U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

APT

Charities and NGOs providing support in Ukraine hit by malware

Malware based attacks are targeting charities and non-governmental organizations (NGOs) providing support in Ukraine Charities and non-governmental organizations (NGOs) that in these weeks are providing support in Ukraine are targeted by malware attacks aiming to disrupt their operations. The news was reported by Amazon that associates the attacks with state-sponsored hackers and confirmed that it […]

Ukraine CERT-UA backdoor SSU PathWiper wiper

Malware based attacks are targeting charities and non-governmental organizations (NGOs) providing support in Ukraine

Charities and non-governmental organizations (NGOs) that in these weeks are providing support in Ukraine are targeted by malware attacks aiming to disrupt their operations.

The news was reported by Amazon that associates the attacks with state-sponsored hackers and confirmed that it is helping customers impacted by the attacks to adopt security best practices.

“For several weeks, we have been partnering closely with Ukrainian IT organizations to fend off attacks and working with organizations in Ukraine, and around the world, to share real-time, relevant intelligence. As a result, our teams have seen new malware signatures and activity from a number of state actors we monitor. As this activity has ramped up, our teams and technologies detected the threats, learned the patterns, and placed remediation tools directly into the hands of customers.” reads the post published by Amazon. “While we are seeing an increase in activity of malicious state actors, we are also seeing a higher operational tempo by other malicious actors. We have seen several situations where malware has been specifically targeted at charities, NGOs, and other aid organizations in order to spread confusion and cause disruption.”

Some of the most impacted operations are related to medical supplies, food, and clothing relief.

Amazon did not name the impacted organizations, it is working with multiple organizations and donated $5 million to organizations that are providing critical support on the ground, including UNICEF, UNHCR, World Food Program, Red Cross, Polska Akcja Humanitarna, and Save the Children.

A few days ago, researchers from cybersecurity firm Proofpoint uncovered a spear-phishing campaign, likely conducted by a nation-state actor, that compromised a Ukrainian armed service member’s email account to target European government personnel involved in managing the logistics of refugees fleeing Ukraine.

The phishing messages included a weaponized attachment designed to download a Lua-based malware dubbed SunSeed. Experts found similarities between the infection chain associated with this campaign, tracked as Asylum Ambuscade, and other attacks Proofpoint observed in July 2021, a circumstance that suggests they were conducted by the same threat actor.

The campaign observed in July 2021 was linked to the Belarus-linked APT group Ghostwriter (aka TA445 or UNC1151).

Update: Made it clearer that Amazon did not name any of the targeted organizations.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Ukraine)

[adrotate banner=”5″]

[adrotate banner=”13″]