Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Microsoft Finds New Malware Targeting Organizations in Ukraine

published on 2022-01-17 14:07:45 UTC by CISOMAG
Content:

Microsoft’s security experts identified a novel malware campaign targeting several IT, non-profit, and government organizations based in Ukraine. Tracked as WhisperGate, the activities of the destructive malware campaign were first spotted on January 13.  As per a report from Microsoft Threat Intelligence Center (MSTIC), the malware used by this campaign is designed to look like ransomware but lacks a ransom recovery mechanism. It’s found that the campaign is intended to compromise the targeted systems rather than to obtain a ransom.

“Our investigation teams have identified the malware on dozens of impacted systems, and that number could grow as our investigation continues. These systems span multiple government, non-profit, and information technology organizations, in Ukraine. We do not know the current stage of this attacker’s operational cycle or how many other victim organizations may exist in Ukraine or other geographic locations. However, it is unlikely these impacted systems represent the full scope of impact as other organizations are reporting,” MSTIC said.

While the attackers behind this malware campaign are unknown, Microsoft stated it had notified the affected users and organizations about WhisperGate.

WhisperGate Campaign Infection 

The WhisperGate malware is capable of overwriting the Master Boot Record (MBR) on victim systems with a fake ransom note. The ransom note contains a Bitcoin wallet and Tox ID. The malware executes when the compromised device is powered down. Once infected, the malware resides in various working directories, including C:\PerfLogs, C:\ProgramData, C:\, and C:\temp, and is often named stage1.exe.

Also Read: Russian Networks Accused of Carrying Out Massive Cyberattack on Ukraine

“The malware executes when the associated device is powered down. Overwriting the MBR is atypical for cybercriminal ransomware. In reality, the ransomware note is a ruse, and the malware destructs MBR and the contents of the files it targets,” MSTIC added.

Mitigations

  • Review all authentication activity for remote access infrastructure, focusing on accounts configured with single-factor authentication, to confirm the authenticity and investigate any abnormal activity.
  • Enable multifactor authentication (MFA) to mitigate potentially compromised credentials and enforce MFA for remote connectivity.
  • Use the included indicators of compromise to investigate whether they exist in your environment and assess for potential intrusion.
  • Enable Controlled Folder Access (CFA) in Microsoft Defender for Endpoint to prevent MBR/VBR modification.

The post Microsoft Finds New Malware Targeting Organizations in Ukraine appeared first on CISO MAG | Cyber Security Magazine.

Article: Microsoft Finds New Malware Targeting Organizations in Ukraine - published almost 3 years ago.

https://cisomag.eccouncil.org/microsoft-finds-new-malware-targeting-organizations-in-ukraine/   
Published: 2022 01 17 14:07:45
Received: 2022 01 17 14:27:57
Feed: Ciso Mag - All
Source: CISO Mag
Category: Cyber Security
Topic: Cyber Security
Views: 1

Custom HTML Block

Click to Open Code Editor