• Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs A previously undocumented threat actor has been attributed to attacks targeting Ukrainian organizations with malware known asCANFAIL. • Google Threat Intelligence Group (GTIG) described the hacking group as possibly affiliated with Russian intelligence services. • The threat actor is assessed to have targeted defense, military, government, and energy organizations within the Ukrainian regional and national governments. • However, the group has also exhibited growing interest in aerospace organizations, manufacturing companies with military and drone ties, nuclear and chemical research organizations, and international organizations involved in conflict monitoring and humanitarian aid in Ukraine, GTIG added. • “Despite being less sophisticated and resourced than other Russian threat groups, this actor recently began to overcome some technical limitations using LLMs [large language models],” GTIGsaid. • “Through prompting, they conduct reconnaissance, create lures for social engineering, and seek answers to basic technical questions for post-compromise activity and C2 infrastructure setup.” Recent phishing campaigns have involved the threat actor impersonating legitimate national and local Ukrainian energy organizations to obtain unauthorized access to organizational and personal email accounts.
Article Summaries:
- A previously undocumented threat actor has been attributed to attacks targeting Ukrainian organizations with malware known as CANFAIL. Google Threat Intelligence Group (GTIG) described the hacking group as possibly affiliated with Russian intelligence services. The threat actor is assessed to have targeted defense, military, government, and energy organizations within the Ukrainian regional and national governments. However, the group has also exhibited growing interest in aerospace organizations, manufacturing companies with military and drone ties, nuclear and chemical research organizations
Sources: