SSCS warns of a new cyber attack on state institutions by mass emailing
The State Service for Special Communications and Information Protection warns of dangerous e-mails being sent en masse from compromised addresses of Ukrainian state institutions.
Emails with the subject "Joint official report on the humanitarian situation. Ukraine" have attachments in the form of an XLS document "Humanitarian catastrophe of Ukraine since February 24, 2022.xls".
As the State Special Communications Service notes, this document contains a macro which, if activated, will create and open a "baseupd.exe" file on the computer. As a result, the device will be affected by the Cobalt Strike Beacon malware.
The attack is associated with the activity of the UAC-0056 group. Last week's cyber attack was linked to the same group.
CERT-UA specialists are taking measures to identify the circumstances under which the email accounts were compromised, as well as to block the malware management server.
Cyber experts recommend using multi-factor authentication for email.
As IMI reported, on July 7 The State Service for Special Communications and Information Protection of Ukraine reported a new cyber attack on Ukrainian government institutions, conducted through sending emails with the subject "Specialized prosecutor's office in the military and defense field. Information on the vacancies and their staffing." The emails had an XLS document attached; this document contains a macro which, if activated, will create and open a "write.exe" file on the computer. As a result, the device will be affected by the Cobalt Strike Beacon malware.
Help us be even more cool!