HQ/EMEAFind out how we can help your business
A new surge of phishing attacks spreading the DolphinCape malware allegedly targeted multiple Ukrainian agencies and state railway systems last week.
The cybercriminal campaign includes a malicious email that contains a message regarding tips on how to spot a Kamikaze drone that is targeting Ukraine. The attackers instilled fear in the citizens, making their phishing attacks more efficient.
Based on reports, the threat group that runs this new attack is UAC-0140, which distributes malicious emails that spread the DolphinCape malware.
The malicious software within the malware could harvest data about the infected device, such as hostname, bitrate, OS version, and username. In addition, DolphinCape could operate executable files, capture screenshots, and exfiltrate other data from the compromised computer.
The DolphinCape malware is the newest addition to the entities that target Ukraine.
According to Ukrainian research, phishing attacks against its country have become more prevalent and worsened since many malicious payloads like the DolphinCape malware joined the fray. Moreover, phishing attacks dominate the entire cybercriminal landscape in Ukraine, as it holds about 60-70 per cent of all cyberattacks.
An analyst explained that the primary problem in preventing cyberattacks is government officials’ incompetence and lack of knowledge in spotting malicious emails. Furthermore, most Ukrainian citizens are also susceptible to phishing emails as they are not trained to identify such attacks.
The adversaries operating these phishing attacks often impersonate representatives of government agencies. In a recent campaign, different threat groups have disguised themselves as the Security Service of Ukraine, CERT-UA, and the General Staff of the Armed Forces of Ukraine.
Most of these cyberattacks are not linked to a single specific hacking group. However, Ukrainian security officials claimed that Russian actors are the culprits of most cybercriminal campaigns against their country.
A researcher said that the most targeted entities of these Russian threat actors are government-related industries such as security services, transport companies, and government agencies.
As of last month, Russian hackers damaged nearly 40% of Ukraine’s energy infrastructure. These hacking campaigns happen daily, which forced the Ukrainian government to impose nationwide power interruptions.
