Hackers With Support From The Kremlin Attacked A "Major" Oil Refinery In A NATO Country

A significant petroleum refining corporation with headquarters in a NATO nation was recently the focus of an attempt by one of the Kremlin's most active hacking groups targeting Ukraine. Given that Russia's invasion of its neighboring country is still going strong, the attack indicates that the gang is increasing its intelligence collecting. On August 30, a hacking effort was made, however, it was unsuccessful, according to experts at Palo Alto Networks' Unit 42. The Ukrainian Security Service has linked the hacker collective to the Federal Security Service of Russia. The gang has been traced under a number of aliases, including Trident Ursa, Gamaredon, UAC-0010, Primitive Bear, and Shuckworm. Unit 42 has mapped more than 500 new domains, 200 samples, and other breadcrumbs in the last 10 months. In spear phishing efforts meant to infect targets with data-stealing software, Trident Ursa has made its mark. The majority of the group's communications contain lures in Ukrainian. However, more recent samples indicate that the group has started utilizing English-language lures as well. Researchers from the company concluded that the samples "suggest that Trident Ursa is trying to increase their intelligence collection and network access against Ukrainian and NATO allies." MilitaryassistanceofUkraine.htm, Necessary military assistance.rar, and List of required objects for the supply of military humanitarian assistance to Ukraine.lnk were among the filenames used in the unsuccessful attempt. The targeted petroleum business and the nation where the facility was situated were not mentioned in Tuesday's article. Western-aligned officials have recently warned that the Kremlin has its sights set on energy corporations in nations that are opposed to Russia's conflict in Ukraine. For instance, according to CyberScoop, National Security Agency Cyber Director Rob Joyce expressed concern about large assaults from Russia, particularly those aimed at the international energy industry. According to CyberScoop, Joyce stated, "I would not urge anyone to be complacent or be alarmed about the threats to the energy sector internationally." "There are potential to put more tactical pressure on Russia as the [Ukraine] war goes forward, which will force them to reconsider and explore other escape routes," says the author. Russian has released at least seven different types of wiper malware intended to permanently delete data, according to the NSA's annual year in review. Thousands of satellite modems used by Viasat customers were destroyed by one of those Wipers. Tens of thousands of terminals supporting wind turbines and offering Internet services to private users outside of Ukraine were among the broken modems. Russia is attempting to break the will of its Ukrainian partners, and Norway's prime minister Jonas Gahr Stre warned that the country constituted a "real and serious threat... to the oil and gas industry... of Western Europe." The hacking methods used by Trident Ursa are easy but efficient. The organization employs a variety of techniques to hide the IP addresses and other infrastructure signatures, as well as malicious Word and HTML documents and phishing emails with low rates of detection by anti-phishing services. https://www.gadgetany.com/news/9-nato-members-pledge-to-ramp-up-military-support-for-ukraine-after-annexation/

Researchers from Unit 42 wrote:

Trident Ursa continues to be a flexible and adaptable APT that doesn't employ overly complicated or advanced methods in its operations. To successfully carry out their operations, they typically rely on freely accessible tools and scripts, along with a large level of obfuscation and regular phishing efforts. Researchers and government agencies frequently stumble across this group's activities, yet neither seems to give a damn. They merely try again, adding new domains, new approaches, and more obfuscation—often even utilizing old samples. Trident Ursa has been successfully functioning in this manner since at least 2014 and shows no signs of stopping down during this time of turmoil. They continue to pose a serious threat to Ukraine for all of these reasons, and Ukraine and its allies must vigorously defend against them. A list of cryptographic hashes and other indicators that organizations can use to determine whether Trident Ursa has targeted them is provided in Tuesday's report. Additionally, it offers advice on how to defend companies from the group.