Skip to content

Ukraine Warns of Pro-Russian Hackers' Sophisticated Phishing Attacks

Pro-Russian hackers are targeting Ukraine's defense sectors with advanced malware. Stay vigilant against phishing emails to protect your organization.

In this picture, we see the missiles. At the bottom, we see the boards in white color. In the left...
In this picture, we see the missiles. At the bottom, we see the boards in white color. In the left bottom, we see a poster in red and grey color is pasted on the board. We see some text printed on the poster. At the top, it looks like the roof and it is in white color.

Ukraine Warns of Pro-Russian Hackers' Sophisticated Phishing Attacks

Ukraine's cybersecurity agency, CERT-UA, has issued a warning about ongoing phishing attacks by a pro-Russian hacker group, UAC-0099. The group has been active since mid-2022, targeting government and defense sectors with advanced malware protection tools.

The attack chain involves a complex series of steps. It begins with a double archive containing an HTA file, which is used to run an obfuscated VBScript. This script then executes PowerShell code, ensuring the malware protection evades detection. Scheduled tasks are created to maintain persistence.

UAC-0099's arsenal includes several C# malware protection tools. DRAGSTARE is a stealer that gathers system and browser data, executes PowerShell commands, and evades virtual machines. MATCHBOIL is a loader that fetches and runs additional payloads, gathers system data, and ensures persistence. MATCHWOK is a backdoor that executes PowerShell commands, avoids analysis tools, and maintains persistence. These tools have been used in attacks in May and December 2023, including an exploit of a WinRAR flaw (CVE-2023-38831).

The group delivers its malware through phishing emails containing links to legitimate file services. This tactic has proven effective in targeting Ukrainian defense sectors.

CERT-UA's warning highlights the ongoing threat posed by UAC-0099. Organizations in Ukraine's government and defense sectors are urged to remain vigilant against phishing emails and to implement robust malware protection measures to protect against these sophisticated attacks.

Read also:

Latest