The Government Emergency Response Team of Ukraine CERT-UA, operating under Gosspetssvyaz, reported the distribution of dangerous e-mails with the subject “Unified Official Report on the Humanitarian Situation. Ukraine”.
“The letters come from compromised e-mail addresses of state structures of Ukraine and contain attachments entitled “Humanitarian catastrophe of Ukraine since February 24, 2022″ in the form of an XLS document,” the press service of Gosspetssvyaz reported on Monday.
“The document contains a macro, the activation of which will lead to the launch of the file “baseupd.exe”, its execution will lead to the defeat of the computer by the malicious program Cobalt Strike Beacon”, – warned experts.
Activity is tracked by identifier UAC-0056. Gosspetssvyaz noted that these attackers had already carried out a cyberattack last week.
The governmental emergency response team of Ukraine CERT-UA, operating under the State Service for Special Communications and Information Protection, warns of a mass mailing of dangerous emails with the subject line “LIST of links to interactive maps.”
“Mailing lists are carried out, in particular, among Ukrainian media organizations (radio stations, newspapers, news agencies, etc.). More than 500 recipient addresses have been identified. Emails contain an attachment in the form of a LIST of links to interactive maps.docx document, the opening of which may result in the download of the CrescentImp malware,” the message posted on the CERT-UA website on Friday evening reads.
Experts warn that attackers are increasingly resorting to sending emails to compromised government email addresses.
Said hacking activity is tracked by UAC-0113 (medium confidence associated with the Sandworm group).
This group was involved in organizing a large-scale hacker attack on the energy sector of Ukraine in April of this year.
