$42.200.13
49.230.04
ukenru
December 4, 08:25 PM • 13791 views
Defense Forces hit one of Russia's largest chemical enterprises - General Staff
December 4, 07:56 PM • 24674 views
The Ukrainian delegation will continue negotiations in the US today, the task is to get full information about what was said in Russia - ZelenskyyVideo
December 4, 04:56 PM • 22293 views
Four unknown drones followed the flight path of the plane carrying Zelensky as he headed to Ireland - Media
Exclusive
December 4, 03:01 PM • 38174 views
Revocation of Odrex's medical license is not the end yet: what the Ministry of Health must do to stop the “conveyor belt of tragedies”
December 4, 12:31 PM • 28473 views
Low-cost airlines plan return to Ukraine: FT learned when
Exclusive
December 4, 12:12 PM • 42957 views
Winter skincare: dermatologist's tips to protect your face from dryness and irritation
December 4, 12:01 PM • 23129 views
The Armed Forces of Ukraine are holding back the Russians in Pokrovsk and Myrnohrad, preventing them from advancing - Syrskyi
Exclusive
December 4, 11:24 AM • 22518 views
A popular medicine from the German manufacturer Heel is returning to Ukrainian pharmacies
December 4, 09:37 AM • 22707 views
US peace plan talks are being held in parallel on four separate elements - NYT
December 3, 11:09 PM • 32429 views
Witkoff and Kushner to meet Umerov on December 4 - AP
Rubrics
Main
Main
Politics
Politics
War in Ukraine
War in Ukraine
Economy
Economy
Society
Society
Crimes and emergencies
Crimes and emergencies
Our people abroad
Our people abroad
News of the World
News of the World
Kyiv
Kyiv
Kyiv region
Kyiv region
Health
Health
Technologies
Technologies
Sports
Sports
Culture
Culture
Life hack
Life hack
UNN Lite
UNN Lite
Auto
Auto
Education
Education
Weather and environment
Weather and environment
Real Estate
Real Estate
Finance
Finance
Culinary
Culinary
Business News
Business News
Publications
Exclusives
Menu
Tags
Authors
About agency
Contact
Advertising
Archive

Information agency «Ukrainian National News»

Subject in the field of online media; media identifier - R40-05926

This resource is intended for persons who have reached the age of 21.

All rights reserved. © 2007 — 2025

Погода
+5°
2m/s
94%
757mm
Electricity outage schedules
Popular news
Belgian PM confirms meeting with Merz on Friday regarding reparations loan to Ukraine, but there's a catch - ReutersDecember 4, 09:23 PM • 6354 views
Fakes about "dangerous Ukrainian food" in Poland are spreading on social media - Center for Countering DisinformationPhotoDecember 4, 11:00 PM • 7570 views
"There is hope": Vance announces good news regarding the war in Ukraine in the coming weeks02:35 AM • 8704 views
ISW: Putin changed his rhetoric on the war, but did not abandon his initial goals03:32 AM • 13856 views
Trump: The war in Ukraine will end, we are establishing peace around the world04:03 AM • 10096 views
Publications
Magamedrasulov's release from custody does not mean acquittal: what the NABU detective is accused of and what could happen next06:30 AM • 1272 views
Revocation of Odrex's medical license is not the end yet: what the Ministry of Health must do to stop the “conveyor belt of tragedies”
Exclusive
December 4, 03:01 PM • 38180 views
"Black Friday" for Pyshnyi and ICU: political scientist on how Yermak's resignation destroyed their immunityDecember 4, 12:21 PM • 33344 views
Winter skincare: dermatologist's tips to protect your face from dryness and irritation
Exclusive
December 4, 12:12 PM • 42961 views
Case of Mi-8MT weapon systems: two helicopters returned to the army inoperablePhotoDecember 4, 06:30 AM • 49810 views
Actual people
Donald Trump
Rustem Umerov
Steve Witkoff
Marco Rubio
Volodymyr Zelenskyy
Actual places
Ukraine
United States
Israel
Brussels
Poland
Advertisement
UNN Lite
Pantone named the color of 2026: a shade of white chosen for the first timeVideoDecember 4, 02:10 PM • 15382 views
Parubiy, NABU, "labubu" and more: Google named the most popular queries of Ukrainians in 2025December 4, 08:53 AM • 29130 views
"For peace": Hegseth said he would host a dinner with Trump, Zelenskyy and Putin, with "Russian dressing" on the menuDecember 3, 09:06 AM • 30103 views
Oxford Dictionary named "rage bait" the word of 2025: what it meansDecember 1, 10:58 AM • 74737 views
Olena Topolia and the leader of the band "Antytila" are divorcing after 12 years of marriagePhotoVideoDecember 1, 08:53 AM • 77452 views
Actual
Technology
Social network
Gold
James Webb Space Telescope
The Diplomat

Cyberattacks on state bodies: a multi-level interaction scheme via Word and Signal revealed

Kyiv • UNN

 • 2397 views

The State Service of Special Communications reported new targeted cyberattacks on state institutions, which begin with sending a Microsoft Word document via Signal. This is followed by infection with the BEARDSHELL malicious code, which gives hackers full control over the device, and CERT-UA links this activity to the UAC-0001 group, controlled by Russian special services.

Cyberattacks on state bodies: a multi-level interaction scheme via Word and Signal revealed

Cyberattacks on government agencies: a new multi-level scheme discovered. The State Service of Special Communications and Information Protection of Ukraine reported new targeted cyberattacks on government institutions. This is reported by UNN with reference to the message of the State Special Communications Telegram channel.

Details

The National Cyber ​​Incident Response Team CERT-UA recorded the use of a complex multi-level method of affecting computer systems. As noted, "the attack begins with the attacker, well aware of their target, sending a Microsoft Word document (for example, "Act.doc") via Signal with an embedded macro."

After the user opens the file and activates the macro, a hidden infection process begins.

After opening the document and activating the macro, a hidden infection mechanism is launched on the computer, the malicious code is fixed in the system

- says the message.

At the next stage of the attack, the COVENANT component is activated – a hacker framework that works in the RAM of the infected device. According to CERT-UA, "it uses the API of the legitimate cloud service Koofr to receive commands from attackers."

Then the BEARDSHELL backdoor is downloaded to the system – spyware that provides full remote control over the infected computer.

As noted, "through COVENANT, the main spyware – the BEARDSHELL backdoor – is downloaded and launched on the computer, giving hackers full control over the device."

CERT-UA associates this activity with the UAC-0001 group, also known as APT28, which, according to special services, operates under the control of Russian special services.

Recall

Earlier, Minister of Digital Transformation Mykhailo Fedorov reported that Ukraine faces thousands of cyberattacks every month. Almost all employees of the Ministry of Digital Transformation use specialized AI-based software to counter viruses.

CERT-UA regularly records attempts of cyberattacks on Ukrainian state and critical infrastructures, especially in the context of aggression from Russia.

Andrey Kulik

PoliticsTechnologies
Signal
Mykhailo Fedorov
Ukraine