Attackers targeted a large, unnamed software development company in Ukraine that services various state entities with a “fairly uncommon” piece of malware in recent weeks, researchers with Cisco Talos said Thursday.
The unknown hackers used a slightly modified version of an open-source backdoor named “GoMet,” the researchers said, that at least two sophisticated hacking groups have used since 2020.
Despite the fact that the Talos researchers found no indication that the attackers successfully exploited the tool, they are concerned nonetheless, they said.
“As this firm is involved in software development, we cannot ignore the possibility that a supply chain-style attack might have been this campaign’s end goal,” the researchers said.
Cyberattacks have increasingly bombarded both private and government entities in Ukraine since the first Russian invasion of Ukraine in 2014 and as part of the war that began Feb. 24. Ukrainian officials who track cyber “incidents” recorded at least 64 in second quarter of 2022, up from 40 the previous quarter, officials said in a recent report with details of new and ongoing attacks emerging regularly.
A successful attack on a software provider could “be leveraged in a variety of ways including deeper access or to launch additional attacks, including the potential for software supply chain compromise,” the researchers wrote.
“Ukraine is still facing a well-funded, determined adversary that can inflict damage in a variety of ways,” they said. “This is just the latest example of those attempts.”