Ukrainian state registers are under threat: hackers attack notaries
26 February 08:55
Hackers are carrying out cyberattacks on Ukrainian notaries by sending dangerous emails to gain hidden remote access to their computers and further make unauthorized changes to state registers. This was reported by the State Service for Special Communications and Information Protection of Ukraine, "Komersant Ukrainian" reports
Since January 2025, the government’s computer emergency response team CERT-UA has been recording the renewed activity of the criminal group UAC-0173.
Experts took immediate measures and, with the assistance of the Notary Chamber of Ukraine, promptly identified the affected computers in six regions of Ukraine. However, it is possible that cyberattacks will continue in the future.
How hackers attack
CERT-UA, while studying information about cyber incidents, observes an increase in the number of cyber attacks using Pterodo malware from the Armageddon/Gamaredon hacker group, which is associated with the Russian government.
The most recent cyberattacks featured the use of an electronic document management system based on the ASKOD software, which is used by a large number of organizations in Ukraine, to distribute infected Microsoft Word files.
Follow us on Telegram: the main news in a nutshell
Attackers send infected documents to organizations that use ASKOD. For this purpose, either compromised accounts of ASKOD users can be used, or users from Pterodo-infected computers send infected documents themselves without knowing it.
“The use of unupdated/unlicensed versions of Microsoft Office in electronic document management systems on workstations or servers and the lack of installed anti-virus software is a potential critical threat that was used by attackers to infect servers running ASKOD,” CERT-UA noted.
According to them, the documents sent in this way contained malicious code to exploit the known Microsoft Office CVE-2017-0199 vulnerability, which allows an attacker to execute arbitrary code on a user’s device when an infected file is opened.
In addition, the attackers used phishing emails with malicious attachments to infect the devices. Users of the infected devices unknowingly created documents containing malicious code and sent them via legitimate work email, increasing the likelihood of opening malicious emails.
Consequences of cyberattacks
The negative consequences of such cyberattacks, in the absence of anti-virus software or untimely installation of software updates used on workstations and servers of organizations, may include
- attackers gain administrative access to the infected server and/or workstations (backdoor placement);
- infected servers and workstations become a source of further spread of the CSP to other information and telecommunication systems of government agencies;
- an attacker’s access to infected resources can lead to information leakage (files, electronic documents, account passwords, etc.);
- at the final stage of a cyberattack, data or file system encryption may occur to conceal the attacker’s actions or to demand a ransom for decryption.
Experts advise using only licensed software and updating it in a timely manner, and, if necessary, contacting CERT-UA and reporting cybersecurity incidents.
Follow us on Telegram: the main news in brief
