New Phishing Campaign Targeting Government Computers Alerted by Ukraine
Ukraine’s Computer Emergency Response Team (CERT-UA) has issued a warning regarding a fresh phishing operation that pretends to be the Security Service of Ukraine in order to spread malicious software that enables remote desktop connections.
The organization is monitoring this activity labeled UAC-0198. More than 100 systems are believed to have been compromised since July 2024, with government agencies in the nation being among the targets.
The assault strategy involves sending out bulk emails with a ZIP file attached containing an MSI installer, which when opened triggers the installation of a malware known as ANONVNC.
ANONVNC, derived from an open-source remote management utility called MeshAgent, permits discreet unauthorized entry to the compromised machines.
This development comes as CERT-UA has pinned the blame on hacking syndicate UAC-0102 for using phishing tactics with HTML attachments that impersonate the UKR.NET login page to steal user credentials.
Recently, the agency has also cautioned about an uptick in assaults dispersing the PicassoLoader malware, with the primary objective being the deployment of Cobalt Strike Beacon on compromised devices. These attacks have been linked to a group known as UAC-0057.
“It is conceivable that the targets of UAC-0057 might encompass both project office specialists and their ‘contractors’ from the staff of corresponding local government bodies in Ukraine,” affirmed CERT-UA stated.
About Author
