State Special Communications warned of a new cyber threat: which emails should not be opened and why
Kyiv • UNN
CERT-UA specialists detected the distribution of dangerous emails among educational institutions in Sumy region and government agencies. The emails contain a link to Google Drive with a ZIP archive, downloading which leads to devices being infected with malicious software.
The Computer Emergency Response Team of Ukraine (CERT-UA) has uncovered instances of dangerous email distribution and discussed the threats, UNN reports with reference to the State Special Communications Service.
In the first ten days of November, CERT-UA specialists discovered instances of dangerous email distribution among educational institutions in Sumy region and government bodies. The emails contain a link to Google Drive with a ZIP archive, downloading which leads to devices being infected with malicious programs that steal passwords, files, etc.
According to the State Special Communications Service, the mailings were carried out from a compromised Gmail account that was used in one of the region's higher educational institutions.
The investigation showed that the initial infection occurred on May 26, 2025, when a malicious email, allegedly sent by the State Emergency Service Department in Sumy region, was opened. Since then, the attackers have had long-term remote access to the institution's systems and could use its infrastructure for new cyberattacks.
Let's add
CERT-UA emphasizes: the reason for such incidents is the systematic ignoring of cybersecurity measures.
Also, the requirements for informing CERT-UA about cyber incidents are often violated, which complicates a quick response.