en
ua
ru
de
pt
es
pl
fr
tr
fi
da
no
sv
en
EGW-NewsOthersKaikki uutisetRussian hacker groups have used WinRAR as a "cyber weapon" to attack Ukraine
Russian hacker groups have used WinRAR as a "cyber weapon" to attack Ukraine
1801
0
0

Russian hacker groups have used WinRAR as a "cyber weapon" to attack Ukraine

Tämä artikkeli on saatavilla seuraavilla kielillä

The Ukrainian government has reported that Russian hackers used the WinRAR file compression utility to delete data from computers at several government agencies. According to the Ukrainian Computer Emergency Response Team (CERT-UA), the Sandworm group may have gained access to compromised VPN accounts that provided access to Ukraine's official government networks.

The hackers apparently used a script called RoarBAT to search for files on the target machine with extensions including.doc,.docx,.rtf,.txt,.xls,.xlsx,.ppt,.pptx,.jpeg,.jpg,.zip,.rar,.7z, and several others, and then used WinRAR to archive the files and the "-df" option, which automatically deletes the source files after archiving. The RoarBAT script then deleted the archived files, resulting in a complete loss of data.

Chicken.gg

Ilmaisia jalokiviä sekä päivittäisiä, viikoittaisia ja kuukausittaisia lisäpalkkioita!

Chicken.gg
CS:GO
Claim bonus
Farmskins

Rekisteröidy nyt ja saat 1 ILMAINEN CASE

Farmskins
CS:GO
Claim bonus
CSFAIL

YLIMÄÄRÄINEN 10% TALLETUSBONUS + ILMAISET 2 PYÖRÄKIERROSTA

CSFAIL
CS:GO
Claim bonus

The WinRAR utility, which is widely used on most modern computers, can be a reason for their compromise. It seems that Linux systems are not immune to such attacks, and the BASH script and the standard dd tool can be used to compromise them, despite the initial impression of security.

The Ukrainian Center for Information Security CERT-UA claims that the recent hack resembles the attack on the state information agency "Ukrinform" earlier this year, which was linked to the Sandworm group.

"The methods of implementing the malicious plan, the IP addresses of the attackers, and the use of a modified version of RoarBat indicate similarity to the cyber attack on Ukrinform," noted CERT-UA.

The center also strongly recommends that all Ukrainian state operators improve the security of their VPNs with multi-factor authentication. This should probably be a lesson for all of us.

Jätä kommentti
Piditkö artikkelista?
0
0

Kommentit

TOP
FREE SUBSCRIPTION ON EXCLUSIVE CONTENT
Receive a selection of the most important and up-to-date news in the industry.
*
*Only important news, no spam.
SUBSCRIBE
LATER
Käytämme evästeitä tarjoamamme sisällön ja mainosten räätälöimiseen, sosiaalisen median ominaisuuksien tukemiseen ja kävijämäärämme analysoimiseen.
Muokkaa
OK