New Somnia ransomware attacks target corporations in Ukraine

The Computer Emergency Response Team of Ukraine (CERT-UA) reported the spread of a new ransomware strain called ‘Somnia’, attributing the attacks to the Russian threat actor known as ‘From Russia with Love’ (FRwL), also known as ‘Z-Team’. The ransomware attacks targeted Ukrainian corporations’ employees, using their Telegram accounts to try and gain access to a corporate network.

As explained by CERT-UA, the group used fake sites that mimic the ‘Advanced IP Scanner’ software, which, if downloaded, infects the victim’s computer with the Vidar data-stealing malware that can capture Telegram session data, as well as take over the victim’s account.

Then, the threat actors used victims’ Telegram accounts to gain access to the corporate network. Once access to the target’s network was obtained, the hackers executed reconnaissance operations using tools like Netscan and deployed Cobalt Strike Beacons before exfiltrating data.

According to CERT-UA, the group had previously revealed that they created Somnia ransomware on Telegram and posted evidence of the attacks they made against Ukrainian targets.

EU proposed actions to boost its cyber capabilities

The European Union has recently proposed a set of measures to help its armies move faster in times of conflict. The proposal aims to holistically strengthen the European infrastructure, focusing on cyberattacks and the protection of critical infrastructure, as well. The Action Plan on Military Mobility will help European armed forces to better respond to crises erupting at the EU’s external borders and beyond.