Polish and Ukrainian officials received fake emails from seemingly valid governmental accounts, with subjects regarding "debts" and "legal claims" - an investigation by the Computer Emergency Response Team of Ukraine (CERT-UA) discovered. The attachments of these messages had a form of malware-infused RAR archives. When opened, these files were intended to infect users' computers with dangerous malware: RemcosRAT or MeduzaStealer.
As CERT-UA reports - the emails came from legitimate government mailboxes that had been compromised earlier, and in many cases they were sent from the gov.ua domain. Measures are now being taken to localize and counteract the cyber threat - The Kyiv Independent wrote.
The malware used could enable the hackers to remotely access the infected devices and exfiltrate data. It is also adept at evading antivirus systems. Such tools have already been used by UAC-0050 in their campaigns targeting Ukraine earlier this year - when the hacker group emails impersonated the Security Service of Ukraine, the Pechersk Court and Ukraine's monopolist telephone company Ukrtelecom - a cybersecurity-focused SC Media website informs.
Although UAC-0050 has previously leveraged Russian firm REG.RU for domain registration, it has not yet been linked to a specific nation-state actor.
Source: - The Kyiv Independent, SC Media