New phishing campaign disguised as Ukraine’s Security Service targeting government computers
Security Service of Ukraine phishing emails hit government targets
A new phishing campaign has been discovered targeting the computers of Ukraine’s government disguising itself as the Security Service of Ukraine.
The campaign was brought to light by the Computer Emergency Response Team of Ukraine (CERT-UA), in a warning that disclosed that, if successful, the attack could deploy malware enabling remote desktop access.
So far, over 100 computers have been infected by the campaign since July 2024.
ANONVNC malware
CERT-UA has labelled the activity as UAC-0198, with the malware in use by the attackers being a modification of the MeshAgent remote management system. The attackers will send an email that appears to be from the Security Service of Ukraine which contains a ZIP file containing an MSI installer which is loaded with the malware named ANONVNC.
CERT-UA also warned that an additional threat actor tracked as UAC-0057 has been distributing PicassoLoader malware via phishing attacks, which eventually leads to the deployment of Cobalt Strike Beacon software.
In a statement on the attacks, CERT-UA warned, “It is reasonable to assume that the objects of interest of UAC-0057 could be both specialists of project offices and their 'contractors' from among the employees of the relevant local governments of Ukraine.”
A further threat actor, UAC-0102 has been running a campaign using phishing emails containing HTML attachments that appear to be the UKR.NET login page, but any credentials entered are stolen by the attackers.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Ukraine has been increasingly targeted by cyber attacks since Russia’s invasion in February 2022, with several attempts to knock out key infrastructure such as mobile networks and internet service providers proving successful.
Via TheHackerNews
More from TechRadar Pro
- These are the best firewalls around right now
- Russia’s shadow war against Europe has begun as cyber attacks abusing Microsoft infrastructure increase
- Take a look at our guide to the best endpoint protection tools available
Benedict has been writing about security issues for close to 5 years, at first covering geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division). Benedict then continued his studies at a postgraduate level and achieved a distinction in MA Security, Intelligence and Diplomacy. Benedict transitioned his security interests towards cybersecurity upon joining TechRadar Pro as a Staff Writer, focusing on state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.