Ukrainian Defense Forces were targeted by a cyber attack involving the PluggyApe backdoor malware, likely orchestrated by the Russian threat groups ‘Void Blizzard’ and ‘Laundry Bear’. These attacks, which exploited fake charity websites and messaging apps, focus on stealing sensitive information from NATO member states. #VoidBlizzard #LaundryBear #PluggyApe
Keypoints
- The attack was aimed at Ukraine’s Defense Forces using a charity-themed campaign with malware delivery.
- Threat groups ‘Void Blizzard’ and ‘Laundry Bear’ are believed to be responsible, with medium confidence in attribution.
- Attackers use instant messaging platforms like Signal or WhatsApp to lure victims to fake charity websites.
- PluggyApe malware profiles the host, communicates via C2 servers, and persists through Windows Registry modifications.
- The malware targets mobile devices and uses legitimate accounts and local language to increase attack effectiveness.