skip to Main Content

Cyber Warfare, pro-Russia hackers attack Ukraine with Somnia ransomware

Pro-Russia hackers attack Ukraine with Somnia ransomware. CERT-UA cybersecurity experts: Z-Team exploits Avidar, Netscan and a Cobalt Strike beacon, then it exfiltrate data from corporate networks and encrypt it

Somnia is a new ransomware used by pro-Russia “From Russia with Love” (aka FRwL, Z-Team, UAC-0118) hackers against targets in Ukraine. CERT-UA cybersecurity experts denounce this. First of all, the Threat Actor infects the employees with the Avidar installer via fake sites that mimic Advanced IP Scanner. Avidar steals the victim’s Telegram data to take control of their account. The next step is to get the user VPN connection data to gain unauthorized access to the employer’s corporate network. Then, the malicious hackers exploited Netscan for recoinnassance and deployed a Cobalt Strike beacon. Finally they exfiltrate data and encrypted the system with the malware.

Back To Top