HQ/EMEAFind out how we can help your business
CERT-UA has published an advisory about threat actors who are trying to impersonate them and deploy fake AnyDesk requests.
The Ukrainian Computer Emergency Response Team stated that the campaign is an ongoing activity by unknown hackers. The AnyDesk requests are allegedly for conducting an audit to assess the “level of security” of a targeted entity.
Hence, the advisory warns various enterprises, urging them to be suspicious of incoming emails. These attackers may also use social engineering attempts to exploit user confidence.
The government-owned cybersecurity agency reminds everyone to scrutinise incoming emails to spot fake AnyDesk requests.
CERT-UA reiterated that in some instances, it may utilise remote access software, so the threat actors may have seen the angle and deployed their fake AnyDesk requests. Therefore, the agency reminds the public that they only use remote access software if they have already conducted an agreement with the owners of cyber defence targets via officially permitted contact channels.
On the other hand, the attackers could only execute the hack if the AnyDesk remote access program is installed and operational on the target’s computer. This attack also requires the attacker to have the target’s AnyDesk identifier, implying that they may need to gain it first through other means.
To reduce the risk posed by these cyberattacks, users should only permit remote access programs for a specific duration and coordinate their use via official communication channels.
The campaign’s announcement comes as Ukraine’s State Service for Special Communications and Information Protection (CIP) revealed that the cyber agency’s incident response centre detected over 1,000 incidents last year.
These malicious code and intrusion attempts account for over 75% of all events. Furthermore, the notorious cybercriminal group Gamaredon is allegedly responsible for 277 instances.
Also, last year, separate attacks targeting Ukraine led to the discovery of 24 previously unreported [.]shop top-level domains presumably connected with the pro-Russian advanced persistent threat group dubbed GhostWriter.
These various cybercriminal campaigns against Ukraine could continue this year as the geopolitical conflict against Russia has yet to stop.
