The government's computer emergency response team CERT-UA, which operates under the State Special Communications Service, warns of a new cyber threat against the Ukrainian Defense Forces. Enemy hackers are using social engineering to conduct cyberattacks against the Armed Forces. They can send messages with the content "We offer a new position abroad." This was reported by the State Communications Service, UNN reports.
Details
The attackers send malicious files via the Signal messenger, disguising them as documents required to fill a position in the UN Department of Peacekeeping Operations.
CERT-UA is tracking this hostile hacker group under the UAC-0149 identification. It is this group that is very active in targeting individual servicemen using deception and various offers.
How to recognize an attack:
▪️ you receive a message in Signal or another messenger with an urgent question, request or offer, for example, a request to provide documents for a position at the UN;
▪️ a file, for example, "Support.rar", is attached to the message.
What to do if you receive this message:
- do not open the attached file!
- do not follow the links in the message!
- contact CERT-UA to analyze the message and file.
What to do to protect yourself:
🔹 be vigilant and critical of any messages that encourage you to open files or follow links, including those received via messengers;
🔹 at the slightest suspicion of a message, provide links and files for analysis to the relevant departments and/or CERT-UA.
System administrators are encouraged to:
🔻 prohibit users from running utilities such as powershell.exe, wscript.exe, csript.exe, mshta.exe, and others;
🔻 use the standard mechanisms of the operating system (SRP, AppLocker, registry settings) for this purpose.
If you find any suspicious messages or files, please report them immediately:
➡️ CERT-UA (cert@cert.gov.ua, mob. +38 (044) 281-88-25)
➡️ ITS Cybersecurity Center (b/o A0334; email: csoc@post.mil.gov.ua, Signal: +380673321891).