Ukrainians warned of new cyber threats
17 December 2024 05:13
During November and December, the government’s Computer Emergency Response Team (CERT-UA) recorded a series of cyberattacks carried out by the UAC-009 hacker group. This was reported by the press service of the State Special Communications Service, "Komersant Ukrainian" reports
“During 2022-2023, the group gained unauthorized remote access to several dozen computers in Ukraine. This time, government organizations, including forestry, forensic institutions and industrial enterprises, were at risk,” the report says.
It is noted that attackers continue to use traditional methods to penetrate information systems: phishing emails with malicious attachments. However, attack methods and tools are constantly being improved.
This time, the attackers started using emails with attachments in the form of double archives with LNK or HTA files.
In this case, some archives could contain an exploit for the known WinRAR vulnerability CVE-2023-38831. This vulnerability allowed attackers to run malicious programs on the victim’s computer without their consent.
“It is obvious that UAC-0099 activity is carried out for the purpose of espionage, and the list of objects of interest, as well as the means of implementing the malicious intent, are changing. At the same time, the attackers continue to use Cloudflare to conceal and ensure infrastructure resilience,” CERT-UA said in a statement.
CERT-UA draws attention to the complication of the tools used by attackers. If earlier they used a simple VBS script LONEPAGE, now they use a more complex scheme with encryption and decryption of files on the infected machine.
In addition, cybercriminals continue to use Cloudflare services to hide their activities and increase infrastructure resilience.
