The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign that masquerades as the Security Service of Ukraine to distribute malware capable of remote desktop access.
The agency is tracking the activity under the name UAC-0198. More than 100 computers are estimated to have been infected since July 2024, including those related to government bodies in the country.
The attack chains involve the mass distribution of emails to deliver a ZIP archive file containing an MSI installer file, the opening of which leads to the deployment of malware called ANONVNC.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
ANONVNC, which is based on an open-source remote management tool called MeshAgent, allows for stealthy unauthorized access to the infected hosts.
The development comes as CERT-UA attributed the hacking group UAC-0102 to phishing attacks propagating HTML attachments that mimic the login page of UKR.NET to steal users’ credentials.
Over the past few weeks, the agency has also warned of a surge in campaigns distributing the PicassoLoader malware with the end goal of deploying Cobalt Strike Beacon on compromised systems. The attacks have been linked to a threat actor tracked as UAC-0057.
“It is reasonable to assume that the objects of interest of UAC-0057 could be both specialists of project offices and their ‘contractors’ from among the employees of the relevant local governments of Ukraine,” CERT-UA said.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Some parts of this article are sourced from:
thehackernews.com
How Phishing Attacks Adapt Quickly to Capitalize on Current Events