Imitating the UKR.NET website to steal accounts: the State Service of Special Communications warned about a new fraudulent scheme

Imitating the UKR.NET website to steal accounts: the State Service of Special Communications warned about a new fraudulent scheme

Kyiv  •  UNN

 • 26011 views

The State Service for Special Communications warns of hacker attacks on Ukrainian military and civil servants through the fake website UKR.NET. The attackers are trying to hijack email accounts by sending emails with malicious links.

Hackers send emails to Ukrainian military and civil servants containing a link to a page that imitates the UKR.NET website. In this way, the attackers are trying to hijack email accounts. This was warned by the State Special Communication Service, UNN reports.

Details

Experts explain that the use of public email services, along with corporate email accounts, is a fairly common practice among government officials, military personnel, and employees of other Ukrainian businesses and organizations.

With this in mind, and given the lack of security features to verify emails, such services are used by malicious actors. 

Thus, during July 2024, the UAC-0102 group distributed emails with attachments in the form of archives containing an HTML file, opening which redirects the user to a web resource that imitates the UKR.NET service web page. In case of entering the login and password, the authentication data will be sent to the attackers, and the following document will be downloaded to the victim's computer as a bait

- said the State Special Communications Service.

Addendum

The analysts gave a number of tips to help protect against hacker attacks:

  • enable two-factor authentication;
  • avoid using public mail services from company computers;
  • configure a filter to redirect copies of incoming emails to the corporate email address, which will allow you to analyze the email, albeit retrospectively, with the available security tools.

Recall

Intelligence agencies of the United States, Britain, and South Korea have exposed the DPRK's cyber espionage campaign . Hackers attacked defense companies in an attempt to obtain data on nuclear and missile technologies.