CERT-UA Identifies Malicious RDP Files in Latest Attack on Ukrainian Entities

October 26, 2024 at 12:25AM The Computer Emergency Response Team of Ukraine (CERT-UA) warns of a malicious email campaign targeting government and military bodies, linked to the Russian hacking group APT29. These emails use fake AWS domains to deploy Remote Desktop Protocol files for unauthorized access. CERT-UA also reports multiple ongoing cyber threats against Ukraine. … Read more

Ukraine Warns of New Phishing Campaign Targeting Government Computers

August 13, 2024 at 01:48AM Ukraine’s CERT-UA warns of a new phishing campaign impersonating the Security Service of Ukraine, distributing malware ANONVNC for remote desktop access. Over 100 computers, including government bodies, have been infected. Attack involves mass email distribution of ZIP archive with a malicious MSI installer file. CERT-UA also attributes phishing attacks to … Read more

Ukraine CERT: Mass Phishing Campaign Poses as Nation’s Security Service

August 12, 2024 at 02:39PM Ukraine’s CERT-UA discovered malicious software being distributed through emails impersonating the country’s Security Service. The emails contain a link to download a file triggering the ANONVNC malware, allowing attackers to access victims’ devices. More than 100 government devices have been affected, and users are advised to contact CERT-UA if suspicious. … Read more

Hackers posing as Ukraine’s Security Service infect 100 govt PCs

August 12, 2024 at 02:15PM Impersonating the Security Service of Ukraine, attackers used malicious emails to target government agencies, infecting over 100 computers with AnonVNC malware. The emails included a link to a malicious attachment, and the attacks began in July 2024. This incident adds to a series of cyber attacks targeting Ukraine, including the … Read more

SPECTR Malware Targets Ukraine Defense Forces in SickSync Campaign

June 7, 2024 at 03:54AM Ukraine’s CERT-UA warns of cyber attacks targeting defense forces with SPECTR malware, part of espionage campaign SickSync. Attacks attributed to UAC-0020 (Vermin), associated with Luhansk People’s Republic. SPECTR steals information by grabbing screenshots, harvesting files, and stealing credentials. Vermin group observed previously orchestrating phishing campaigns using SPECTR. CERT-UA also warned … Read more

Ukraine says hackers abuse SyncThing tool to steal data

June 7, 2024 at 03:36AM The Computer Emergency Response Team of Ukraine (CERT-UA) warns of the “SickSync” campaign by UAC-0020 (Vermin), a hacker group associated with the Russian-occupied Luhansk region. The attack uses SyncThing and SPECTR malware to steal military data. Vermin modified SyncThing and used SPECTR to exfiltrate data, posing a serious security threat. … Read more

Ukraine says hackers abuse SyncThing data sync tool to steal data

June 6, 2024 at 04:48PM The “SickSync” campaign, attributed to the UAC-0020 hacking group linked to the Luhansk People’s Republic, targets Ukrainian defense forces. The attack uses SyncThing and SPECTR malware to steal sensitive military data. SPECTR’s capabilities include taking screenshots, copying files, and stealing data from various applications and browsers. CERT-UA urges investigating any … Read more

Russian Sandworm hackers targeted 20 critical orgs in Ukraine

April 22, 2024 at 08:34AM The Russian hacker group Sandworm, also known as BlackEnergy, Seashell Blizzard, Voodoo Bear, and APT44, carried out disruptive cyberattacks on critical infrastructure in Ukraine. The attacks targeted energy, water, and heating suppliers, exploiting weaknesses in cybersecurity practices. CERT-UA conducted counter-cyberattack operations from March 7 to March 15, 2024, and identified … Read more

PurpleFox malware infected thousands of systems in Ukraine

February 1, 2024 at 12:15PM CERT-UA warns of the PurpleFox malware infecting over 2,000 Ukrainian computers with potential backdoor, DDoS, and downloader capabilities. It utilizes a rootkit to persist and conceal its presence. CERT-UA provides methods to detect and remove the malware, including checking network connections, registry values, event logs, and specific file locations, and … Read more

CERT-UA Reports: 11 Ukrainian Telecom Providers Hit by Cyberattacks

October 17, 2023 at 02:09AM Between May and September 2023, at least 11 telecommunication service providers in Ukraine were targeted by threat actors. The attacks, carried out under the name UAC-0165, caused service interruptions for customers. The attackers used reconnaissance and exploitation techniques from previously compromised servers, employing specialized programs for credential theft and remote … Read more