Uscybercom Issues IoCs for Malware Against Ukraine

Ukraine has seen an increase in cyber activity since before the beginning of the Russian invasion in February 2022.

According to Mandiant, both public and private entities in the country have been targeted by several cyberespionage groups.

One threat actor targeting Ukraine is likely sponsored by Belarus. Another adversary active in Ukraine is UNC2589, believed to be responsible for the January 2022 Whispergate cyberattacks.

UNC1151 has been targeting government and media entities in Ukraine, Latvia, Lithuania, Germany, and Poland.

The cyberespionage group has been observed using Cobalt Strike Beacon – a backdoor with file transfer and shell command execution capabilities – and Microbackdoor – which can transfer files, execute commands, take screenshots, and update itself.