The emails come with an HTML file attachment ("War Criminals of the Russian Federation.htm"), opening which culminates in the download and execution of a PowerShell-based implant on the infected host.ĬERT-UA attributed the attack to Armageddon, a Russia-based threat actor with ties to the Federal Security Service (FSB) that has a history of striking Ukrainian entities since at least 2013. In another social engineering campaign observed by Ukraine's Computer Emergency Response Team (CERT-UA), war-related email lures were sent to Ukrainian government agencies to deploy a piece of espionage malware. The modus operandi mirrors that of an earlier phishing attack that was disclosed in early March that leveraged compromised inboxes belonging to different Indian entities to send phishing emails to users of Ukr.net to hijack the accounts.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |