The
Computer
Emergency
Response
Team
of
Ukraine
(CERT-UA)
has
issued
an
alert
warning
of
cyber
attacks
against
state
authorities
in
the
country
that
deploy
a
legitimate
remote
access
software
named
Remcos.
The
mass
phishing
campaign
has
been
attributed
to
a
threat
actor
it
tracks
as
UAC-0050,
with
the
agency
describing
the
activity
as
likely
motivated
by
espionage
given
the
toolset
employed.
The
bogus
emails
that
kick-start
the
infection
sequence
claim
to
be
from
Ukrainian
telecom
company
Ukrtelecom
and
come
bearing
a
decoy
RAR
archive.
Of
the
two
files
present
in
the
file,
one
is
a
password-protected
RAR
archive
that’s
over
600MB
and
the
other
is
a
text
file
containing
the
password
to
open
the
RAR
file.
Embedded
within
the
second
RAR
archive
is
an
executable
that
leads
to
the
installation
of
the
Remcos
remote
access
software,
granting
the
attacker
full
access
to
commandeer
compromised
computers.
Remcos,
short
for
remote
control
and
surveillance
software,
is
offered
by
Breaking
Security
either
for
free
or
as
a
premium
version
that
costs
anywhere
between
€58
and
€945.
The
Italian
company
calls
it
a
“lightweight,
fast
and
highly
customizable
Remote
Administration
Tool
with
a
wide
array
of
functionalities.”
The
latest
CERT-UA
advisory
comes
as
the
State
Cyber
Protection
Centre
(SCPC)
of
Ukraine
pointed
fingers
at
a
Russian
state-sponsored
threat
actor
known
as
Gamaredon
for
its
targeted
assaults
aimed
at
public
authorities
and
critical
information
infrastructure.
this
article
interesting?
Follow
us
on
and
to
read
more
exclusive
content
we
post.
About Author
