Russia-linked hackers target Ukrainian software firm with GoMet malware

The hackers aimed to carry out a supply chain attack on a large Ukrainian software development company servicing state organizations.

Russia’s invasion of Ukraine sparked an array of cyberattacks throughout Europe. Ukraine, however, has been at the very forefront of attacks, often originating from Russia.

Cisco Talos researchers have discovered threat actors using a ‘fairly uncommon’ malware to penetrate the defenses of an unnamed Ukrainian software company that works with various state institutions.

“We believe that this campaign is likely sourced by Russian state-sponsored actors or those acting in their interests,” researchers claim.

While there’s no indication that the attack was successful, Cisco Talos’ team says threat actors behind the attempted intrusion likely wanted to gain access to source a supply chain-style attack.

The malware used in the attack was identified as a modified version of GoMet malware, first observed on March 28. GoMet’s peculiarity lies with its feature to daisy chain when an attacker can access a network or a machine and use the same information to gain access to multiple networks.

“This access could be leveraged in a variety of ways, including deeper access or launching additional attacks, including the potential for software supply chain compromise,” reads the report.

There’s no lack of Russia-linked attempts at penetrating Ukrainian cyber defenses. Researchers at Google’s Threat Analysis Group (TAG) discovered that Turla, a hacker group linked to Russia’s Federal Security Service (FSB), used third-party messaging services to distribute the Android app.

Flames of cyber war

The conflict between different hacker groups started after Russia invaded Ukraine on February 24. Groups supporting Ukraine started targeting organizations in Russia to help the country defend against the invasion.

Kyiv succeeded in rallying an international IT army to help it fight the digital war. Anonymous, Ukraine’s IT Army, Hacker Forces, and many other hacktivist groups started targeting Russia’s private and state-owned enterprises.

Meanwhile, pro-Russian hacker groups such as Killnet and XakNet have targeted countries that support Ukraine.

Government websites in Norway, Lithuania, Italy, Romania, Germany, as well as websites in Czechia, Latvia, and elsewhere were under Killnet’s cyber fire. The pro-Russian group has declared a war against NATO and countries that support Ukraine.

According to the United Nations, the Russian invasion of Ukraine has created the ‘fastest-growing refugee crisis in Europe since World War II.’ Over 12 million people were displaced due to the conflict in a nation with 44 million residents.

Witness testimonies from Ukrainian towns Russian forces have occupied for close to a month point to severe human rights violations and targeted lethal attacks against civilians. Reports of “gross and systematic violations and abuses of human rights” got Russia suspended from the UN Human Rights Council.