Russian Hackers Target Ukraine Using Cybercriminal Tools, Microsoft Reports

A Russian state-backed hacking group has been targeting Ukraine’s military using tools originally developed by cybercriminals, according to new research from Microsoft. The findings highlight the evolving tactics of nation-state cyberespionage operations.

Key Findings from Microsoft’s Report

Microsoft’s recent report reveals that a hacking group it identifies as Secret Blizzard - known to be affiliated with Russia’s Federal Security Service (FSB) - utilized a criminal botnet called Amadey in attacks against Ukrainian military targets between March and April 2024.

About Secret Blizzard

  • Identified by CISA as a unit within FSB’s Center 16
  • Also known as Turla in cybersecurity circles (MITRE ID: G0010)
  • Specializes in long-term espionage against government and defense targets

The Amadey Botnet Connection

Microsoft researchers discovered that Secret Blizzard leveraged the Amadey botnet, which is:

  • Typically used by cybercriminals for cryptocurrency mining
  • Allegedly sold on Russian hacking forums
  • Potentially accessed through purchase or unauthorized means

“Using commodity tools allows threat actors to potentially hide their origin and make attribution more difficult,” explained Sherrod DeGrippo, Microsoft’s Director of Threat Intelligence Strategy.

Attack Methodology and Targets

The campaign specifically targeted:

  • Ukrainian Army systems
  • Ukrainian Border Guard infrastructure
  • Devices using Starlink satellite internet (crucial for Ukrainian military operations)

The hackers deployed custom malware designed to:

  1. Gather system information (device names, security software)
  2. Determine target value for further exploitation
  3. Potentially deploy additional tools like Tavdig and KazuarV2 backdoors

A Pattern of Cyber Espionage

This marks at least the second time since 2022 that Secret Blizzard has:

  • Leveraged cybercriminal infrastructure for state-sponsored attacks
  • Demonstrated a pattern of “freeloading” on other hackers’ tools
  • Previously exploited Pakistani and Iranian hacking groups’ infrastructure

Implications for Cybersecurity

The incident highlights:

  • The blurring lines between cybercrime and nation-state operations
  • Growing sophistication in attribution evasion techniques
  • The importance of monitoring criminal malware markets for state-actor activity

Microsoft continues to investigate how Secret Blizzard gained access to the Amadey botnet. Neither the Russian embassy in Washington nor the FSB responded to requests for comment.

Correction: This story was updated on December 11 to correct a link to a CISA report.

📚 Featured Products & Recommendations

Discover our carefully selected products that complement this article’s topics:

🛍️ Featured Product 1: AIR JORDAN 12 RETRO “MELO”

AIR JORDAN 12 RETRO “MELO” Image: Premium product showcase

Advanced air jordan 12 retro “melo” engineered for excellence with proven reliability and outstanding results.

Key Features:

  • Cutting-edge technology integration
  • Streamlined workflow optimization
  • Heavy-duty construction for reliability
  • Expert technical support available

🔗 View Product Details & Purchase

💡 Need Help Choosing? Contact our expert team for personalized product recommendations!

Remaining 0% to read
All articles, information, and images displayed on this site are uploaded by registered users (some news/media content is reprinted from network cooperation media) and are for reference only. The intellectual property rights of any content uploaded or published by users through this site belong to the users or the original copyright owners. If we have infringed your copyright, please contact us and we will rectify it within three working days.