Disrupting FlyingYeti's campaign targeting Ukraine
May 31, 2024, 12:33 p.m.
Tags
External References
Description
This report details Cloudforce One's real-time effort to detect, deny, degrade, disrupt, and delay a phishing campaign by the Russia-aligned threat actor FlyingYeti targeting Ukraine. The campaign aimed to capitalize on anxiety over potential loss of housing and utilities by enticing targets to open malicious files containing the COOKBOX malware. Cloudforce One's mitigations prolonged the operational timeline from days to weeks, hindering the actor's objectives.
Date
Published: May 31, 2024, 12:19 p.m.
Created: May 31, 2024, 12:19 p.m.
Modified: May 31, 2024, 12:33 p.m.
Indicators
e0d65e2d36afd3db1b603f10e0488cee3f58ade24d8abc6bee240314d8696708
a0a294f85c8a19be048ffcc05ede6fd5a7ac5e2f0032a3ca0050dc1ae960c314
915721b94e3dffa6cef3664532b586be6cf989fec923b26c62fdaf201ee81d2c
79a9740f5e5ea4aa2157d9d96df34ee49a32e2d386fe55fedfd1aa33e151c06d
19e25456c2996ded3e29577b609de54a2bef90dad8f868cdad795c18df05a79b
0cca8f795c7a81d33d36d5204fcd9bc73bdc2af7de315c1449cbc3551ef4fb59
https://www.komunalka.ua
postdock.serveftp.com
Attack Patterns
COOKBOX
FlyingYeti
T1588.003
T1568.003
T1588.001
T1218.010
T1053.005
T1204.001
T1059.001
T1027.005
T1083
T1566
CVE-2023-38831
Additional Informations
Government
Ukraine