Three Ukrainian cybersecurity agencies (Ukrainian Secret Service, Ukrainian Cyber Police, and CERT Ukraine), including the Ukrainian Secret Service, warned last week of a “massive” spear-phishing campaign conducted by Russia-linked hackers against its government and organizations in the private industry.
This is the third massive spear-phishing campaign that the Ukrainian government attributed to Russia-linked threat actors this year.
The phishing messages employed in the operation pose as representatives for the Kyiv Patrol Police Department and warn recipients of problems with the payment of local taxes.
“Specialists of the Security Service of Ukraine established that in early June this year, mass e-mails were sent with the sender’s address changed. Messages, in particular, allegedly from the Kyiv Patrol Police Department contained malicious attachments and were sent to the addresses of a number of government agencies.” reads the alert published by the Ukrainian Secret Service.
According to the national CERT, the attackers send messages on behalf of government agencies that use the following statement in their subject: “You didn’t pay taxes. Details in the file… »,« a criminal case has been filed against you. Details in the application… »
The messages use a RAR archive as an attachment and trick victims into opening it. Upon downloading and opening the archive, an EXE file with a double extension, filename.pdf.exe, is dropped on the system.
When the recipient runs the files will install a modified version of RemoteUtilities, a remote administration software. The software connects to command and control servers located in Russia, Germany, and the Netherlands.
The Ukrainian Security Service shared indicators of compromise for this attack on the platform “MISP-UA”.
Below the recommendations by the CERT:
In February, the Ukraine ‘s government blamed a Russia-linked APT group for an attack on a government document management system, the System of Electronic Interaction of Executive Bodies (SEI EB).
According to Ukrainian officials, the hackers aimed at disseminating malicious documents to government agencies.
The SEI EB is used by the Ukrainian government agencies to share documents.
According to Ukraine’s National Security and Defense Council, attackers acted to conduct “the mass contamination of information resources of public authorities.”
In the same period, Ukraine accused unnamed Russian internet networks of massive attacks that targeted Ukrainian security and defense websites. The Ukrainian officials did not provide details about the attacks either the damage they have caused.
(SecurityAffairs – hacking, Ukraine)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.