A new phishing campaign targeting Ukrainian government computers has been discovered, impersonating the Security Service of Ukraine.
The campaign was revealed by the Computer Emergency Response Team of Ukraine (CERT-UA), in a warning that revealed that if successful, the attack could be deployed Malicious program allowing remote desktop access.
So far, more than 100 computers have been infected by the campaign since July 2024.
ANONVNC malware
CERT-UA has labeled the activity as UAC-0198 and the malware used by the attackers is a modification of the MeshAgent remote management system. The attackers send an email that appears to come from the Security Service of Ukraine and contains a ZIP file containing an MSI installer loaded with the malware called ANONVNC.
CERT-UA also warned that an additional threat actor identified as UAC-0057 has been distributing PicassoLoader malware via phishing attacks, eventually leading to the deployment of Cobalt Strike Beacon software.
In a statement on the attacks, CERT-UA warned: “It is reasonable to assume that the targets of UAC-0057 could be both specialists of project offices and their ‘contractors’ from among employees of relevant local governments in Ukraine.”
Another threat actor, UAC-0102, has been running a campaign using phishing emails containing HTML attachments that appear to be the UKR.NET login page, but the attackers steal all entered credentials.
Ukraine has been increasingly targeted by cyberattacks since the Russian invasion in February 2022, with several attempts to destroy key infrastructure such as mobile networks and internet service providers proving to be a success.
Through Hackers News
