In Switch, Trickbot Group Now Attacking Ukrainian Targets


In a break from precedent, Russia’s hitherto purely financially motivated Trickbot threat group has systematically been attacking targets in Ukraine over the past three months, apparently in support of Russian government interests in the region.

Researchers from IBM’s X-Force threat intelligence group this week said they had uncovered two campaigns — and analyzed four others that Ukraine’s Computer Emergency Response Team (CERT-UA) disclosed — where Trickbot went after targets in Ukraine. The campaigns began after Russia’s invasion of Ukraine in February and have targeted Ukrainian state authorities, government organizations, specific individuals, and the general population. Several of the attacks have involved phishing emails with various themes designed to grab the attention of Ukrainian users — included some that are war-related.

The attacks highlight an unprecedented shift for Trickbot, and it’s notable because threat groups in former Soviet Union states have typically avoided attacking targets in each other’s countries, IBM said.

View original post 611 more words

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.