August 21, 2024 at 02:27AM
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of new phishing attacks with the objective to infect devices with malware, attributed to the threat cluster UAC-0020 (Vermin). The attacks involve phishing messages with photos of prisoners of war, leading to the installation of spyware SPECTR and new malware FIRMACHAGENT, linking back to security agencies of the Luhansk People’s Republic. Earlier campaigns targeted defense forces with SPECTR. (Words: 50)
Based on the meeting notes, the Computer Emergency Response Team of Ukraine (CERT-UA) has issued a warning about new phishing attacks aimed at infecting devices with malware. The attacks are attributed to a threat cluster known as UAC-0020, also called Vermin, and are linked to the Luhansk People’s Republic (LPR). The attacks start with phishing messages containing photos of alleged prisoners of war, leading recipients to click on a link to a ZIP archive. The ZIP file contains a Microsoft Compiled HTML Help (CHM) file that embeds JavaScript code, which installs spyware SPECTR and a new malware called FIRMACHAGENT. The purpose of FIRMACHAGENT is to retrieve data stolen by SPECTR and send it to a remote management server. Additionally, SPECTR targets defense forces in the country and is designed to harvest information from various apps like Element, Signal, Skype, and Telegram.