FSB-linked hacker group disguises as Ukrainian officials to spread malware


Armageddon, a hacker group affiliated with the Russian government, has been observed sending phishing emails on behalf of the State Service of Special Communications and Information Protection of Ukraine (SSSCIP).

Ukraine's Computer Emergency Response Team (CERT) detected a large number of emails containing malicious links. Following the malicious link triggers malware – most commonly data-stealing malware – download.

Phishing emails are being spread using @mail.gov.ua.

"It means that the criminals are getting increasingly scrupulous in disguising themselves as Ukrainian public officials," CERT-UA said.

It assesses that Armageddon (UAC-0010) is behind the campaign. This hacking group is associated with Russia's Federal Security Service (FSB).

"They are among the most active groups attacking Ukraine since the beginning of Russia's full-scale military invasion of Ukraine. Criminals are usually exploiting topics that are sensitive and important for Ukrainians," SSSCIP said.

Threat actors increasingly impersonate Ukrainian officials to spread phishing emails and deliver payloads. They've been observed spoofing a number of security and defense agencies, including the Security Service of Ukraine.

"Please be extra cautious when handling any received messages. Do not open and do not download suspicious files and links. Please double-check the sender whenever possible," SSSCIP warned.