme, threat actors are sending malicious emails that install RATs on targeted systems to gain remote access, steal sensitive information, conduct network reconnaissance, disable security software, and generally prepare the ground for more potent virus payloads.
The report of the latest malicious scams comes from Bitdefender Labs, whose researchers have been tracking two distinct phishing campaigns since March 01, 2022.
Ukraine Shortages Scam
Ukraine manufacturers various high end products which the current war has forced shut. This has now created a shortage in the supply chain, and created a venue for dark web hackers to exploit.
Dark web hacking groups have been spotted by Bitdefender analysts as they attempted to launch phishing campaigns with a Zip file that targets manufacturers that sourced automotive parts manufactured in Ukraine.
With the disguise, ZIP attachment with the Agent Tesla RAT is perpetrated as a survey, which has been featured in many phishing campaigns. Bitdefender reported that the majority of these phishing emails originate in the Netherlands. Meanwhile, the phishing scam targets businesses in the United States, United Kingdom, Germany, Czech Republic, and South Korea.
War Fake Orders Scam
In addition, another phishing scam discovered by the cyber security analysts involves a South Korean in-vitro diagnostic company.
The phishing scam claims fake hold on shipment orders due to logistics restrictions caused by the Ukraine and Russian war. However, the file contains the popular Microsoft Office Equation Editor bug tracked as CVE-2017-11882, which is laced with the Remcos RAT malware.
For this second scam originated in Germany, USA, Ireland, and India companies were the recipients.