UniCredit.ua and RBC.ua compromised with RIG exploit kit

Nick Bilogorskiy writes:

Cyphort Labs discovered a malware infection at the Ukrainian website of UniCredit bank –  unicredit.ua . UniCredit Group is a leading European commercial bank with an international network spanning 17 European countries with more than 149,000 employees.  It has 950 billion Euros in assets. UniCredit is the largest Italian bank by market capitalization.

The Ukrainian website unicredit.ua is the 704th most popular website in Ukraine, according to Alexa. This exploit does not trigger every time the site is loaded, so there must be some logic that controls the schedule of when the malware redirection occurs.


Interestingly, this is not the only attack on a prominent Ukrainian website this week. We have seen the same attack, likely by the same group – on another high profile Ukrainian news site: rbc.ua , two days ago – on Jul 13 09:31 UTC time.

RBC stands for RosBusinessConsulting, which is a large media group listed on russian stock exchange as RBCM . It has more than 1500 employees and revenue of  $81 million dollars.

Read more on Cyphort

h/t, @SwiftOnSecurity

About the author: Dissent

Comments are closed.