Enemy hackers have carried out another large-scale cyber attack, targeting the local self-government bodies of Ukraine. About this reported State Service of Special Communications and Information Protection.
Attackers send phishing emails with the subject line “Spreadsheet Replacement” that contain a link to a purported Google Spreadsheet. In fact, the link leads to a site with “instructions” for running malicious code. Specialists explain that after clicking on the link, the user gets to a page that simulates a bot check. By clicking on “I’m not a robot” and performing the specified actions, the user activates a malicious script that can:
- download and create a tunnel to access the device;
- steal data from browsers (Chrome, Edge, Opera, Firefox, etc.);
- install malicious software.
The computer emergency response group CERT-UA suggests that the hacker group UAC-0001 (APT28), which has ties to the special services of the Russian Federation, is behind the attack.
It was previously reported that in Telegram, fraudsters spread viruses through the fake Reserve+ bot, offering to download “special software” that steals files from devices. Hackers also sent malicious software to servicemen of the Armed Forces under the guise of offers for recruitment to the 3rd Special Forces Brigade and the IDF.
