Ukraine’s Computer Emergency Response Team (CERT-UA) has confirmed that a malware attack is underway. ..

The CERT-UA has identified two Russian-linked attacks as having originated from the same source. These attacks, which have caused significant damage, appear to be part of a larger campaign.

Ukraine has not yet confirmed any successful encryption attempts by Russia with Love hacktivist group, which means that the group may be able to access sensitive data even if the country’s security measures are in place.

The group uses fake websites that copy the Advance IP Scanner software to fool Ukraine’s organization employees into downloading an installer.

The Vidar Stealer malware infects systems and steals victims’ Telegram messages, which then allows the hacker group to take control of the victim’s account. CERT-UA also found that somehow, the Vidar Stealer hacktivist group exploited the victim’s Telegram account to steal VPN connection data. ..

The VPN is not secure and can be used to access the victim’s corporate employer network without their knowledge. The hacker injects a Cobalt Strike beacon, exfiltrates data, and then uses Rclone, Anydesk & Ngrok to execute various surveillance and remote access activities.

Since the spring of 2022, the Zgen group, a Russian hacktivist organization, has carried out several attacks with the help of initial access brokers on Ukraine’s organizations. ..

The latest ransomware samples, i.e., Samnia, suggest that the attacks depend only on the AES algorithms. Although, in the beginning, Somnia ransomware used 3DES.

Somnia is a ransomware that targets a variety of file types, including images, documents, videos, archives, databases, and more. This ransomware is designed to damage the computer by encrypting the files and making them unavailable.

The ransomware encrypts files with the .somnia extension and asks the victim to pay money in order to decrypt them. Unlike most ransomware attacks, which ask the victim to pay money in order to decrypt the files, Somnia ransomware is more interested in disturbing the target operations than generating revenue. This makes it a more dangerous threat, as it can cause significant damage to systems if not removed quickly.

The ransomware, Somnia, is considered a data wiper attack rather than a conventional ransomware attack. This is because it deletes files without warning and can even encrypt files if the user does not have the correct security software installed.