Researchers from Broadcom Symantec spotted a Russia-linked ATP group, tracked as Nodaria (aka UAC-0056), deploying new info-stealing malware, dubbed Graphiron, in attacks against Ukraine.
The Nodaria APT group has been active since at least March 2021, it focuses on Ukraine, despite it has been involved in attacks on targets in Kyrgyzstan and Georgia.
The Graphiron malware allows operators to harvest a wide range of information from the infected systems, including system info, credentials, screenshots, and files.
The malicious code is written in Go programming language, it was first observed in October 2022 and was involved in attacks since at least mid-January 2023.
Graphiron comprises two-stage components: a downloader (Downloader.Graphiron) and a payload (Infostealer.Graphiron).
