The Pc Emergency Response Staff of Ukraine (CERT-UA) has warned of a brand new phishing marketing campaign that masquerades because the Safety Service of Ukraine to distribute malware able to distant desktop entry.
The company is monitoring the exercise beneath the identify UAC-0198. Greater than 100 computer systems are estimated to have been contaminated since July 2024, together with these associated to authorities our bodies within the nation.
The assault chains contain the mass distribution of emails to ship a ZIP archive file containing an MSI installer file, the opening of which results in the deployment of malware referred to as ANONVNC.
ANONVNC, which is predicated on an open-source distant administration device referred to as MeshAgent, permits for stealthy unauthorized entry to the contaminated hosts.
The event comes as CERT-UA attributed the hacking group UAC-0102 to phishing assaults propagating HTML attachments that mimic the login web page of UKR.NET to steal customers’ credentials.
Over the previous few weeks, the company has additionally warned of a surge in campaigns distributing the PicassoLoader malware with the top objective of deploying Cobalt Strike Beacon on compromised methods. The assaults have been linked to a risk actor tracked as UAC-0057.
“It is reasonable to assume that the objects of interest of UAC-0057 could be both specialists of project offices and their ‘contractors’ from among the employees of the relevant local governments of Ukraine,” CERT-UA stated.
