Emails run two malicious programs on your computer at once.
The government team for responding to computer emergencies in Ukraine CERT-UA has registered the sending of dangerous letters to the state authorities of our country with the topic “Wage arrears”. This was reported by the State Special Communications Service.
Read also: The Russian aviation has another problem: hackers have irrevocably “killed” the Rosaviatsia database
The appendix to the letter contains the document “Wage arrears.xls”, which contains legitimate statistics and macros. At the same time, coded data has been added to the said document as an attachment. After activation, the macro will decode them, create an EXE file Base-Update.exe on the computer and run it, “- said in a statement.
This file launches another bootloader, which in turn will download and run two malicious programs on your computer: GraphSteel and GrimPlant.
It is noted that the detected activity is associated with the activities of the UAC-0056 group.
It will be recalled that on March 29, the network of the Ukrtelecom telecommunications company experienced a powerful cyber attack from the Russian Federation . The vast majority of users were denied access to the Internet.
See special topic: The Netherlands, Belgium and the Czech Republic expel Russian diplomats for espionage In addition, Ireland expels Russian embassy staff for “violation of standards of diplomatic conduct.” Russian troops launch missiles at airfield in Khmelnytsky region As a result of the missile strike, strategic reserves of fuel and lubricants were destroyed. The United States commented on the talks between Ukraine and Russia: “There is what Russia is saying and there is what it is doing .” After the talks, Russia announced a “drastic reduction in hostilities” in two areas. But the ceasefire is still out of the question . Today's meeting was called constructive. Russian occupiers kidnap the mayor of the Naked Pier in the Kherson region The prosecutor's office has launched criminal proceedings.