Leading up to Russia’s unprovoked attack against Ukraine, threat actors deployed destructive malware against organizations in Ukraine to destroy computer systems and render them inoperable.

WhisperGate is a new malware family used in an ongoing operation targeting multiple industries in Ukraine, including government, non-profit, and information technology organizations. The malware is a 3-stage master boot record (MBR) wiper designed to destroy a victim’s MBR and corrupt files on attached storage devices.

Microsoft published a report on a malicious campaign they dubbed "Actinium". In reviewing their report, we identified a number of indicators (IOCs) that overlapped with some interesting samples we were researching at InQuest Labs. The research community has observed a few campaigns targeting Ukrainian organizations as they have been discovered in the wild.

These threats have been named GlowSpark!

InQuest Email Security Assessment

This month we harvested 115 samples from the wild capable of bypassing either Microsoft or Google. Of those, Microsoft missed 23 (20%), and Google missed 83 (72%). The distribution of misses by file kind is depicted below:

InQuire for a free, personalized email security assessment!

Latest InQuest™ Blog Posts

+380-GlowSpark

Posted on 2022-02-10 by Josiah Smith

Over the recent months, the media coverage of tensions in Eastern Europe and Ukraine have been in steady circulation. As a result, cyberattacks on government networks and networked resources have seen an uptick. A notable case involves systems of organizations targeted with files subject to destruction by the so-called #WhisperGate malicious program.

Dangerously thinBasic

Posted on 2022-02-24 by Dmitry Melikov

Some time ago, we discovered a novel payload delivery method in malicious documents. The focus of this article is to explore this technique via samples of the document. The treat sequencing follows the chain of a malicious spreadsheet that downloads an archive containing thinBasic binaries and a malicious thinBasic script.

InQuest™ Labs Research Spotlight

YaraDBG

YaraDbg is a free web-based Yara debugger to help security analysts to write hunting or detection rules with less effort and more confidence.

Carrot Sandbox

A general purpose computer vision model.

txtai

txtai executes machine-learning workflows to transform data and build AI-powered semantic search applications.

Global Security Events

Microsoft Exchange Bugs Exploited by ‘Cuba’ Ransomware Gang

The ransomware gang known as “Cuba” is increasingly shifting to exploiting Microsoft Exchange – including ProxyShell and ProxyLogon – as initial infection vectors.

New data-wiping malware used in destructive attacks on Ukraine

Cybersecurity firms have found a new data wiper used in destructive attacks against Ukrainian networks just as Russia moves troops into regions of Ukraine.

US microchip powerhouse Nvidia hit by cyber attack

America’s biggest microchip company is investigating a potential cyber attack that has taken parts of its business offline for two days.

Useful Links

Support

Social

Twitter

GitHub

InQuest™ Insider - Your monthly resource for the latest in cyber security news, trends, tips and tools. Subscribe here.

Unsubscribe here.