Ukraine alerts public to fresh phishing scam on government devices

August 13, 2024
1 min read


TLDR:

Ukraine’s CERT-UA has warned of a new phishing campaign targeting government computers, distributing malware for remote desktop access. The attack involves mass emails with ZIP files containing malware, including ANONVNC based on MeshAgent. This comes as the agency also warns of other malware and phishing attacks targeting users’ credentials.

Article Summary:

The Computer Emergency Response Team of Ukraine (CERT-UA) has issued a warning about a new phishing campaign targeting government computers in Ukraine. The campaign, named UAC-0198, disguises itself as the Security Service of Ukraine and distributes malware capable of remote desktop access. This attack has already infected over 100 computers, including those belonging to government bodies in the country. The method used in this attack involves sending mass emails with ZIP archive files containing an MSI installer file that deploys malware named ANONVNC. This malware is based on an open-source tool called MeshAgent and allows unauthorized access to infected hosts.

In addition to this campaign, CERT-UA has linked other threats to hacking groups UAC-0102 and UAC-0057. UAC-0102 is responsible for phishing attacks using HTML attachments that mimic the login page of UKR.NET to steal users’ credentials. Meanwhile, UAC-0057 has been distributing the PicassoLoader malware with the goal of deploying Cobalt Strike Beacon on compromised systems. It is suggested that the targets of UAC-0057 could be specialists of project offices and employees of local governments in Ukraine.

Overall, the warning from CERT-UA highlights the ongoing cybersecurity threats faced by government entities and individuals in Ukraine. It underscores the importance of vigilance and robust cybersecurity measures to protect against phishing campaigns and malware attacks.


Latest from Blog

Top 20 Linux Admin Tools for 2024

TLDR: Top Linux Admin Tools in 2024 Key points: Linux admin tools streamline system configurations, performance monitoring, and security management. Popular Linux admin tools include Webmin, Puppet, Zabbix, Nagios, and Ansible. Summary

Bogus job tempts aerospace, energy workers

TLDR: A North Korean cyberespionage group is posing as job recruiters to target employees in aerospace and energy sectors. Mandiant reports that the group uses fake job descriptions stored in malicious archives