CERT-UA detected cyberattacks on the Defense Forces via malicious XLL files
Kyiv • UNN
CERT-UA reports that attackers are distributing executable .xll files, disguised as official documents, to compromise computers of personnel within the Defense Forces. Opening these files in Excel leads to the installation of a backdoor, providing remote access to the computer.
The National Cyber Incident, Cyberattack, Cyberthreat Response Team CERT-UA reports that attackers are distributing executable .xll files, disguised as official documents, to hack computers of people from the Defense Forces. This was reported by the State Special Communications Service, writes UNN.
Details
According to the State Special Communications Service, the files arrive, in particular, via the Signal messenger; opening them in Excel leads to the installation of malicious software – a backdoor that provides remote access to the computer.
Hackers breached Cisco devices in the US government26.09.25, 05:40 • 14402 views
In several cases, specialists found that files with names like "Appeal of Combatants.xll" or detention documents were sent to targeted individuals. These are not ordinary documents – an .xll file runs in Excel and can independently install malicious software. After opening, attackers gain control over the computer and can steal data or monitor.
What ordinary users should do: do not open .xll files if they arrived unexpectedly or from unfamiliar people. If the file was sent by acquaintances – ask them again through another channel (call, SMS). Do not run attachments in messengers without checking. If you find anything suspicious – inform your IT administrator or CERT-UA.