Ukrainian authorities are warning of a new malware campaign targeting government entities with emails masquerading to be from the Security Service of Ukraine.
On August 12th, the Computer Emergency Response Team of Ukraine (CERT-UA) noticed that attackers posing as the Security Service of Ukraine were mass-distributing emails with malicious software.
CERT-UA has identified more than 100 affected computers, mostly among central and local government bodies in Ukraine.
The malicious emails contained a link leading to the download of a file called "Documents.zip." ZIP is an archive file format that supports lossless data compression. However, in this case, the link triggered the download of an MSI file. The MSI file extension is used to install software on Windows operating systems.
When opened, the downloaded file launches ANONVNC malware, which enables the attacker to gain unauthorized access to the victim’s PC.
CERT-UA has taken urgent measures to mitigate the threat. “We urge everyone concerned to be especially attentive and immediately contact CERT-UA in case of suspicious activity,” wrote the response team in a press release.
Since the outbreak of war in Ukraine, cyber warfare on both sides has intensified, targeting strategic infrastructure to get an edge in conventional warfare.
The authorities have not indicated who could be potentially responsible for the current malware campaign. However, Russia-linked threat actors have targeted the Ukrainian government and other organizations.
According to a report by Ukraine’s State Cyber Defence Center, there has been a significant 62.5% increase in cyber incidents in Ukraine compared to 2022.
At the beginning of January, Ukrainian officers were targeted by malware delivered through messages on Signal. The deceptive messages falsely presented themselves as associated with recruitment for the 3rd Separate Assault Brigade (AFU) and the Israel Defense Forces (IDF).
Reportedly, in June, attackers attempted to use the Signal messaging app to infect Ukrainian civil service officials and military personnel.
The same month, Russian-backed cybercriminal group APT28 launched a new phishing campaign, targeting Ukraine's military to steal login info.
The Russian-linked threat actors NoName have been relentlessly targeting the Ukrainian financial sector. DDoS attacks have affected four of the nation's largest commercial banks, including First Ukrainian International Bank (PUMB), State Savings Bank of Ukraine (Oshchadbank), Credit Agricole Bank, and Universal Bank.
Reportedly, International Criminal Court (ICC) prosecutors are currently investigating alleged Russian cyberattacks on Ukrainian civilian infrastructure as possible war crimes.
Your email address will not be published. Required fields are markedmarked