Ukraine’s Computer Emergency Response Team has warned of a new phishing campaign that masquerades as the Security Service of Ukraine to distribute malware capable of remote desktop access.
The agency is tracking the activity under the name UAC-0198.
More than 100 computers, including those related to government bodies in the country, are estimated to have been infected since July 2024.
The attack chains involve the mass distribution of emails to deliver a ZIP archive file containing an MSI installer file, the opening of which leads to the deployment of malware called ANONVNC. ANONVNC, based on an open-source remote management tool called MeshAgent, allows for stealthy unauthorized access to the infected hosts.
This development comes as CERT-UA attributed the hacking group UAC-0102 to phishing attacks that propagated HTML attachments mimicking the login page of UKR.NET to steal users’ credentials.
The attacks have been linked to a threat actor tracked as UAC-0057.
Read More ( Click Here )
[…] threat actors target social media accounts for various reasons, including launching phishing attacks and spreading […]