Russian hacktivists hit Ukrainian orgs with ransomware - but no ransom demands
The team does not specify at which point the hacktivists took the attack over from the IAB, but say that, “Having gained remote access to the organization’s computer network using a VPN, the attackers conducted reconnaissance (in particular, used Netscan), launched the Cobalt Strike Beacon program, and also exfiltrated data, as evidenced by the use of the Rсlone program.” ... “It should be noted that the Vidar stealer, among other things, steals Telegram session data, which, in the absence of configured two-factor authentication and a passcode, allows unauthorized access to the victim’s account,” CERT-UA explained. Malware: Vidar, Somnia [View Article](https://www.helpnetsecurity.com/2022/11/14/somnia-ransomware-ukrainian/)