(Credit: Global Images Ukraine via Getty Images)
As the Russia-Ukraine war continues on the ground, so do the cyberattacks in the digital realm.
A Russian state-affiliated group known as "Secret Blizzard" has been using other hackers' backdoors and tools to attack and deploy malware in Ukraine, according to Microsoft research published on Wednesday.
The group, which has ties to Russia's Federal Security Service, has targeted the Ukrainian military's computers to execute a type of bot malware known as "Amadey." Secret Blizzard has also targeted Ukrainian drone pilots. The hackers typically conduct spear-phishing attacks to gain a backdoor into their victims' machines, which are often using Starlink networks.
Microsoft tracked the Secret Blizzard attacks between March and April 2024. The hacker group will target government agencies and political bodies with the goal of swiping PDFs, emails, documents, and other data. Secret Blizzard has used infrastructure from Pakistani hacker groups as well as other Russian hacker groups to conduct its own attacks, Microsoft says.
In one of the attacks, the Amadey malware recorded whether the machine has antivirus programs installed. It then tried to download two plugins, and encrypt and export data. If the victim machine is deemed worthy of further exploit, the tool enables a backdoor. Microsoft also observed a similar attack method that uses Telegram's API.
Unfortunately, Russian cyberattacks on Ukraine have been a problem since the start of the war, though Russia-tied actors have also targeted human rights groups, the US, and other Ukraine allies in the past. Some hackers have even posed as Microsoft to try to compromise computers, and Russia has repeatedly threatened to take down Ukraine's Starlink access, too.