Cyber Command shares bevy of new malware used against Ukraine
GRAPHIC: LUCAS CLAUSER
Martin Matishak July 20, 2022

Cyber Command shares bevy of new malware used against Ukraine

Cyber Command shares bevy of new malware used against Ukraine

U.S. Cyber Command on Wednesday disclosed dozens of forms of malware that have been used against computer networks in Ukraine, including 20 never-before-seen samples of malicious code.

The indicators of compromise were shared with the command’s Cyber National Mission Force (CNMF) by the Security Service of Ukraine, that country’s law enforcement authority and intelligence agency. 

The disclosure is part of what has become a regular effort by Cyber Command and other U.S. agencies to highlight hacking tools used by foreign adversaries like Russia, China, Iran and North Korea to blunt the impact of their digital operations.

Earlier this year the command and other organizations for the first time linked the notorious “Muddywater” hacking group to the Iranian Ministry of Intelligence and Security and uploaded multiple samples of open source tools it utilizes to target organizations around the world.

The CMNF doesn’t attribute the latest samples — which will be posted to VirusTotal, Github and PasteBin — to a specific malign cyber actor, nor does it name specific victims the tools were used against.

“These IOCs were shared with us by our Ukrainian partners to enable industry to take action and assess their own networks — we are actively communicating with our Ukrainian partners to share cybersecurity threat information,” a Cyber Command spokesperson said in a statement. 

“We share information and intelligence to enable our U.S. government partners, such as DHS and FBI, and industry as well as our international allies and partners to defend critical infrastructure and our democratic values and institutions.”

The spokesperson declined to say if the indicators originated from Cyber Command’s months-long “hunt forward” mission to Ukraine before Moscow’s unprovoked invasion in February.

Earlier this year, Cyber Command and National Security Agency chief Gen. Paul Nakasone testified that the military had “provided remote analytic support to Ukraine and conducted network defense activities aligned to critical networks from outside Ukraine — directly in support of mission partners.”

He noted U.S. personnel “sat side-by-side with our partners to gain critical insights that have increased homeland defense for both the United States and Ukraine.”

The four-star has since gone on to say the command conducted offensive digital operations against Russia to protect Kiev’s systems.

Martin is a senior cybersecurity reporter for The Record. He spent the last five years at Politico, where he covered Congress, the Pentagon and the U.S. intelligence community and was a driving force behind the publication's cybersecurity newsletter.