Tag: CERTUA

PicassoLoader and njRAT Detection: UAC-0057 Hackers Perform a Targeted Attack Against Ukrainian Public Entities
PicassoLoader and njRAT Detection: UAC-0057 Hackers Perform a Targeted Attack Against Ukrainian Public Entities

Cybersecurity researchers issue a heads-up covering a new targeted cyber attack by the UAC-0057 group against Ukrainian public officials leveraging XLS files that contain a malicious macro spreading PicassoLoader malware. The malicious loader is capable of dropping another malicious strain dubbed njRAT to spread the infection further. PicassoLoader and njRAT Malware Distribution by UAC-0057 Hackers: […]

Read More
MAGICSPELL Malware Detection: UAC-0168 Hackers Launch a Targeted Attack Using the Subject of Ukraine’s NATO Membership as a Phishing Lure 
MAGICSPELL Malware Detection: UAC-0168 Hackers Launch a Targeted Attack Using the Subject of Ukraine’s NATO Membership as a Phishing Lure 

CERT-UA researchers recently uncovered a fraudulent copy of the English-language version of the Ukrainian World Congress website at https://www.ukrainianworldcongress.org/. The fake web resource contains a couple of DOCX documents that trigger an infection chain once opened. As a result of the attack chain, hackers can deploy MAGICSPELL payload intended to download, decipher, and maintain the […]

Read More
CVE-2020-35730, CVE-2021-44026, CVE-2020-12641 Exploit Detection: APT28 Group Abuses Roundcube Flaws In Spearphishing Espionage Attacks
CVE-2020-35730, CVE-2021-44026, CVE-2020-12641 Exploit Detection: APT28 Group Abuses Roundcube Flaws In Spearphishing Espionage Attacks

With the ongoing russian cyber offensive operations targeting Ukraine and its allies, the aggressor is continuously launching cyber-espionage campaigns against state bodies and other organizations representing critical infrastructure. Less than a week after CERT-UA researchers warned of a spike in cyber-espionage attacks by russia-linked Shuckworm group, another nefarious hacking group comes back to the scene.  […]

Read More
PicassoLoader and Cobalt Strike Beacon Detection: UAC-0057 aka GhostWriter Hacking Group Attacks the Ukrainian Leading Military Educational Institution
PicassoLoader and Cobalt Strike Beacon Detection: UAC-0057 aka GhostWriter Hacking Group Attacks the Ukrainian Leading Military Educational Institution

On June 16, 2023, CERT-UA researchers issued a new alert covering the recently discovered malicious activity targeting the National Defense University of Ukraine, named after Ivan Cherniakhovskyi, the country’s leading military educational institution. In this ongoing campaign, threat actors spread PicassoLoader and Cobalt Strike Beacon on the compromised systems via a malicious file containing a […]

Read More
Shuckworm Espionage Group Attack Detection: russia-backed Threat Actors Repeatedly Attack Ukrainian Military, Security, and Government Organizations
Shuckworm Espionage Group Attack Detection: russia-backed Threat Actors Repeatedly Attack Ukrainian Military, Security, and Government Organizations

Since russia’s full-scale invasion of Ukraine, the aggressor’s offensive forces have launched an avalanche of cyber-espionage campaigns against Ukraine and its allies, mainly targeting government agencies and frequently leveraging the phishing attack vector. The infamous hacking collective dubbed Shuckworm (Armageddon, Gamaredon), which is known to have links with russia’s FSB, has been observed behind a […]

Read More
Asylum Ambuscade Attack Detection: Hacking Collective Engaged in Multiple Cyber-Espionage and Financially-Motivated Cybercrime Campaigns
Asylum Ambuscade Attack Detection: Hacking Collective Engaged in Multiple Cyber-Espionage and Financially-Motivated Cybercrime Campaigns

On February 24, 2022, a little more than a year ago, the russian federation started an offensive invasion of Ukraine by land, air, and sea. The war escalated in cyberspace as well. As a result, we are now witnessing the first-ever full-fledged cyber war in human history, with multiple offensive counterparts engaged in attacks against […]

Read More
UAC-0099 Activity Detection: Hackers Conduct Cyber-Espionage Operations Against Ukrainian State Bodies and Media Organizations
UAC-0099 Activity Detection: Hackers Conduct Cyber-Espionage Operations Against Ukrainian State Bodies and Media Organizations

Just a couple of weeks ago, CERT-UA raised awareness among the global cyber defender community about an ongoing cyber-espionage campaign targeting Ukraine and organizations in Central Asia linked to the UAC-0063 group. In early June, CERT-UA researchers issued another alert covering the long-term cyber-espionage activity mainly exploiting the email attack vector and targeting Ukrainian government […]

Read More
Detect SmokeLoader Malware: UAC-0006 Strikes Again to Target Ukraine in a Series of Phishing Attacks
Detect SmokeLoader Malware: UAC-0006 Strikes Again to Target Ukraine in a Series of Phishing Attacks

Hot on the heels of the massive phishing attacks launched by UAC-0006 at the beginning of  May 2023, CERT-UA warns cyber defenders of a new wave of cyber attacks resulting in SmokeLoader infections. The latest investigation indicates that adversaries increasingly spread phishing emails with financial subject lures and use ZIP/RAR attachments to drop malicious samples […]

Read More
UAC-0063 Cyber-Espionage Activity Detection: Hackers Target Organizations in Ukraine, Kazakhstan, Kyrgyzstan, Mongolia, Izrael, and India to Gather Intelligence
UAC-0063 Cyber-Espionage Activity Detection: Hackers Target Organizations in Ukraine, Kazakhstan, Kyrgyzstan, Mongolia, Izrael, and India to Gather Intelligence

Since the outbreak of the full-scale war in Ukraine, cyber defenders have identified the growing volumes of cyber-espionage campaigns aimed at collecting intelligence from the Ukrainian state bodies. On May 22, 2023, CERT-UA researchers issued a new alert warning the global cyber defender community of an ongoing cyber-espionage campaign targeting the information and communication system […]

Read More
SmokeLoader Malware Detection: UAC-0006 Group Reemerges to Launch Phishing Attacks Against Ukraine Using Financial Subject Lures
SmokeLoader Malware Detection: UAC-0006 Group Reemerges to Launch Phishing Attacks Against Ukraine Using Financial Subject Lures

The financially-motivated hacking collective tracked as UAC-0006 comes back to the cyber threat arena exploiting the phishing attack vector and distributing the SmokeLoader malware. According to the latest CERT-UA cybersecurity alert, threat actors massively distribute phishing emails exploiting the compromised accounts with the financially related email subject and using a malicious ZIP attachment to deploy […]

Read More