CERTUA has issued a critical warning regarding two recent phishing campaigns targeting government bodies in Ukraine amidst the ongoing conflict with Russia.

Description

The first campaign [1], known as UAC0198 [4] [5], involves attackers impersonating the Security Service of Ukraine and distributing a dangerous malware infection through phishing emails containing a link to download a file named “Documents.zip.” Once clicked [6], an MSI file is downloaded [6], activating the ANONVNC malware [1] [4] [6], allowing attackers to gain unauthorized control over infected systems [6]. Over 100 computers within state and local government agencies in Ukraine have been compromised by this campaign. Additionally, related cyberattacks involving EXE and MSI files found in pCloud directories have been reported [4]. The second campaign [1], linked to UAC0057 [3], distributes PicassoLoader malware through phishing attacks [1], leading to the deployment of Cobalt Strike Beacon software [1]. These attacks pose a significant threat to specialists and contractors working with local governments in Ukraine [1]. CERTUA advises caution and prompt reporting of suspicious activity to mitigate the threat and emphasizes the urgent need for enhanced cyber defense capabilities. The attacks highlight the persistent and evolving nature of threats facing Ukraine’s digital infrastructure [6].

Conclusion

These phishing campaigns targeting government bodies in Ukraine have had significant impacts, compromising over 100 computers and posing a threat to specialists and contractors. To mitigate the threat [2] [6], CERTUA advises caution and prompt reporting of suspicious activity [2], emphasizing the urgent need for enhanced cyber defense capabilities [5]. These attacks underscore the persistent and evolving nature of threats facing Ukraine’s digital infrastructure [6], highlighting the importance of proactive cybersecurity measures.

References

[1] https://www.techradar.com/pro/new-phishing-campaign-disguised-as-ukraines-security-service-targeting-government-computers
[2] https://www.darkreading.com/vulnerabilities-threats/ukraine-cert-phishing-campaign-poses-as-nations-security-service
[3] https://thehackernews.com/2024/08/ukraine-warns-of-new-phishing-campaign.html
[4] https://securityaffairs.com/166970/apt/cert-ua-warns-security-service-of-ukraine-campaign.html
[5] https://socprime.com/blog/uac-0198-attack-detection-adversaries-massively-distribute-phishing-emails-spreading-anonvnc-meshagent-malware-to-target-ukrainian-state-bodies/
[6] https://cybermaterial.com/phishing-campaign-targets-ukraine-govt/