Specialists of the Governmental Computer Emergency Response Team of Ukraine CERT-UA, founded in 2022, under the identifier UAC-0024, are monitoring activity involving targeted cyberattacks against the defense forces for espionage using the CAPIBAR malware (Microsoft: DeliveryCheck, Mandiant: GAMEDAY).
Under certain circumstances, a sophisticated multifunctional KAZUAR backdoor can be loaded onto the affected computers, among its functions are stealing various authentication data, databases/configuration files of various programs, obtaining data from operating system logs, etc.
With a sufficient level of certainty, this activity is associated with the Turla group (UAC-0003, KRYPTON, Secret Blizzard), whose activities are directed by the Russian Federal Security Service.
Samples of malware have been handed over to security vendors.
CERT-UA experts also express their gratitude to the Microsoft Threat Intelligence team for their assistance in combating cyber threats throughout the country.
