Hackers masquerading as the Security Service of Ukraine have compromised over 100 government systems.
The Computer Emergency Response Team of Ukraine (CERT-UA) at the State Service of Special Communications and Information Protection (SSSCIP) reported the incident on August 12, highlighting the sophisticated tactics employed by the attackers.
Malicious Emails Target Government Bodies
The attack began with a mass distribution of emails containing malicious software. These emails, crafted to appear as official communications from the Security Service of Ukraine, included a link to download a file named “Documents.zip.”
Upon clicking the link, recipients inadvertently downloaded an MSI file that deployed the ANONVNC malware. This malware grants attackers stealthy, unauthorized access to the victim’s computer, enabling them to maneuver undetected within the compromised systems.
Are you from SOC and DFIR Teams? Analyse Malware Incidents & get live Access with ANY.RUN -> Get 14 Days Free Access
CERT-UA’s investigation revealed that the attack primarily targeted central and local government bodies, with more than 100 computers affected. The malicious activity has been tracked under the identifier UAC-0198, providing a crucial lead for cybersecurity experts working to contain the breach.
In response to the attack, CERT-UA has swiftly implemented urgent measures to mitigate the threat. The team is actively working to isolate the affected systems, prevent the further spread of the malware, and secure the compromised networks.
CERT-UA has also issued alerts and guidelines to government agencies to enhance their cybersecurity defenses and prevent future incidents.
Ongoing Investigation and Security Recommendations
The investigation into the breach is ongoing, with CERT-UA collaborating with international cybersecurity experts to trace the attack’s origins and identify the perpetrators.
In the meantime, CERT-UA advises all government bodies and organizations to remain vigilant, update their security protocols, and educate their staff about the risks of phishing emails and other cyber threats.
This incident underscores the growing sophistication of cyberattacks and the critical need for robust cybersecurity measures to protect sensitive government information.
As the investigation unfolds, authorities remain committed to safeguarding Ukraine’s digital infrastructure against future threats.
Download Free Cybersecurity Planning Checklist for SME Leaders (PDF) – Free Download