New phishing campaign disguised as Ukraine’s Security Service targeting government computers

Security Service of Ukraine phishing emails hit government targets

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A new phishing campaign has been discovered targeting the computers of Ukraine’s government disguising itself as the Security Service of Ukraine.

The campaign was brought to light by the Computer Emergency Response Team of Ukraine (CERT-UA), in a warning that disclosed that, if successful, the attack could deploymalwareenabling remote desktop access.

So far, over 100 computers have been infected by the campaign since July 2024.

ANONVNC malware

CERT-UA has labelled the activity as UAC-0198, with the malware in use by the attackers being a modification of the MeshAgent remote management system. The attackers will send an email that appears to be from the Security Service of Ukraine which contains a ZIP file containing anMSIinstaller which is loaded with the malware named ANONVNC.

CERT-UA also warned that an additional threat actor tracked as UAC-0057 has been distributing PicassoLoader malware via phishing attacks, which eventually leads to the deployment of Cobalt Strike Beacon software.

In a statement on the attacks, CERT-UA warned, “It is reasonable to assume that the objects of interest of UAC-0057 could be both specialists of project offices and their ‘contractors’ from among the employees of the relevant local governments of Ukraine.”

A further threat actor, UAC-0102 has been running a campaign using phishing emails containing HTML attachments that appear to be the UKR.NET login page, but any credentials entered are stolen by the attackers.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Ukraine has been increasingly targeted by cyber attacks since Russia’s invasion in February 2022, with several attempts to knock out key infrastructure such asmobile networksandinternet service providersproving successful.

ViaTheHackerNews

More from TechRadar Pro

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division),  then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

New fanless cooling technology enhances energy efficiency for AI workloads by achieving a 90% reduction in cooling power consumption

Samsung plans record-breaking 400-layer NAND chip that could be key to breaking 200TB barrier for ultra large capacity AI hyperscaler SSDs

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)