Hackers from Belarus are attacking Ukrainian project offices and local self-government bodies. They used a malicious program to obtain the necessary data.
Points of attention
- Belarusian hackers have increased cyber attacks on Ukrainian project offices and local self-government bodies using malicious programs to steal financial and economic data.
- Hackers are adapting quickly to new protection methods by using decoy files and disguising them as legitimate updates, posing a significant threat to cybersecurity.
- Russian hackers are also intensifying cyber attacks on Ukrainian military phones, utilizing messengers and social engineering to spread malware and target Windows software.
Belarusian hackers intensified attacks on Ukrainian state websites
This was reported by the press service of the State Special Communications.
The government response team CERT-UA recorded a surge in activity of the Belarusian hacker group UAC-0057 between July 12 and 18.
The attackers used their typical combination of the PICASSOLOADER malware and the Cobalt Strike Beacon backdoor, sending out decoy documents with malicious macros.
According to the State Intelligence Service, the discovered documents testify to hackers' interest in financial and economic indicators, taxation, as well as the reform of local self-government bodies.
We call on specialists of project offices and employees of local self-government bodies to be especially attentive and immediately contact CERT-UA in case of suspicious activity.
Hacker attacks in Ukraine: what is known
The day before, Russian hackers hacked FleepBot, a post automation service. Cybercriminals attacked a number of Ukrainian Telegram channels.
In addition, Russian hackers intensified attacks on Ukrainian military phones. Experts talked about the specifics of the attacks and how to protect yourself.
Russian hackers have increased the number of cyberattacks on mobile devices of the Ukrainian military. In the second half of 2023, hackers associated with the GRU of the Russian Federation actively used messengers and social engineering to spread malware.
Features of Russian attacks on mobile devices:
legitimate products are used as disguises: hackers disguised spyware as legitimate software installers, such as the Nettle situational awareness system;
malicious software (software) is distributed through Signal and Telegram: attackers used these messengers to distribute malicious files, disguising them as cyber security instructions from CERT-UA;
react and adapt quickly: hackers quickly responded to new protection methods and developed new attack vectors;
target Windows software: most messenger attacks were aimed at distributing Windows malware, as many military personnel use desktop versions of messengers;
use decoy files: attackers distributed malicious programs in the form of Zip or Rar archives, disguising them as updating certificates for the Delta situational awareness complex.
