August 13, 2024 at 01:48AM
Ukraine’s CERT-UA warns of a new phishing campaign impersonating the Security Service of Ukraine, distributing malware ANONVNC for remote desktop access. Over 100 computers, including government bodies, have been infected. Attack involves mass email distribution of ZIP archive with a malicious MSI installer file. CERT-UA also attributes phishing attacks to hacking group UAC-0102.
From the meeting notes:
– The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign masquerading as the Security Service of Ukraine, distributing malware capable of remote desktop access, identified as UAC-0198.
– More than 100 computers, including those related to government bodies, are estimated to be infected since July 2024.
– The attack involves the mass distribution of emails containing a ZIP archive file with an MSI installer that leads to the deployment of ANONVNC malware, based on open-source remote management tool MeshAgent.
– CERT-UA also attributed phishing attacks to hacking group UAC-0102, propagating HTML attachments mimicking the login page of UKR.NET to steal users’ credentials.
– Campaigns distributing PicassoLoader malware have surged, aiming to deploy Cobalt Strike Beacon on compromised systems, linked to threat actor UAC-0057.
Please let me know if you need further details or analysis on this information.