The government Computer Emergency Response Team (CERT-UA) has observed a phishing campaign designed to spy upon Ukrainian officials.
CERT-UA recorded a mass distribution of emails spoofing Ukrtelecom, a local telecommunications company.
A victim finds an email in his inbox with "Court claim against your personal account" in the subject line. A RAR archive disguised as a court letter containing information on the alleged debt is attached to the email.
Once victims try to open the archive, they get redirected to an EXE file that installs the Remcos remote monitoring and surveillance program developed by BreakingSecurity.
Remcos is a tool designed to "remotely control your computers, anywhere in the world." It has a freeware version, and its premium cost is around 60 euros.
This is not a new strategy to target victims – CERT-UA has been tracking the activity since at least 2020.
"Based on the fact that the objects of cyberattacks are usually (but not exclusively) the state authorities of Ukraine, and also, taking into account the functionality of the programs used, we believe that the activity is carried out for the purpose of espionage," CERT-UA said.
Your email address will not be published. Required fields are markedmarked