Table of Contents
"Top10VPN analyzed malware activity from IP addresses in Ukraine and Russia since February and found the biggest spikes related to malware that helps botnets to spread. Resurgent malware included trojans that previously played a key role in propagating notorious botnets long since dismantled by major international law enforcement operations.
Trojan malware with bigger increases in activity from Ukraine and Russia IP addresses than from the rest of the world since February 2022 included:
- Citadel Trojan: activity from Ukraine IPs up 3,440% in July, amost double the global trend.
- CoreBOT Trojan: activity from Ukraine IPs increased 126% in July, a 70% bigger rise than from the rest of the world.
- Wauchos Trojan: activity from Russian IPs increased 27% in July, at a time when it was decreasing slightly worldwide.
- Nivdort Trojan: activity from Ukraine IPs jumped 325% in September, almost 10 times the global increase.
Avalanche malware families using Russian and Ukraine IP addresses on the rise despite shutdown of Avalanche crime syndicate, with individual daily surges of as much as 1,500% compared to before February:
- Avalanche-Matsnu malware downloader: activity from Ukraine IPs was up by 50% or more in April, June and October. Activity from Russian IPs more than doubled in September.
- Avalance-Ranbyus banking trojan activity from Ukraine IPs doubled in May and rose by 40% from Russian IPs in September.
- Avalanche-Nymaim malware downloader: activity from Ukraine IPs surged by 82% in April.
Biggest surge in cyber attacks: Distributed-denial-of-service (DDOS) attacks originating from Ukraine increased 363% in March on average compared the average prior to February."
Simon Migliano
#Analysis #Trend #CyberAttack #Malware #DDoS #RusUkrWar
