Hacker group stealing gov't secrets, ESET security experts say.


Read the top-news of politics in Ukraine and the world, the latest political news from the UNIAN news agency.




ESET researchers have uncovered a new advance persistence threat (APT) group that has been stealing sensitive documents from several governments in Eastern Europe and the Balkans since 2011

The XDSpy espionage group has gone largely undetected for nine years, ESET experts report

It has attracted very little public attention, with the exception of an advisory from the Belarusian CERT in February 2020.

In the interim, the group has compromised government entities, including militaries and foreign ministries, as well as private companies, across Eastern Europe and the Balkans.

After careful research, ESET were not able to link XDSpy to any publicly known APT group.

Read also UK's senior general: Russia seeking destabilization through COVID-19 disinformation XDSpy operators mainly seem to use spearphishing emails in order to compromise their targets. Some contain an attachment while others contain a link to a malicious file. The first layer of the malicious file or attachment is generally a ZIP or RAR archive. The link points to a ZIP archive that contains an LNK file, without any decoy document. When the victim double-clicks on it, the LNK downloads an additional script that installs XDDown, the main malware component.

The group jumped on the COVID-19 wagon at least twice in 2020, using the theme in their spearphishing campaigns.

Latest cyber attacks in Ukraine: Background

  • Websites of regional police departments and other agencies were targeted in a massive cyber attack on September 23 when hackers gained control of the sites and posted fake news on behalf of law enforcement and other agencies:
  • A fake report about a radioactive leakage accident at the Rivne nuclear power plant (NPP) was posted on the website of Varash City Council, Rivne region. The information has been refuted both by the city council and the NPP's press service.
  • A fake report on the death of three soldiers of the Ukrainian Armed Forces was posted on the Lviv region police's website amid the ongoing Rapid Trident 2020 multinational military drills.
  • Also, the Mykolaiv region's Police Department reported a cyber attack on their official website, it is temporarily shut down. A local Facebook journalism community said the website had a fake post about a lethal traffic accident with five victims.
  • A similar situation was reported by the police in Kherson region. A fake post about the death of U.S. military advisers appeared on their website.
  • The press service of the National Police of Ukraine, in turn, said on Facebook that their website had been hacked. It says "in this connection, false information was disseminated on some Internet pages of regional police departments." The website was temporarily shut down.
  • In the wake of the latest string of attacks, Ukraine Government set to create a National Cybersecurity Strategy.

Author: UNIAN

Related news

Joe Biden Vows To Pass LGBTQ Rights Act «In First 100 Days» .

Democratic presidential candidate Joe Biden has promised to make passing the LGBTQ rights legislation known as the Equality Act a top priority, hoping to sign what would be a landmark civil rights law...

«Too Much Ganga» : US Envoy To Jamaica Fights With Critics On Twitter.

The US ambassador to Jamaica exchanged insults with people on Twitter who accused him of interfering in the country's internal affairs, telling one he used too much marijuana and another that "you...

US Rejection Throws World Trade Body Leadership Race Into Confusion.

The World Trade Organization's bid to select a new leader was plunged into uncertainty on Wednesday after the United States rejected the Nigerian woman proposed as the global trade watchdog's next...

Trump Administration Proposes Scrapping Computerised Draw For H-1B Visas.

The Trump administration has proposed to scrap the computerised lottery system to grant H-1B work visas to foreign technology professionals and replace it with a wage-level-based selection process, a...

Biden May Continue Trump's India-Focused Strategy to Help Offset China.

While Joe Biden has spent much of the campaign criticizing US President Donald Trumps policies toward China, his own platform sounds more like a change of tactics than a strategy overhaul.

1 13

Evacuation orders lifted for thousands of Californians who fled wildfires.

Thousands of Californians were allowed to return to their homes Wednesday as calmer winds helped firefighters beat back two wind-driven wildfires that had spurred widespread evacuations.

City Shut Down For 3 Months Has Bleak Lessons On Cost Of Virus Lockdown.

As countries across the globe grapple with the prospect of renewed lockdowns, the Australian city of Melbourne offers a stark lesson on the costs of bringing the coronavirus under control.

2020 US Election Expected To Cost $14 Billion, Most Expensive In History.

The 2020 Presidential election is turning out to be the most expensive election in history and twice as expensive as the previous presidential election cycle, with the total cost of the election...

France, Germany face new round of coronavirus lockdowns as cases surge.

French President Emmanuel Macron declared a new nationwide lockdown starting Friday, saying the country has been “overpowered by a second wave.”

«Disgusting» : Erdogan Vows Action Against Charlie Hebdo Cartoon On Him.

Turkish President Recep Tayyip Erdogan vented his outrage Wednesday at a "disgusting" cartoon in the French satirical weekly Charlie Hebdo depicting him looking up a woman's skirt while drinking beer...

By continuing to browse World News (UAZMI), you acknowledge that you have read the Terms of Use and agree to the use of cookies