Disrupting FlyingYeti's campaign targeting Ukraine
Essential information
- Published
- 31/05/2024 12:19
- Modified
- 31/05/2024 12:33
- Tags
- 2024-05-31 CVE-2023-38831 cookbox malware phishing russia ukraine
- Related entities
- 1 vulnerabilities (cve), 8 observables, 1 intrusion sets (apt), 10 techniques (mitre), 1 malware, 2 others
Description
This report details Cloudforce One's real-time effort to detect, deny, degrade, disrupt, and delay a phishing campaign by the Russia-aligned threat actor FlyingYeti targeting Ukraine. The campaign aimed to capitalize on anxiety over potential loss of housing and utilities by enticing targets to open malicious files containing the COOKBOX malware. Cloudforce One's mitigations prolonged the operational timeline from days to weeks, hindering the actor's objectives.