Disrupting FlyingYeti's campaign targeting Ukraine

May 31, 2024, 12:33 p.m.

Description

This report details Cloudforce One's real-time effort to detect, deny, degrade, disrupt, and delay a phishing campaign by the Russia-aligned threat actor FlyingYeti targeting Ukraine. The campaign aimed to capitalize on anxiety over potential loss of housing and utilities by enticing targets to open malicious files containing the COOKBOX malware. Cloudforce One's mitigations prolonged the operational timeline from days to weeks, hindering the actor's objectives.

External References

https://blog.cloudflare.com/disrupting-flyingyeti-campaign-targeting-ukraine
https://otx.alienvault.com/pulse/6659c055f3b56fc31b9e7f46
Tags
malware
phishing
russia
ukraine
2024-05-31
CVE-2023-38831
cookbox

Date

  • Created: May 31, 2024, 12:19 p.m.
  • Published: May 31, 2024, 12:19 p.m.
  • Modified: May 31, 2024, 12:33 p.m.

Indicators

  • e0d65e2d36afd3db1b603f10e0488cee3f58ade24d8abc6bee240314d8696708
  • a0a294f85c8a19be048ffcc05ede6fd5a7ac5e2f0032a3ca0050dc1ae960c314
  • 915721b94e3dffa6cef3664532b586be6cf989fec923b26c62fdaf201ee81d2c
  • 79a9740f5e5ea4aa2157d9d96df34ee49a32e2d386fe55fedfd1aa33e151c06d
  • 19e25456c2996ded3e29577b609de54a2bef90dad8f868cdad795c18df05a79b
  • 0cca8f795c7a81d33d36d5204fcd9bc73bdc2af7de315c1449cbc3551ef4fb59
  • https://www.komunalka.ua
  • postdock.serveftp.com
Download all indicators here!

Attack Patterns

  • COOKBOX
  • FlyingYeti

Additional Informations

  • Government
  • Ukraine

Linked vulnerabilities

CVE-2023-38831

None
Published: