FSB-linked hacker group disguises as Ukrainian officials to spread malware

Armageddon, a hacker group affiliated with the Russian government, has been observed sending phishing emails on behalf of the State Service of Special Communications and Information Protection of Ukraine (SSSCIP).

Ukraine's Computer Emergency Response Team (CERT) detected a large number of emails containing malicious links. Following the malicious link triggers malware – most commonly data-stealing malware – download.

Phishing emails are being spread using @mail.gov.ua.

"It means that the criminals are getting increasingly scrupulous in disguising themselves as Ukrainian public officials," CERT-UA said.

It assesses that Armageddon (UAC-0010) is behind the campaign. This hacking group is associated with Russia's Federal Security Service (FSB).

"They are among the most active groups attacking Ukraine since the beginning of Russia's full-scale military invasion of Ukraine. Criminals are usually exploiting topics that are sensitive and important for Ukrainians," SSSCIP said.

Threat actors increasingly impersonate Ukrainian officials to spread phishing emails and deliver payloads. They've been observed spoofing a number of security and defense agencies, including the Security Service of Ukraine.

"Please be extra cautious when handling any received messages. Do not open and do not download suspicious files and links. Please double-check the sender whenever possible," SSSCIP warned.

More from Cybernews:

Russian hacktivist ‘noise’ may hide real dangers

Hackers were interested in Australia long before Medibank and Optus breaches

In elections, it’s easier to hack a human than a device

Bitcoin dominance less than three decades away, says online gaming entrepreneur

LG unveils stretchable display that could soon be everywhere

Subscribe to our newsletter