New phishing campaign disguised as Ukrainian security service targets government computers
A new phishing campaign was discovered targeting Ukrainian government computers and posing as the Security Service of Ukraine.
The campaign was brought to light by the Computer Emergency Response Team of Ukraine (CERT-UA) in an alert, which said that if successful, the attack could have the following effects: Malware Enabling Remote Desktop Access.
So far, over 100 computers have been infected by the campaign since July 2024.
ANONVNC malware
CERT-UA has dubbed the activity UAC-0198, with the malware used by the attackers being a modification of the MeshAgent remote management system. The attackers send an email seemingly from the Security Service of Ukraine containing a ZIP file with an MSI installer loaded with the malware, called ANONVNC.
CERT-UA also warned that another threat actor, dubbed UAC-0057, distributed the PicassoLoader malware via phishing attacks, which ultimately led to the deployment of the Cobalt Strike Beacon software.
In a statement on the attacks, CERT-UA warned: “It is assumed that the targets of UAC-0057 could be both specialists from project offices and their ‘contractors’ from among the employees of the relevant local governments of Ukraine.”
Another threat actor, UAC-0102, has been running a campaign of phishing emails with HTML attachments pretending to be the UKR.NET login page, but the attackers steal any credentials entered.
Ukraine has become an increasing target of cyberattacks since Russia’s invasion in February 2022. There have been several attempts to paralyze key infrastructure, such as Mobile networks And Internet service provider prove successful.
Over TheHackerNews