Celebrating Milestones and Shared Success As we approach 2024, let’s take some time to reflect on our shared accomplishments and look forward to even more significant successes in the coming year. Over the past year, our joint endeavors have been focused on shaping a secure tomorrow, driven by the collective strength of the global cybersecurity […]
Cybersecurity analysts are observing a substantial increase in malicious activities targeting Ukraine’s public and private sectors, where attackers often resort to phishing vectors as their primary strategy for initiating intrusions. CERT-UA notifies cyber defenders of ongoing attacks against Ukrainian organizations leveraging Kyivstar and the Security Service of Ukraine phishing lures. The infamous UAC-0050 group aims […]
Adversaries set their eyes on a notorious security flaw in Log4j Java Library tracked as CVE-2021-44228, aka Log4Shell, even a couple of years after its disclosure. A new campaign dubbed āOperation Blacksmithā involves the exploitation of the Log4Shell vulnerability to deploy new malicious strains written in DLang, including novel RATs. The North Korean APT Lazarus […]
Less than a week after a phishing campaign by UAC-0050 spreading Remcos RAT, the group attempted to launch another offensive operation. In the newly uncovered massive email distribution campaign, UAC-0050 hackers target the Ukrainian and Polish public sectors, leveraging the nefarious Remcos RAT and another malware strain dubbed Meduza Stealer. UAC-0050 Attack Description: Activity Covered […]
Heads up! Recent Cactus ransomware attacks are getting into the spotlight. Hackers exploit critical Qlik Sense vulnerabilities to further deliver Cactus ransomware. In other ransomware campaigns, they leverage malvertising lures to spread DanaBot malware for initial access to compromised systems.Ā Detecting Cactus Ransomware Infections Ransomware operators are constantly seeking new ways to proceed with payload […]
The infamous hacking group known as UAC-0006 has been launching offensive operations against Ukraine since 2013 primarily driven by financial gain. CERT-UA researchers recently issued a compiled overview of the groupās adversary activity aimed at raising cybersecurity awareness and minimizing risks. The group is notorious for committing financial theft by leveraging malware like SmokeLoader to […]
Hard on the heels of the phishing attack impersonating the Security Service of Ukraine and using Remcos RAT, the hacking collective identified as UAC-0050 launched another adversary campaign against Ukraine leveraging the phishing attack vector. In these attacks targeting 15,000+ users hackers massively send emails with a subject and attachment lures related to a summons […]
Defenders observe a new phishing attack, in which adversaries weaponize a russian-language Microsoft Word document to distribute malware that can extract sensitive data from targeted Windows instances. Hackers behind this offensive campaign belong to a North Korean group dubbed Konni, which shares similarities with a cyber-espionage cluster tracked as Kimsuky APT. Detect Konni Group Attacks […]
A critical vulnerability impacting Citrix NetScaler ADC and Gateway products tracked as CVE-2023-4966 is actively exploited in real-world attacks despite its patching in October 2023. Due to a surge in LockBit 3.0 ransomware attacks weaponizing this flaw dubbed Citrix Bleed vulnerability, CISA and FBI, in collaboration with other international authorities, recently released a joint advisory […]
CERT-UA researchers have recently published a novel heads-up that covers ongoing phishing attacks against Ukraine involving distribution of Remcos RAT. The group in charge of this offensive campaign, which involves massively distributing spoofing emails with a false sender identity masquerading as the Security Service of Ukraine, is tracked as UAC-0050. UAC-0050 Attack Analysis Covered in […]