Russian hackers used legitimate tools and living-off-the-land tactics to breach Ukrainian networks without deploying extensive malware. The attacks targeted Ukrainian organizations and exploited vulnerabilities, with links suspected to be connected to the notorious Sandworm group linked to Russia. #Sandworm #LivingOffTheLand
Keypoints
- Russian cyber actors targeted Ukrainian networks using legitimate administrative tools.
- The attackers relied on living-off-the-land tactics to avoid detection.
- Webshells like Localolive, previously associated with Sandworm, were used to gain access.
- Exploits on public-facing servers, likely unpatched vulnerabilities, facilitated breaches.
- Sandworm, linked to Russiaβs GRU, is considered the most dangerous Kremlin cyber unit involved in various malicious activities.
Read More: https://therecord.media/russia-linked-breaches-ukraine-living-off-the-land