Hackers from Belarus attacked Ukrainian public sector: sent out decoy documents
25 July 2024 04:25
Hackers from Belarus attacked Ukrainian project offices and local governments. They used malware to obtain the necessary data. This is reported by "Komersant Ukrainian" with reference to the press service of the State Special Communications Service.
It is noted that the government’s CERT-UA response team recorded a surge in the activity of the Belarusian hacker group UAC-0057 between 12 and 18 July.
“The attackers used their typical combination of PICASSOLOADER malware and Cobalt Strike Beacon backdoor, sending out decoy documents with malicious macros,” the statement said.
The content of the detected files (“oborona.rar”, “66_oborona_PURGED.xls”, “trix.xls”, “equipment_survey_regions_.xls”, “accounts.xls”, “spreadsheet.xls”, “attachment.xls”, “Tax_2024.xls”) concerned the reform of local governments (USAID/DAI HOVERLA project), taxation, and financial and economic indicators.
According to the State Service for Special Communications, the documents found indicate that the hackers were interested in financial and economic indicators, taxation, and local government reform.
The State Service for Special Communications called on project office specialists and local government employees to be especially attentive and immediately contact CERT-UA if they detect suspicious activity.
