Hackers send emails to Ukrainian military and civil servants containing a link to a page that imitates the UKR.NET website. In this way, the attackers are trying to hijack email accounts. This was warned by the State Special Communication Service, UNN reports.
Details
Experts explain that the use of public email services, along with corporate email accounts, is a fairly common practice among government officials, military personnel, and employees of other Ukrainian businesses and organizations.
With this in mind, and given the lack of security features to verify emails, such services are used by malicious actors.
Thus, during July 2024, the UAC-0102 group distributed emails with attachments in the form of archives containing an HTML file, opening which redirects the user to a web resource that imitates the UKR.NET service web page. In case of entering the login and password, the authentication data will be sent to the attackers, and the following document will be downloaded to the victim's computer as a bait
Addendum
The analysts gave a number of tips to help protect against hacker attacks:
- enable two-factor authentication;
- avoid using public mail services from company computers;
- configure a filter to redirect copies of incoming emails to the corporate email address, which will allow you to analyze the email, albeit retrospectively, with the available security tools.
Recall
Intelligence agencies of the United States, Britain, and South Korea have exposed the DPRK's cyber espionage campaign . Hackers attacked defense companies in an attempt to obtain data on nuclear and missile technologies.