Russian hackers from the UAC-0050 group are sending e-mails with embedded malware to Ukrainians, taking advantage of the situation with Kyivstar. The mass mailing was noticed by experts of the Governmental Computer Emergency Response Team of Ukraine CERT-UA.
Russian hackers send emails with malware, using an attack on Kyivstar
The e-mails of Ukrainians received letters regarding "Debts under the Kyivstar contract", which contained attachments in the form of the "Subscriber's Debt.zip" archive with attachments in the form of attached password-protected RAR archives, the message says.
CERT-UA specialists also recorded sending letters with the subject "Request from the SSU" and the attachment "Documents.zip". It is noted that the attachment contains a password-protected RAR archive, "Zapyt.rar", with the file "Zapyt.exe". If users open the archive and run the file, their device will be infected with the RemcosRAT remote access program.
This is not the first such attack by the UAC-0050 group. Recently, cybercriminals have been sending letters about "lawsuits" and "debts." Users from Ukraine and Poland became the object of the attack, the State Special Communications Service of Usaid.
CERT-UA specialists recommend filtering emails with password-protected attachments.
Cyber attack on Kyivstar
On the morning of December 12, "Kyivstar" subscribers reported the disappearance of mobile Internet and communication.
Later, the company reported that a large-scale cyber attack had been carried out on "Kyivstar".
Russian hackers from the "Solntsepek" group, a Russian military intelligence hacker unit, took responsibility for the cyber attack on the operator.
From December 13, the company gradually restored voice communication, mobile Internet, SMS services, mobile Internet in Kyiv and Kharkiv subways, and roaming.
More on the topic
- Category
- Ukraine
- Publication date
- Додати до обраного
