CyberSecurityBoard
Sponsor Register Login

Hackers-for-hire target Ukrainian notaries to manipulate state registries | The Record from Recorded Future News

In its latest operation, UAC-0173 infected the targeted computers with DarkCrystal malware — a commercial Russian backdoor that appears to have been developed and maintained by a single person and sold predominantly on Russian underground forums since 2019. The hacking group, identified as UAC-0173, has been distributing phishing emails since mid-January, posing as regional offices of Ukraine’s Ministry of Justice, authorities said in a report released on Tuesday. Ukraine’s state cyber response team (CERT-UA) warned that hackers are targeting notaries' computers in an attempt to gain remote access and manipulate government registries. Since July, the hacker group tracked as UAC-0212 has targeted suppliers from Serbia, Czechia and Ukraine with various malware variants, such as EmpirePast, Spark and CrookBag. In the campaign against Ukrainian notaries, UAC-0173 also used various utilities to bypass security controls, scan networks, intercept authentication data, and steal credentials, the authorities said. Over the weekend, CERT-UA also warned of another threat actor targeting Ukrainian and foreign enterprises, including manufacturers and suppliers of automated systems used to monitor and control industrial processes. Earlier in December, suspected Russian military intelligence hackers breached the infrastructure of Ukraine’s state registers, which are managed by the Justice Ministry, disrupting services for several weeks. The likely goal of these attacks was to compromise the computer networks of service providers, with the aim of further using the obtained data to hack Ukraine's critical industrial enterprises, the cyber agency said. According to CERT-UA, the group is likely conducting the attacks for hire and receiving a financial reward from an unnamed source. Researchers said they identified affected computers in six regions and prevented unauthorized registry modifications, in some cases stopping attacks at their final stages. Over the past two months, the group has also attacked several Ukrainian enterprises specializing in the design and production of equipment for drying, transporting, and storing grain. It remains unclear whether the attack on state registries is linked to or was exploited by the UAC-0173 campaign against notaries. Researchers believe the group is linked to the notorious Russian threat actor Sandworm.

This Cyber News was published on therecord.media. Publication date: Wed, 26 Feb 2025 15:40:17 +0000


Cyber News related to Hackers-for-hire target Ukrainian notaries to manipulate state registries | The Record from Recorded Future News

