The Laptop Emergency Response Staff of Ukraine (CERT-UA) has warned of a brand new phishing marketing campaign that masquerades because the Safety Service of Ukraine to distribute malware able to distant desktop entry.
The company is monitoring the exercise beneath the title UAC-0198. Greater than 100 computer systems are estimated to have been contaminated since July 2024, together with these associated to authorities our bodies within the nation.
The assault chains contain the mass distribution of emails to ship a ZIP archive file containing an MSI installer file, the opening of which ends up in the deployment of malware known as ANONVNC.
ANONVNC, which relies on an open-source distant administration software known as MeshAgent, permits for stealthy unauthorized entry to the contaminated hosts.
The event comes as CERT-UA attributed the hacking group UAC-0102 to phishing assaults propagating HTML attachments that mimic the login web page of UKR.NET to steal customers’ credentials.
Over the previous few weeks, the company has additionally warned of a surge in campaigns distributing the PicassoLoader malware with the top objective of deploying Cobalt Strike Beacon on compromised programs. The assaults have been linked to a risk actor tracked as UAC-0057.
“It’s cheap to imagine that the objects of curiosity of UAC-0057 could possibly be each specialists of mission workplaces and their ‘contractors’ from among the many workers of the related native governments of Ukraine,” CERT-UA mentioned.