The governmental emergency response team of Ukraine CERT-UA, operating under the State Service for Special Communications and Information Protection, warns of a mass mailing of dangerous emails with the subject line “LIST of links to interactive maps.”
“Mailing lists are carried out, in particular, among Ukrainian media organizations (radio stations, newspapers, news agencies, etc.). More than 500 recipient addresses have been identified. Emails contain an attachment in the form of a LIST of links to interactive maps.docx document, the opening of which may result in the download of the CrescentImp malware,” the message posted on the CERT-UA website on Friday evening reads.
Experts warn that attackers are increasingly resorting to sending emails to compromised government email addresses.
Said hacking activity is tracked by UAC-0113 (medium confidence associated with the Sandworm group).
This group was involved in organizing a large-scale hacker attack on the energy sector of Ukraine in April of this year.