reader comments
7 with 7 posters participating
Financially motivated hackers with ties to a notorious Conti cybercrime group are repurposing their resources for use against targets in Ukraine, indicating that the threat actor’s activities closely align with the Kremlin’s invasion of its neighboring country, a Google researcher reported on Wednesday.
Since April, a group researchers track as UAC-0098 has carried out a series of attacks that has targeted hotels, non-governmental organizations, and other targets in Ukraine, CERT UA has reported in the past. Some of UAC-0098’s members are former Conti members who are now using their sophisticated techniques to target Ukraine as it continues to ward off Russia’s invasion, Pierre-Marc Bureau, a researcher in Google’s Threat Analysis said.
An unprecedented shift
“The attacker has recently shifted their focus to targeting Ukrainian organizations, the Ukrainian government, and European humanitarian and non-profit organizations,” Bureau wrote. “TAG assesses UAC-0098 acted as an initial access broker for various ransomware groups including Quantum and Conti, a Russian cybercrime gang known as FIN12 / WIZARD SPIDER.”
He wrote that “UAC-0098 activities are representative examples of blurring lines between financially motivated and government-backed groups in Eastern Europe, illustrating a trend of threat actors changing their targeting to align with regional geopolitical interests.”
In June, researchers with IBM Security X-Force reported much the same thing. It found that the Russia-based Trickbot group—which, according to researchers at AdvIntel, was effectively taken over by Conti earlier this year—had been “systematically attacking Ukraine since the Russian invasion—an unprecedented shift as the group had not previously targeted Ukraine.”
have links to the Kremlin.
