Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI toolsNEW
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI toolsNEW
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

Russian Secret Blizzard hackers exploit malware to target Ukrainian forces

Secret Blizzard's strategy centers on exploiting infrastructure tied to other actors, such as Storm-1919 and Storm-1837

byKerem Gülen
December 12, 2024
in News, Cybersecurity
Home News
Share on FacebookShare on TwitterShare on LinkedInShare on WhatsAppShare on e-mail
Google Preferred Source

Russian nation-state actor Secret Blizzard has intensified its cyber-espionage efforts against Ukrainian military assets during 2024. Linked to Russia’s Federal Security Service (FSB), the group has effectively used infrastructure and tools from various cyber actors. Key techniques include deploying sophisticated custom malware, conducting strategic watering hole attacks, and spear phishing.

Secret Blizzard targets Ukraine’s military using custom malware

Secret Blizzard’s strategy centers on exploiting infrastructure tied to other actors, such as Storm-1919 and Storm-1837. This method enhances access to specific targets, particularly military personnel and devices. By managing to diversify their attack vectors, they can penetrate critical systems more effectively.

The organization employs several distinct malware tools, including the Tavdig backdoor and KazuarV2 payloads. These tools are designed to maintain persistent access and gather intelligence. The Tavdig backdoor has been notably deployed in high-stakes environments associated with the Ukrainian military’s front-line operations.

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.

Astutely, Secret Blizzard utilized the Amadey bot in March and April 2024 to distribute their Tavdig backdoors. The Amadey bot, typically used for cryptomining, allowed the group to gain a foothold in target devices. This iteration, version 4.18, possessed reconnaissance capabilities that included gathering device information and collecting credentials through various plugins.

Secret Blizzard further deployed a custom reconnaissance tool aimed at devices stemming from STARLINK IP addresses. This tool collected crucial data, including system configurations and directories. Data transmission occurred through RC4 encryption protocols to a command-and-control (C2) server.


Lazarus Group targets macOS with RustyAttr trojan malware


The KazuarV2 payload employed by Secret Blizzard was often injected into trusted processes to ensure stealth. Deploying DLL sideloading techniques, it successfully circumvented detection measures put in place by the victims. Similarly, the Storm-1837 backdoor, introduced in December 2023, permitted the group to establish ongoing access to Ukrainian drone operators’ devices.

The deployment included utilizing the Telegram API for credentialed file-sharing platform connections, enabling the installation of further malicious payloads remotely.

In light of these sophisticated attacks, organizations are urged to bolster their defenses. Recommendations include strengthening endpoint security through Microsoft Defender’s tamper protection and real-time features. This should be complemented by the implementation of network protections, including monitoring PowerShell activities and restricting unauthorized scripts.

To monitor for indicators of compromise (IOCs), tracking specific domains such as citactica.com and icw2016.coachfederation.cz is essential. Regular querying for suspicious PowerShell activity should also be part of a proactive defense mechanism.


Featured image credit: Philipp Katzenberger/Unsplash

Tags: Cybersecurity

Related Posts

OpenAI retires Atlas browser to focus on new ChatGPT superapp

OpenAI retires Atlas browser to focus on new ChatGPT superapp

July 14, 2026
Microsoft tests Copilot’s new PC insights feature in Windows 11

Microsoft tests Copilot’s new PC insights feature in Windows 11

July 14, 2026
Xiaomi unveils SkyNomad N90 range-extender SUV

Xiaomi unveils SkyNomad N90 range-extender SUV

July 14, 2026
X algorithm update aims to make replies feel friendlier

X algorithm update aims to make replies feel friendlier

July 14, 2026
Windows 11 Search Box gets less clutter and more control

Windows 11 Search Box gets less clutter and more control

July 14, 2026
Pixel 11 leak shows bold magenta and peach colors

Pixel 11 leak shows bold magenta and peach colors

July 14, 2026

LATEST NEWS

OpenAI retires Atlas browser to focus on new ChatGPT superapp

Microsoft tests Copilot’s new PC insights feature in Windows 11

Xiaomi unveils SkyNomad N90 range-extender SUV

X algorithm update aims to make replies feel friendlier

Windows 11 Search Box gets less clutter and more control

Pixel 11 leak shows bold magenta and peach colors

BEST AI MODELS LEADERBOARD

See the best AI models, ranked by intelligence, benchmark results, speed and token price. Find the most suitable LLMs, Text-to-Image, Image Editing, Text-to-Speech, Text-to-Video and Image-to-Video  artificial intelligence model for your tasks and business.

LATEST TOOLS

Mootion

Legacy AI

Copyseeker

ProPhotos

Kuki AI

Create

RemodelAI

AItwitch

Vadoo AI

Greptile AI

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI tools
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies to improve your experience. You can choose to accept or reject them. Visit our Privacy Policy.