February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – New Data Wiper Targeting Ukraine – Russian-Ukrainian Cyber Warfare
March 1, 2022Rewterz Threat Alert – Qakbot (Qbot) Malware – Active IOCs
March 1, 2022Rewterz Threat Alert – New Data Wiper Targeting Ukraine – Russian-Ukrainian Cyber Warfare
March 1, 2022Rewterz Threat Alert – Qakbot (Qbot) Malware – Active IOCs
March 1, 2022
Severity
High
Analysis Summary
UNC1151 – a Minsk based threat group – has been targeting the Ukrainian government officials and military personnel with mass phishing emails. After the account is compromised, the attackers, by the IMAP protocol, get access to all the messages. Later, the attackers use contact details from the victim’s address book to send the phishing emails.
An example of the malicious email is:
“Dear user! Your contact information or not you are a spam bot. Please, click the link below and verify your contact information. Otherwise, your account will be irretrievably deleted. Thank you for your understanding.
Regards, I.UA Team”
Impact
- Data Loss
- File Encryption
Indicators of Compromise
Domain Name
- id[.]bigmir[.]space
- i[.]ua-passport[.]space
Remediation
- Look for IOCs in your surroundings.
- Disable all threat indicators at your respective controls.
- Never open links or attachments from unknown senders.
- Emails from unknown senders should always be treated with caution.
- Backup your data. Any damage in case of a successful attack will be mitigated if data is backed up.
- Maintain internet hygiene by updating your anti-virus software and downloading the latest patches.