"We offer a new position": Russians use new tactics for cyberattacks

"We offer a new position": Russians use new tactics for cyberattacks

Kyiv  •  UNN

 • 107526 views

Russian hackers are using social engineering tactics, offering fake jobs abroad, to launch cyberattacks on Ukrainian military personnel by sending malicious files through messaging programs such as Signal.

The government's computer emergency response team CERT-UA, which operates under the State Special Communications Service, warns of a new cyber threat against the Ukrainian Defense Forces. Enemy hackers are using social engineering to conduct cyberattacks against the Armed Forces. They can send messages with the content "We offer a new position abroad."  This was reported by the State Communications Service, UNN reports.

Details

The attackers send malicious files via the Signal messenger, disguising them as documents required to fill a position in the UN Department of Peacekeeping Operations.

CERT-UA is tracking this hostile hacker group under the UAC-0149 identification. It is this group that is very active in targeting individual servicemen using deception and various offers.

How to recognize an attack:

▪️ you receive a message in Signal or another messenger with an urgent question, request or offer, for example, a request to provide documents for a position at the UN;

▪️ a file, for example, "Support.rar", is attached to the message.

What to do if you receive this message:

  • do not open the attached file!
  • do not follow the links in the message!
  • contact CERT-UA to analyze the message and file.

What to do to protect yourself:

🔹 be vigilant and critical of any messages that encourage you to open files or follow links, including those received via messengers;

🔹 at the slightest suspicion of a message, provide links and files for analysis to the relevant departments and/or CERT-UA.

System administrators are encouraged to:

🔻 prohibit users from running utilities such as powershell.exe, wscript.exe, csript.exe, mshta.exe, and others;

🔻 use the standard mechanisms of the operating system (SRP, AppLocker, registry settings) for this purpose.

If you find any suspicious messages or files, please report them immediately:

➡️ CERT-UA ([email protected], mob. +38 (044) 281-88-25)

➡️ ITS Cybersecurity Center (b/o A0334; email: [email protected], Signal: +380673321891). 

"Your financial account has been added": Interior Ministry warned of new cyber fraud schemeApr 16 2024, 07:00 PM • 21503 views