APT Groups

Hacker Groups Involved in Ukraine-Russia War

Oct 26, 2023
hackers in ukraine russia war

Both sides of the Russia-Ukraine war have increased their hacking operations, and hacker organizations are a major factor in the fighting.

Groups_in_UkraineRussia_War

1. Wiper

A malware family called Wiper is made to obliterate data on compromised machines. Wiper virus is frequently used in targeted assaults on establishments like businesses and governmental institutions.

Wiper malware can spread via a number of channels, including USB devices, fraudulent websites, and email attachments. Wiper virus normally deletes all of the data on a computer’s hard disk once it has infected the machine. This can apply to crucial files including documents, images, and movies.

  • WisperGate Wiper: In January 2022, harmful software known as WisperGate Wiper was used in cyberattacks against Ukrainian organizations. The Master Boot Record (MBR) on infected machines was intended to be overwritten by the malware, rendering them useless.

  • RURansom wiper: A particular kind of malware called RURansom wiper is made to encrypt a victim’s files and then demand ransom money to unlock them. The most common method of RURansom wiper distribution is through phishing emails with malicious attachments. A victim’s computer is infected with malware the moment they open an infected attachment. After encrypting the victim’s files, the malware shows a ransom letter requesting payment.

  • Hermetic Wiper: In February 2022, cyberattacks on Ukrainian organizations employed the damaging virus Hermetic Wiper. The Master Boot Record (MBR) on infected machines was intended to be overwritten by the malware, rendering them useless.

  • IssacWiper: IssacWiper is a destructive malware that was used in cyberattacks against organizations in Ukraine and Poland in March 2022. The malware was designed to overwrite the Master Boot Record (MBR) on infected computers, rendering them unusable.

  • CaddyWiper: In March 2022, cyberattacks against Ukrainian organizations used the harmful virus CaddyWiper. On infected systems, the malware was made to wipe user data and partition information.

2. Hacker Groups

The following hacker groups have been involved in the Ukraine war:

  • AgainstTheWest: Since the start of the conflict in Ukraine, groups in the West have been the target of the AgainstTheWest cyberwarfare operation. Numerous hacker groups, including hacktivist and Russian state-sponsored groups, have carried out the attacks.
    Numerous targets, including enterprises, important infrastructure, and governmental organizations, have been the focus of the attacks. In addition to causing service disruptions and economic harm, the attacks have tarnished Western nations’ reputations.
  • Anonymous: Since the start of the conflict in Ukraine, Anonymous has been involved. Anonymous declared war on Russia in February 2022 and attacked Russian military and government websites with a slew of cyberattacks.
    Anonymous has contributed to the support of Ukrainian defenders as well. The names and addresses of thousands of Russian servicemen were made public by Anonymous in March 2022 after they broke into a Russian military database.

  • Belarusian Cyber Partisans: A hacktivist group that has been active in the Ukraine war from the start is called the Belarusian Cyber Partisans. In revenge for the Belarusian government’s backing of Russia’s invasion of Ukraine, the group has launched cyberattacks against military and government websites.
    Helping Ukrainian defenders has also been provided by the Belarusian Cyber Partisans. The organization broke into a Belarusian railway system in March 2022, causing delays for trains bound for Russia. Additionally, the group has given Ukrainian defenders access to cyberwarfare equipment and encrypted communications.

  • GhostSecGroup: GhostSecGroup has been active in the conflict in Ukraine since the start. In response to Russia’s invasion of Ukraine, the organization has begun cyberattacks against websites belonging to the Russian military and government.

  • Ghost_Codin: In addition, GhostSecGroup has assisted Ukrainian defenders. The group has given Ukrainian defenders access to cyberwarfare equipment and encrypted communications.
    In addition, Ghost_Codin helped Ukrainian defenders. The group has given Ukrainian defenders access to cyberwarfare equipment and encrypted communications.
    The Russian military and administration have been significantly impacted by Ghost_Codin’s attacks. The group’s actions have harmed the Russian government’s prestige, disrupted government operations, and caused economic harm.
    The engagement of Ghost_Codin in the conflict in Ukraine serves as a reminder of the important role hacktivists can play in contemporary warfare. The group has demonstrated how hacktivists can obstruct enemy activities, draw attention to conflicts, and generate money for war victims.

  • xaknet.team: A hacking organization from Ukraine called xaknet.team has been active in the conflict since its inception. In response to Russia’s invasion of Ukraine, the organization has begun cyberattacks against websites belonging to the Russian military and government.

3. APT Groups

Hackers with a high degree of organization and sophistication, known as APT (Advanced Persistent Threat) groups, target particular companies or sectors for extended periods of time. They have the means and know-how to execute complex cyberattacks, and they are frequently supported by criminal groups or the state.

  • Gamaredon: Active since at least 2013, Gamaredon is an advanced persistent threat (APT) organization. The gang, which is thought to be state-sponsored by Russia, has attacked a range of Ukrainian institutions, including companies, government offices, and military establishments.

