russian hackers attacked users from Ukraine and Poland by sending them emails with malicious programs. This was reported by UNN with reference to the statement of the State Special Communications Service.
Details
In particular, a team of Ukrainian experts from CERT-UA, which operates under the State Special Communications Service, discovered that the APT28 group sent out emails with links to "documents" on December 15-25, which could lead to computer infection by malware.
Together with letters with the subject "Debts under the Kyivstar contract" and the attachment "Subscriber's debt.zip". When activated, users automatically download the RemcosRAT remote management program .
Hackers destroyed about 40% of Kyivstar's infrastructure - company president22.12.23, 15:50
In addition, the distribution of emails with the subject "SBU request" and the attachment "Documents.zip" was recorded. If such an archive is opened and executable files are run, the computer may be infected with RemcosRAT.
Addendum
Experts of the government response team once again remind that the security of the entire organization depends on each employee. Therefore, it is important to introduce a culture of cyber hygiene among employees.
Using strong passwords, multi-factor authentication, not clicking on any suspicious links, not using hacked programs or Russian software is the minimum required.
The agency reminded that hackers of the ART28 group (also known as Pawn Storm, Fancy Bear, BlueDelta), which a number of researchers associate with Russian special services, often direct their efforts against Ukraine.
Recall
One of the most active Russian hacker groups, Gamaredon, significantly increased the number of cyber operations against Ukraine in the first half of 2023.