Cyber attack targets Ukrainian authorities by email
The Computer Emergency Response Team of Ukraine (CERT-UA), which operates under the State Service of Special Communications and Information Protection of Ukraine, warns of a new cyber attack on organizations and institutions of Ukraine with the means of the Remote Utilities program.
Rubryka reports this with reference to the Telegram channel of the State Service of Special Communications and Information Protection of Ukraine.
It is noted in the department's message that cybercriminals allegedly send e-mails from the staff of the National Security and Defense Council of Ukraine to gain remote computer access.
CERT-UA experts warn:
"CERT-UA specialists have detected a mass distribution of dangerous e-mails that seem to come from the staff of the National Security and Defense Council of Ukraine. They have the subject "RE: Critical security update" written in Ukrainian and an attachment in the form of a RAR archive with the name "KB5017371 security system update.rar ". The archive contains a decoy image "instruction Important to read.jpg" and a split archive with the executable file "KB5017371.exe".
The experts also mention that a legitimate Remote Utilities program will be installed on your computer if you download, unzip, and run the archive's contents. It provides hidden remote access to the device to third parties. The identifier UAC-0096 tracks the detected activity.
Details can be viewed on the CERT-UA website.
In addition, State Service of Special Communications and Information Protection of Ukraine specialists prescribe the following safety rules for using e-mail or instant messengers:
- remember to take care of your security in cyberspace;
- follow the cyber hygiene rules;
- be careful of any messages you receive by email or via messaging services;
- remember that hackers often disguise themselves as public authorities, official institutions, etc.;
- do not open any attached files, and do not follow any links unless you are sure they are safe.
For reference:
Cybercriminals recently distributed e-mails allegedly on behalf of the telecommunication company "Ukrtelecom," probably for espionage.
At the beginning of February, CERT-UA specialists discovered a dangerous site imitating the official web resource of the Ministry of Foreign Affairs of Ukraine. Hackers tried to steal data via that site.
In December 2022, e-mails with dangerous attachments were sent allegedly on behalf of the State Emergency Service of Ukraine (criminals used the theme of Iranian kamikaze drones Shahed-136). In October-November last year, similar mailings were recorded allegedly on behalf of the State Service of Special Communications and Information Protection of Ukraine, the press service of the General Staff of the Armed Forces of Ukraine, the Security Service of Ukraine, and even from CERT-UA.
In addition, russian hackers wanted to break into the computer networks of houses in one of the border regions of Ukraine.