Three Ukrainian cybersecurity agencies have warned last week of a “massive” spear-phishing operation carried out by Russian threat actors against the Ukrainian government and private sector.
The spear-phishing operation posing as Kyiv patrol police warning on tax payments took place in early June last week, according to alerts published by the Ukrainian Secret Service, Ukrainian Cyber Police, and CERT Ukraine.
Recipients were urged to download a RAR archive included in the email, which, when decompressed, would drop an EXE file with a double extension (filename.pdf.exe) that tried to pass as a PDF file. Inturn ran a malicious remote access software that connect C2C in Russia, Germany, Netherland
Ukrainian officials have urged local organizations to scan their networks for indicators of compromise (IOCs) published on the Ukrainian Secret Service website and in a Facebook post by CERT Ukraine.
Russian Ukrainian affair not started recently and it’s been running for a while incidents include the NotPetya and Bad Rabbit ransomware outbreaks, and the attacks that shut down parts of the Ukraine power grid in 2015 and 2016, there have been hundreds of smaller attacks throughout the recent years.
Gamaredon compromised a government file-sharing system as part of an attempt to disseminate malicious documents to other government agencies through one of the Ukraine government’s own internal systems.