New cyber attack: criminals send letters from compromised mailboxes of government agencies

The subject of the letter states “the humanitarian situation in Ukraine.”

Government computer emergency response team CERT-UA of Ukraine warned about a new cyber attack. Criminals mass-send letters with the subject “Joint official report on the humanitarian situation. Ukraine,” reports the State Special Communications Service in Telegram.

Read also: In two weeks, the Ukrainian IT army attacked 800 resources of the occupiers

Letters are sent from compromised e-mail boxes of state bodies. They contain an attachment in the form of an XLS document called “Humanitarian catastrophe of Ukraine since February 24, 2022.xls”.

This document contains a macro, the activation of which leads to the launch of the baseupd.exe file. Executing the file will infect your computer with the Cobalt Strike Beacon malware.

The attack has been linked to the UAC-0056 group, which is believed to be responsible for last week's cyber attack.

CERT-UA specialists are taking measures to establish the circumstances of the compromise of e-mail accounts, as well as to block the malware management server. To strengthen protection, it is recommended to use multi-factor authentication for e-mail.

We remind you that previously, experts recorded an attack that was carried out by sending letters with “vacancies in the specialized prosecutor's office”.

See special topic: The Russians bombed Mykolaiv with rockets in the morning: they hit medical facilities and residential buildings Currently, there is no information about the victims, only about the wounded. In Russia, they plan to recruit convicts for PMK “Wagner” and the war in Ukraine There is an acute shortage of personnel in the Russian army. The Ukrainian Armed Forces destroyed another 70 Russian invaders Mykolaiv direction was the most difficult for the enemy yesterday. In the State Duma, Zelenskyi's order to liberate the south was called “political agony” In Moscow, they continue to state that the Armed Forces lack “power and capabilities”, while with the help of Western anti-aircraft missiles our defenders take these forces and opportunities from the Rashists every day. Community equipment “disappears” in the occupied cities of Luhansk region – Gaidai The military commandant of the invaders “surveys” enterprises, administrative buildings and housing stock in the captured cities, after which suddenly property disappears.

Based on materials: ZN.ua

Share This Post