Hackers-for-hire target Ukrainian notaries to manipulate state registries | The Record from Recorded Future News - In its latest operation, UAC-0173 infected the targeted computers with DarkCrystal malware — a commercial Russian backdoor that appears to have been developed and maintained by a single person and sold predominantly on Russian underground forums ...
1 month ago Therecord.media
Ukraine security services involved in hack of Russia's largest private bank - Ukrainian hackers collaborated with the country's security services, the SBU, to breach Russia's largest private bank, a source within the department confirmed to Recorded Future News. Last week, two groups of pro-Ukrainian hackers, KibOrg and NLB, ...
1 year ago Therecord.media
FSB arrests Russian hackers working for Ukrainian cyber forces - The Russian Federal Security Service arrested two individuals believed to have helped Ukrainian forces carry out cyberattacks to disrupt Russian critical infrastructure targets. Both suspects were taken into custody one same day in two different ...
1 year ago Bleepingcomputer.com
Russian state hackers spy on Ukrainian military through Signal app | The Record from Recorded Future News - Google said that while these recent attacks were likely driven by wartime demands to access sensitive government and military communications in the context of Russia’s invasion of Ukraine, researchers expect attacks on Signal to grow and spread to ...
1 month ago Therecord.media Turla
Signal no longer cooperating with Ukraine on Russian cyber threats, official says | The Record from Recorded Future News - Speaking to Recorded Future News on the sidelines of the Kyiv cyber forum, Demediuk said that Ukraine used “an official communication channel” to reach out to Signal about how the app is being abused by Russians, including for phishing attacks ...
1 month ago Therecord.media
Ukrainian hackers disrupt internet providers in Russia-occupied territories - Ukrainian hackers have temporarily disabled internet services in parts of the country's territories that have been occupied by Russia. The group of cyber activists known as the IT Army said on Telegram that their distributed denial-of-service attack ...
1 year ago Therecord.media
Ukrainian activists hack Trigona ransomware gang, wipe servers - A group of cyber activists under the Ukrainian Cyber Alliance banner has hacked the servers of the Trigona ransomware gang and wiped them clean after copying all the information available. The Ukrainian Cyber Alliance fighters say they exfiltrated ...
1 year ago Bleepingcomputer.com CVE-2023-22515 Trigona
Russian hackers use Ngrok feature and WinRAR exploit to attack embassies - After Sandworm and APT28, another state-sponsored Russian hacker group, APT29, is leveraging the CVE-2023-38831 vulnerability in WinRAR for cyberattacks. APT29 is tracked under different names and has been targeting embassy entities with a BMW car ...
1 year ago Bleepingcomputer.com CVE-2023-38831 APT28 APT29
Sandworm Hackers Caused Another Blackout in Ukraine-During a Missile Strike - The notorious unit of Russia's GRU military intelligence agency known as Sandworm remains the only team of hackers to have ever triggered blackouts with their cyberattacks, turning off the lights for hundreds of thousands of Ukrainian civilians not ...
1 year ago Wired.com
'Sex life data' stolen from UK government among record number of ransomware attacks - Data on the sex lives of up to 10,000 people was stolen from a British government department in one of the record number of ransomware attacks to have hit Westminster in the first half of this year. It is not known which department the information ...
1 year ago Therecord.media
Ukraine cyber officials warn of a 'surge' in Smokeloader attacks on financial, government entities - Suspected Russian cybercriminals have increased their attacks against Ukrainian financial and government organizations using Smokeloader malware, according to Ukrainian cybersecurity officials. Since May of this year, the malware operators have ...
1 year ago Therecord.media
Russian hackers hijack Ukrainian TV to broadcast Victory Day parade - Russia-aligned hackers hijacked several Ukrainian television channels on Thursday to broadcast a Victory Day parade in Moscow, commemorating the defeat of Nazi Germany in World War II. According to the Ukrainian agency responsible for television and ...
11 months ago Therecord.media
Malware Takedowns Show Progress, But Fight Against Cybercrime Not Over - Takedown of malware infrastructure by law enforcement has proven to have an impact, albeit limited, on cybercriminal activity, according to threat intelligence provider Recorded Future. The Emotet takedown, led by Europol and Eurojust in 2021. The ...
1 year ago Infosecurity-magazine.com
Ukrainian military says it hacked Russia's federal tax agency - The Ukrainian government's military intelligence service says it hacked the Russian Federal Taxation Service, wiping the agency's database and backup copies. Following this operation, carried out by cyber units within Ukraine's Defense Intelligence, ...
1 year ago Bleepingcomputer.com
Latvia confirms phishing attack on Ministry of Defense, linking it to Russian hacking group - The Russian cyber-espionage group known as Gamaredon may have been behind a phishing attack on Latvia's Ministry of Defense last week, the ministry told The Record on Friday. Hackers sent malicious emails to several employees of the ministry, ...
2 years ago Therecord.media
Who Is Behind Pro-Ukrainian Cyberattacks on Iran? - COMMENTARY. Ukrainian cyber forces have attacked Russian infrastructure and assets almost since the first day of the Russian invasion of Ukraine on Feb. 24, 2022. While its mainstay is denial-of-service attacks that have knocked out the Russian ...
1 year ago Darkreading.com
US to sign Pall Mall pact aimed at countering spyware abuses | The Record from Recorded Future News - The announcement comes nearly a week after 21 countries signed a voluntary and non-binding Code of Practice outlining how they intend to jointly regulate commercial cyber intrusion capabilities (CCICs) and combat spyware companies whose products have ...
3 days ago Therecord.media
CEO of Ukraine's largest telecom operator describes Russian cyberattack that wiped thousands of computers - In the two months since Russia-linked hackers attacked Ukraine's largest telecom operator, many questions have emerged about how they gained access to the company's systems and lingered there, likely for months, undetected. During a cybersecurity ...
1 year ago Therecord.media
12 Software Dev Predictions for Future - Predicting the future of software development trends is always a tough call. Such trends will also rule the future of the software development industry. Analyzing these future software development trends will put enthusiasts ahead of the competition. ...
1 year ago Feeds.dzone.com
GitHub restores code following malicious changes to tj-actions tool | The Record from Recorded Future News - On Friday, cybersecurity firm StepSecurity warned of a security incident impacting the tj-actions/changed-files GitHub Action, a popular tool used to track file changes and trigger other actions depending on those alterations. Mureinik told Recorded ...
4 weeks ago Therecord.media CVE-2025-30066
China-linked hackers target European healthcare orgs in suspected espionage campaign | The Record from Recorded Future News - A previously unknown hacking group has been spotted targeting European healthcare organizations using spyware linked to Chinese state-backed hackers and a new ransomware strain, researchers said. The hackers, dubbed Green Nailao, deployed ShadowPad ...
1 month ago Therecord.media
Google links WinRAR exploitation to Russian, Chinese state hackers - Google says that several state-backed hacking groups have joined ongoing attacks exploiting a high-severity vulnerability in WinRAR, a compression software used by over 500 million users, aiming to gain arbitrary code execution on targets' systems. ...
1 year ago Bleepingcomputer.com CVE-2023-38831 CVE-2023-40477 APT28
Hackers breach Australian court hearing database - The court system for Australia's second-most-populated state was hit by a ransomware attack that potentially exposed sensitive recordings of some court hearings. Court Services Victoria, an administrative body that supports the operations of the ...
1 year ago Therecord.media Qilin
New York's cyber chief on keeping cities and states safe from cyberattacks | The Record from Recorded Future News - And so we think that that'll continue to evolve the security posture of New York State in a way that first and foremost provides the public good, which is, if a government service is not secure, it can't be considered reliable. We're ...
2 weeks ago Therecord.media
Russian Sandworm hackers breached 11 Ukrainian telcos since May - The state-sponsored Russian hacking group tracked as 'Sandworm' has compromised eleven telecommunication service providers in Ukraine between May and September 2023. That is based on a new report by Ukraine's Computer Emergency Response Team citing ...
1 year ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)