Summary: Ukraine’s CERT-UA has reported a widespread email campaign distributing malware disguised as communication from the Security Service of Ukraine. The malware, ANONVNC, enables unauthorized access to victims’ devices, affecting over 100 systems within government entities.
Threat Actor: UAC-0198 | UAC-0198
Victim: Ukrainian Government | Ukrainian Government
Key Point :
- Mass distribution of malicious emails impersonating Ukraine’s Security Service.
- Malware named ANONVNC allows attackers to gain unauthorized access to devices.
- Over 100 devices within government bodies have been compromised.
- CERT-UA advises users to report suspicious activities and is actively mitigating the threat.
On Aug. 12, Ukraine’s Computer Emergency Response Team (CERT-UA) discovered a mass distribution of emails carrying malicious software posing as the country’s Security Service (SSU).
The emails contain a link to download a file called “Document.zip” that, once clicked on, triggers a download of the MSI-file. This file launches a malware called ANONVNC that, when opened, allows attackers to gain unauthorized access to a victim’s device.
CERT-UA has identified more than 100 affected devices within central and local government bodies and urges everyone to be cautious and attentive. It recommends that users contact CERT-UA if suspicious of any activity.
The activity is tracked as UAC-0198, and CERT-UA is taking measure to mitigate the threat.