Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime

Hackers Posing as Ukrainian Ministry Deploy Info Stealers

Spoofed Polish Police Websites Also Found
Hackers Posing as Ukrainian Ministry Deploy Info Stealers
Image: The Computer Emergency Response Team of Ukraine

Ukrainian and Polish cyber defenders are warning against a slew of phishing websites that mimic official sites, in particular a page that mimics the Ministry of Foreign Affairs of Ukraine.

See Also: OnDemand | Combatting Rogue URL Tricks: How You Can Quickly Identify and Investigate the Latest Phishing Attacks

A hacking group likely comprised of Russian speakers uses the pages to lure users into downloading software putatively for "scanning infected PCs on viruses."

The Computer Emergency Response Team of Ukraine tracks the threat group as UAC-0114, aka Winter Vivern. The downloaded software executes several PowerShell scripts, one of which scans for files including Microsoft Office documents, PDFs, log files and Remote Desktop Connection Manager configuration. The malware also takes screenshots, exfiltrates data and establishes persistence.

The threat group has copied web pages of the Security Service of Ukraine and the Polish Police. Poland, a key Ukrainian ally and staging ground for military aid, has contended with an increase in hostile Russian activity in cyberspace following Russia's February 2022 invasion of Ukraine.

Close observers of Russian activity in Ukrainian cyberspace have concluded that Moscow's main objective there is intelligence collection rather than destruction.

The United States on Friday announced an additional $2 billion in security assistance for Ukraine, including additional ammunition for High Mobility Artillery Rocket Systems, anti-aircraft weapons and technology to counter unmanned aerial systems.


About the Author

Mihir Bagwe

Mihir Bagwe

Principal Correspondent, Global News Desk, ISMG

Bagwe previously worked at CISO magazine, reporting the latest cybersecurity news and trends and interviewing cybersecurity subject matter experts.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.