A new phishing campaign has been discovered targeting the computers of Ukraine’s government disguising itself as the Security Service of Ukraine.
The campaign was brought to light by the Computer Emergency Response Team of Ukraine (CERT-UA), in a warning that disclosed that, if successful, the attack could deploy malware enabling remote desktop access.
So far, over 100 computers have been infected by the campaign since July 2024.
ANONVNC malware
CERT-UA has labelled the activity as UAC-0198, with the malware in use by the attackers being a modification of the MeshAgent remote management system. The attackers will send an email that appears to be from the Security Service of Ukraine which contains a ZIP file containing an MSI installer which is loaded with the malware named ANONVNC.
CERT-UA also warned that an additional threat actor tracked as UAC-0057 has been distributing PicassoLoader malware via phishing attacks, which eventually leads to the deployment of Cobalt Strike Beacon software.
In a statement on the attacks, CERT-UA warned, “It is reasonable to assume that the objects of interest of UAC-0057 could be both specialists of project offices and their ‘contractors’ from among the employees of the relevant local governments of Ukraine.”
A further threat actor, UAC-0102 has been running a campaign using phishing emails containing HTML attachments that appear to be the UKR.NET login page, but any credentials entered are stolen by the attackers.
Ukraine has been increasingly targeted by cyber attacks since Russia’s invasion in February 2022, with several attempts to knock out key infrastructure such as mobile networks and internet service providers proving successful.
Via TheHackerNews
+ There are no comments
Add yours