Cyber Command shares bevy of new malware used against Ukraine
U.S. Cyber Command on Wednesday disclosed dozens of forms of malware that have been used against computer networks in Ukraine, including 20 never-before-seen samples of malicious code.
The indicators of compromise were shared with the command’s Cyber National Mission Force (CNMF) by the Security Service of Ukraine, that country’s law enforcement authority and intelligence agency.
The disclosure is part of what has become a regular effort by Cyber Command and other U.S. agencies to highlight hacking tools used by foreign adversaries like Russia, China, Iran and North Korea to blunt the impact of their digital operations.
Earlier this year the command and other organizations for the first time linked the notorious “Muddywater” hacking group to the Iranian Ministry of Intelligence and Security and uploaded multiple samples of open source tools it utilizes to target organizations around the world.
Ukrainian partners are actively sharing malicious activity with us to bolster collective cybersecurity, as we share w/them. Thanks to close collaboration with @servicessu, we are disclosing IOCs associated w/malware recently found in Ukrainian networks https://t.co/PPMRBEASST
— USCYBERCOM Cybersecurity Alert (@CNMF_CyberAlert) July 20, 2022
The CMNF doesn’t attribute the latest samples — which will be posted to VirusTotal, Github and PasteBin — to a specific malign cyber actor, nor does it name specific victims the tools were used against.
“These IOCs were shared with us by our Ukrainian partners to enable industry to take action and assess their own networks — we are actively communicating with our Ukrainian partners to share cybersecurity threat information,” a Cyber Command spokesperson said in a statement.
“We share information and intelligence to enable our U.S. government partners, such as DHS and FBI, and industry as well as our international allies and partners to defend critical infrastructure and our democratic values and institutions.”
The spokesperson declined to say if the indicators originated from Cyber Command’s months-long “hunt forward” mission to Ukraine before Moscow’s unprovoked invasion in February.
Earlier this year, Cyber Command and National Security Agency chief Gen. Paul Nakasone testified that the military had “provided remote analytic support to Ukraine and conducted network defense activities aligned to critical networks from outside Ukraine — directly in support of mission partners.”
He noted U.S. personnel “sat side-by-side with our partners to gain critical insights that have increased homeland defense for both the United States and Ukraine.”
The four-star has since gone on to say the command conducted offensive digital operations against Russia to protect Kiev’s systems.
Martin Matishak
is the senior cybersecurity reporter for The Record. Prior to joining Recorded Future News in 2021, he spent more than five years at Politico, where he covered digital and national security developments across Capitol Hill, the Pentagon and the U.S. intelligence community. He previously was a reporter at The Hill, National Journal Group and Inside Washington Publishers.