CyberNews Briefs

Ukraine warns of InvisiMole attacks tied to state-sponsored Russian hackers

InvisiMole is allegedly conducting a series of attacks agains Ukrainian targets, spreading the LoadEdge backdoor. Ukrainian security officials warned of the campaign, which features a threat actor group with ties to Russia. The Computer Emergency Response Team for Ukraine (CERT-UA) stated last week that the department had been advised of the phishing campaign. The phishing emails deliver an attached archive with a shortcut LINK file. If opened by the target, VBScript designed to deploy LoadEdge is executed.

Once the backdoor has been created, it forms a link to an InvisiMole command-and-control server through which other malware payloads are deployed and executed. One malware observed in the attacks is TunnelMole, a tool that abuses the DNS protocol to form a tunnel that allows for malicious software distribution. Types of malicious software include RC2FM and RC2CL, both of which acting as data collection and surveillance modules. InvisiMole was first discovered in 2018 by security researchers at ESET. Since its discovery, the group has been linked to attacks against high profile organizations in Eastern Europe, notably in the military and diplomacy fields.

Read More: Ukraine warns of InvisiMole attacks tied to state-sponsored Russian hackers

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.