HOTLINE(050) 447-70-63
We are available 24/7
Leave your contact details
and we contact you
Thank you for reaching out

Or contact us:

[email protected]

(050) 447-70-63

File a complaint

Hackers are mailing out a malicious link, posing as the SSCS – CERT-UA

09.11.2022, 10:40

Since November 7, the government's Computer Emergency Response Team of Ukraine (CERT-UA) has been recording emails with a malicious link, purportedly sent by the State Special Communications Service. This was reported by the CERT-UA press service.

The cyber attack is attributed to the UAC-0010 (Armageddon) group.

Clicking the link will download an HTML file with a JavaScript code that will create a RAR archive on the victim's computer, such as “08.11.2022.rar”.

The archive contains a shortcut file "TIP tools containing an expert opinion on compliance with technical information protection requirements.lnk"; opening the file will download and launch an HTA file. This, in turn, will cause a scheduled task to be created and a VBScript code to be run.

Finally, CERT-UA notes, other malicious software, namely for file theft, will be downloaded to the computer.

Emails are being sent through the service. Moreover, as was the case before, the criminals are either using a third-party service (cloudflare-dns[.]com) or Telegram to determine the management server's IP address, CERT-UA notes.

Liked the article?
Help us be even more cool!