  • Nobelium: Nobelium, a highly skilled Russian state-sponsored threat actor that has been operating for more than ten years, is also referred to by the names APT29, Cozy Bear, and The Dukes. The group is well-known for its extremely successful and focused attacks on international governments, corporations, and think institutes.
    To obtain access to target networks, Nobelium’s attacks usually include social engineering, phishing, and malware. Once inside, the organization can cause disruptions to operations, steal confidential information, and set up backdoors for future access.

  • Wizard Spider: Wizard Spider is a well-known cybercrime organization that has been operating at least since 2016. TrickBot is a malware platform that may be used to launch ransomware, steal data, and carry out other types of attacks. The organization is well-known for using it.
    It is thought that Wizard Spider is headquartered in Eastern Europe or Russia. The group has attacked many different types of organizations worldwide, such as corporations, governmental bodies, and academic establishments.

  • UNC1151 (GhostWriter): UNC1151, also referred to as GhostWriter, is a state-sponsored hacker group based in Belarus that has been operational since at least 2016. The group is well-known for its disinformation campaigns and cyberespionage, which have mostly targeted Polish, Latvian, and Lithuanian institutions.

  • Unknown APT Group: Unknown APT groups may target a variety of establishments, such as corporations, government agencies, and nonprofits. They may be motivated by espionage, money, or disruption, among other things, when they launch attacks.

  • SideWinder: Advanced persistent threat (APT) group SideWinder has been operational since at least 2012. The gang is well-known for using spear-phishing emails to trick its victims into opening malicious attachments. SideWinder has taken aim at a variety of establishments, such as think tanks, corporations, and governments.
    Because SideWinder’s malware is frequently created specifically for each victim, it is challenging to identify and stop. The gang has also been observed breaking into targets’ networks using zero-day exploits.

  • El Machete: El Machete is a group that has been active since at least 2010 and poses an advanced persistent threat (APT). The gang is thought to have its headquarters in Latin America and has attacked a variety of institutions there, such as telecommunications firms, enterprises, and governmental bodies.

  • IT Army of Ukraine: The IT Army of Ukraine is a volunteer cyberwarfare organization created at the end of February 2022 to fight against digital intrusion of Ukrainian information and cyberspace after the beginning of the Russian invasion of Ukraine on February 24.

  • IT Army of Ukraine Pysops: Since the commencement of the war in Ukraine, the IT Army of Ukraine has participated in several psychological operations, or PSYOPs. PSYOPs are operations that employ information and other non-kinetic methods to accomplish particular strategic goals by influencing the attitudes, feelings, and actions of people, groups, and organizations.

  • Internet Forces of Ukraine: To protect Ukraine against Russian assaults, the Internet Forces of Ukraine (IFU) is a volunteer cyberwarfare organization that was founded in February 2022. The IFU is a large coalition of volunteers, IT specialists, and hackers from both outside and in Ukraine.

4. Cyber group tracker list

  • Pro-Ukraine Group: After the Russian invasion, groups and individuals that support Ukraine and its people are known as pro-Ukraine groups. These organizations have done a lot of different things, such giving humanitarian relief, spreading the word about the conflict, and supporting Ukraine militarily and financially.

    Some of the most prominent pro-Russia groups include:
    • GhostSec
    • Kelvin Security Team
    • GNG
    • NB65
    • Raidforums2
    • Contileaks
    • GhostClan
    • 1LevelCrew
    • Hydra UG
    • Secluice
    • v0g3lSec
    • Belarusian Cyber-Partisans
    • DDOS Secrets
    • Monarch Turkish Hacktivists
    • Shadow_Xor
    • The Connections
    • Trickleaks
    • Crystal_MSF
    • Rabbit Two
    • M3moryK1tten
    • SecDetBeeHive Cybersecurity NEW
    • wond3rghost
    • Cyber_Legion_hackers NEW
    • AgainstTheWest


  • Pro-Russia Group: Individuals and organizations who back Russia and its actions in Ukraine are known as pro-Russian groupings. These organizations have taken part in a range of actions, such as assisting the Russian military, opposing Western sanctions against Russia, and disseminating pro-Russian propaganda.

    Some of the most prominent pro-Russia groups include:

    • RedBanditsRU
    • Free Civilian
    • CoomingProject
    • Stormous Ransomware
    • Digital Cobra Gang
    • Xaknet
    • Killnet
    • Hidden Cobra
    • RaHDit 30
    • Devilix-EU
    • Drag0n
    • 404 Cyber Defense
    • ECO
    • WerentheGoons NEW
    • FfboyG NEW

Related Post

APT Groups

Linux Ransomware versions targeting VMware ESXI

Nov 15, 2023 C0r0k0
APT Groups

APT Group Trends in Oct-2023

Oct 27, 2023 C0r0k0
APT Groups

APT Group Trends in Sept-2023

Oct 27, 2023 C0r0k0

You missed

Ransomware

Lockbit Ransomware – Recent Updates 2024

March 1, 2024 C0r0k0
Collective Intelligence

Two-Factor Authentication (2FA) in 2024: Level Up Your Banking Security

February 14, 2024 C0r0k0
Collective Intelligence

Deepfakes and Disinformation: A Future Concern in 2024

January 18, 2024 C0r0k0
Collective Intelligence

List of Best GPTs for Cybersecurity

January 16, 2024 C0r0k0