SSCS reports hackers mass sending emails purportedly from "Ukrtelecom"
The state Computer Emergency Response Team (CERT-UA) recorded emails with malware links being sent en masse, purportedly from "Ukrtelecom". This was reported on the website of the State Special Communications Service.
The emails were mainly received by state authorities, possibly for espionage purposes, the SSCS notes.
The email's subject line read: "Legal complaint against your personal account # 7192206443063763 dated: 02/06/2023".
The letter contained a RAR archive titled "letter from court, information on debt.rar". The archive contains a text document which reads "Your personal access code -254507.txt" and another RAR archive titled "letter from court, information on debt. pdf.rar", protected with a password. The second archive contains an executable file "court letter, information on debt.pdf.exe" over 600 MB in size.
Running this EXE file will install "Remcos" – a remote monitoring and surveillance program – onto the victim's computer. This program, developed by BreakingSecurity, is a legitimate remote administration tool, and its Professional version is sold on the manufacturer's website for €58.
"Since such cyberattacks usually (but not exclusively) target Ukraine's state bodies, and into account the functionality of the software in question, we believe that the attacks are intended for espionage," the SSCS notes.
Help us be even more cool!