IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Ukrainian ethical hackers targeted by Russian malware attacks

Cisco Talos researchers say the IT Army of Ukraine's Telegram channel is being hit with malicious links

Cyber criminals are preying on ethical hackers supporting the IT Army of Ukraine by deceiving them into downloading information-stealing malware.

Opportunistic cyber criminals are posing as genuine representatives of the IT Army of Ukraine and pretending to provide them with tools to deliver distributed denial of service attacks (DDoS) that ultimately turn out to be malware, according to researchers at Cisco Talos.

The IT Army of Ukraine is a group that mobilise via the Telegram platform and was originally assembled at the start of the conflict by a Ukrainian Minister to recruit as many supporters as possible to fight Russia in cyber space.

The group currently has more than 300,000 members and posts daily ‘hit lists’ - lists of target .ru URLs for tech-savvy supporters of Ukraine to knock offline. Recent targets include Russian electronic signature services and importers of technology for the Russian military.

Criminals are targeting these ethical hackers using Telegram channels that are seemingly related to the real IT Army of Ukraine group, but are not genuine.

Screenshot of deceptive malware message in a Telegram group

Cisco Talos

Cisco Talos researchers saw cases of adverts for inauthentic versions of genuine DDoS tools, such as the real Disbalancer Liberator tool, which when clicked infect the user's system with information-stealing malware that harvests credentials and cryptocurrency information.

The information stealer gleans information from browsers such as Chrome and Firefox, and scans other locations on the file system for key information before relaying it back to a Russian IP address.

“This is an example of one of the many ways opportunistic cybercriminals are attempting to take advantage of the Russian invasion by exploiting sympathisers on both sides of the conflict,” the researchers said.

Related Resource

Edge to cloud security: A new WAN and security edge

A practical guide to adopting a secure access service edge (SASE) architecture

Orange whitepaper cover with image of someone at a laptop on a video conference call with other people smiling backFree Download

“Such activity could take the form of themed email lures on news topics or donation solicitations, malicious links purporting to host relief funds or refugee support sites, malware masquerading as security defensive or offensive tools, and more. Users must carefully inspect suspicious emails before opening them and validate software or other files before downloading them.”

Cisco Talos said evidence suggests the threat actors behind the campaign have been distributing infostealers since “at least November 2021” but have now pivoted to targeting hacktivists siding with Ukraine.

It also said it expects the information-stealing activity to continue and diversify as the global interest in the conflict creates a potentially massive pool of targets for threat actors to prey on.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Hackers could use new Wslink malware in highly targeted cyber attacks
malware

Hackers could use new Wslink malware in highly targeted cyber attacks

1 Nov 2021
FBI raids Chinese POS business following cyber attack claims
malware

FBI raids Chinese POS business following cyber attack claims

27 Oct 2021
Malware developers create malformed code signatures to avoid detection
malware

Malware developers create malformed code signatures to avoid detection

24 Sep 2021
New malware uses search engine ads to target pirate gamers
malware

New malware uses search engine ads to target pirate gamers

21 Jul 2021

Most Popular

Salaries for the least popular programming languages surge as much as 44%
Development

Salaries for the least popular programming languages surge as much as 44%

23 Jun 2022
The top programming languages you need to learn for 2022
Careers & training

The top programming languages you need to learn for 2022

23 Jun 2022
Swift exit: How the world cut off Russian banks
finance

Swift exit: How the world cut off Russian banks

24 Jun 2022