Summary: CERT-UA reported three cyber attacks targeting Ukraine’s state administration and critical infrastructure, using phishing emails to steal sensitive data. The attacks involve compromised email accounts sending links that download a Visual Basic Script (VBS) loader to execute a PowerShell script. This campaign, linked to a threat cluster named UAC-0219, has been ongoing since at least fall 2024 and utilizes various malware techniques, including the VBS loader named WRECKSTEEL.
Affected: Computer Emergency Response Team of Ukraine (CERT-UA), Ukrainian state administration bodies, and critical infrastructure facilities
Keypoints :
- Phishing emails aimed at creating urgency regarding salary cuts were used to deceive recipients.
- The VBS loader downloads a PowerShell script to extract files and capture screenshots.
- Other threat actors, like Head Mare and Unicorn, have also been targeting Russian entities with various malware strategies.
- Operation HollowQuill targets academic and governmental networks in Russia using weaponized decoy documents.
Source: https://thehackernews.com/2025/04/cert-ua-reports-cyberattacks-targeting.html