A new malware campaign targeting government entities with emails masquerading to be from the Security Service of Ukraine is being warned of by Ukrainian authorities.
On August 12th, it was noticed by the Computer Emergency Response Team of Ukraine (CERT-UA) that emails with malicious software were being mass-distributed by attackers posing as the Security Service of Ukraine.
More than 100 affected computers have been identified by CERT-UA, mostly among central and local government bodies in Ukraine.
The malicious emails contained a link prompting the download of a file called “Documents.zip.” ZIP is an archive file format that supports lossless data compression. Nonetheless, for this situation, the link set off the download of a MSI file. The MSI file extension is utilized to install software on Windows operating systems.
At the point when opened, the downloaded file dispatches ANONVNC malware, which empowers the attacker to acquire unapproved access to the victim’s PC.
CERT-UA has gone to critical lengths to alleviate the threat. “We ask everybody worried to be particularly mindful and quickly contact CERT-UA in the event of dubious action,” wrote the response team in a press release.
Since the episode of battle in Ukraine, cyber warfare on both sides has intensified, targeting strategic infrastructure to get an edge in conventional warfare.
The specialists have not shown who could be possibly answerable for the current malware crusade. Notwithstanding, Russia-linked threat actors have targeted the Ukrainian government and other organizations.
As per a report by Ukraine’s State Cyber Defence Center, there has been a significant 62.5% increase in cyber incidents in Ukraine compared to 2022.
Toward the start of January, Ukrainian officials were designated by malware conveyed through messages on Signal. The tricky messages dishonestly introduced themselves as related with recruitment for the 3rd Separate Assault Brigade (AFU) and the Israel Defense Forces (IDF).
In June, it was reported that the Signal messaging app was attempted to be used by attackers to infect Ukrainian civil service officials and military personnel.
The same month, Russian-backed cybercriminal group APT28 launched a new phishing campaign, targeting Ukraine’s military to steal login info.
The Russian-linked threat actors NoName have been persistently targeting the Ukrainian financial sector. DDoS attacks have impacted four of the country’s biggest business banks, including First Ukrainian Worldwide Bank (PUMB), Credit Agricole Bank, State Savings Bank of Ukraine (Oshchadbank) and Universal Bank.
Reportedly, alleged Russian cyberattacks on Ukrainian civilian infrastructure are currently being investigated by International Criminal Court (ICC) prosecutors as possible war crimes.
