English Section

Hacker group targets Polish officials by impersonating Ukrainian agencies

10.12.2023 09:50
The hacker group UAC-0050 used Ukrainian government agencies addresses to send hazardous emails to Polish state authorities - Ukraine's State Special Communications Service reported on the 8th of December.
Bild:David Whelan, CC0, via Wikimedia Commons

Polish and Ukrainian officials received fake emails from seemingly valid governmental accounts, with subjects regarding "debts" and "legal claims" - an investigation by the Computer Emergency Response Team of Ukraine (CERT-UA) discovered. The attachments of these messages had a form of malware-infused RAR archives. When opened, these files were intended to infect users' computers with dangerous malware: RemcosRAT or MeduzaStealer.

As CERT-UA reports - the emails came from legitimate government mailboxes that had been compromised earlier, and in many cases they were sent from the gov.ua domain. Measures are now being taken to localize and counteract the cyber threat - The Kyiv Independent wrote.

The malware used could enable the hackers to remotely access the infected devices and exfiltrate data. It is also adept at evading antivirus systems. Such tools have already been used by UAC-0050 in their campaigns targeting Ukraine earlier this year - when the hacker group emails impersonated the Security Service of Ukraine, the Pechersk Court and Ukraine's monopolist telephone company Ukrtelecom - a cybersecurity-focused SC Media website informs.

Although UAC-0050 has previously leveraged Russian firm REG.RU for domain registration, it has not yet been linked to a specific nation-state actor.


Source: - The Kyiv Independent, SC Media