The BlackBerry Research & Intelligence Team proved the involvement of RomCom hackers in the attack on the Ukrainian World Congress.
“Based on our internal telemetry, network data analysis, and the full set of cyber weapons we collected, we believe the threat actor behind this campaign ran their first drills on June 22, and also a few days [later] … was registered and went live,” the cybersecurity team explained.
This is not the first time the RomCom malware has attacked resources related to Russia’s war against Ukraine. Those responsible for the cyberattacks have yet to be established.
In the case of UWC, The BlackBerry Research & Intelligence Team “found two malicious documents submitted from an IP address in Hungary, sent as lures to an organization supporting Ukraine abroad [UWC], and a document targeting upcoming NATO Summit guests who may also be providing support to Ukraine.”
Recently, criminals created a copy of the English-language version of the UWC website, where malicious files were being distributed under the guise of materials for the NATO Summit, intended for Ukrainian communities worldwide.
Those involved in the attack tried to distort a legitimate resource by making insignificant and hard-to-notice changes to the web address. In particular, they changed the ending from “org” to “info.” The Ukrainian World Congress urges you to use only the official website of the organization – https://www.ukrainianworldcongress.org
Cover: The Economic Times