New phishing campaign disguised as Ukraine’s Security Service targeting government computers

Ukrainian cloud encrypted
(Image credit: Shutterstock)

A new phishing campaign has been discovered targeting the computers of Ukraine’s government disguising itself as the Security Service of Ukraine.

The campaign was brought to light by the Computer Emergency Response Team of Ukraine (CERT-UA), in a warning that disclosed that, if successful, the attack could deploy malware enabling remote desktop access.

So far, over 100 computers have been infected by the campaign since July 2024.

ANONVNC malware

CERT-UA has labelled the activity as UAC-0198, with the malware in use by the attackers being a modification of the MeshAgent remote management system. The attackers will send an email that appears to be from the Security Service of Ukraine which contains a ZIP file containing an MSI installer which is loaded with the malware named ANONVNC.

CERT-UA also warned that an additional threat actor tracked as UAC-0057 has been distributing PicassoLoader malware via phishing attacks, which eventually leads to the deployment of Cobalt Strike Beacon software.

In a statement on the attacks, CERT-UA warned, “It is reasonable to assume that the objects of interest of UAC-0057 could be both specialists of project offices and their 'contractors' from among the employees of the relevant local governments of Ukraine.”

A further threat actor, UAC-0102 has been running a campaign using phishing emails containing HTML attachments that appear to be the UKR.NET login page, but any credentials entered are stolen by the attackers.

Ukraine has been increasingly targeted by cyber attacks since Russia’s invasion in February 2022, with several attempts to knock out key infrastructure such as mobile networks and internet service providers proving successful.

Via TheHackerNews

More from TechRadar Pro

Benedict Collins
Staff Writer (Security)

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division),  then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.