September 7, 2022

Conti members target Ukraine in financially motivated cyberattacks

Former members of the notorious Conti ransomware operation have been implicated in five different campaigns targeting Ukraine from April to August.

The findings, which come from Google's Threat Analysis Group, builds upon a prior report published in July, detailing the continued cyber activity aimed at the Eastern European nation amid the ongoing Russo-Ukrainian war:

UAC-0098 is a threat actor that historically delivered the IcedID banking trojan, leading to human-operated ransomware attacks.
The attacker has recently shifted their focus to targeting Ukrainian organizations, the Ukrainian government, and European humanitarian and non-profit organizations.

UAC-0098 is believed to have functioned as an initial access broker for ransomware groups such as Quantum and Conti.

UAC-0098 is far from the only Conti-affiliated hacking group to set its sights on Ukraine since the onset of the war.

In July, IBM Security X-Force reported that the TrickBot hacker group orchestrated six different campaigns to systematically target the country with a plethora of malware.