SSCS warns of malicious emails purportedly from the SESU with a subject line about Iranian drones
The State Service for Special Communications and Information Protection of Ukraine is warning the citizens of malicious emails, purportedly sent by the State Emergency Service of Ukraine, with a subject line about the Iranian Shahed-136 suicide drones. This is reported on the website of the SSCS.
According to the service, they received reports of the emails on December 8 from cyber security specialists at JSC "Ukrzaliznytsia". The emails with the subject line "How to recognize a suicide drone" were sent, purportedly, by the State Emergency Service from firstname.lastname@example.org[.]ua. The corresponding domain name was registered a month ago – on November 8.
The State Security Service notes that there is a RAR archive titled "shahed-136.rar" attached to the emails, which contains a PPSX document "shahed.ppsx". Opening it will download a file classified as a Delphi malware onto the device.
"The main function of the program is to collect information about the computer (host name, user name, bit rate, OS version, values of environment variables), launch EXE/DLL files, display the files list and download them, as well as to create and exfiltrate screenshots," states the State Special Communications Service.
Earlier, in October-November of this year, similar emails, posing as the State Special Communications Service, the press service of the UAF General Staff, the Security Service of Ukraine, and even from CERT-UA, were recorded.
Help us be even more cool!