HQ/EMEAFind out how we can help your business
In a recent cyberattack, hackers impersonating the Security Service of Ukraine (SSU) have successfully compromised over 100 computers belonging to various Ukrainian government agencies. The Computer Emergency Response Team of Ukraine (CERT-UA) disclosed that these attackers used malicious spam emails to deploy AnonVNC malware, targeting central and local government bodies.
The fake emails were designed to seem like the Security Service of Ukraine (SSU) sent them.
Aside from the malicious emails posing as the Security Service of Ukraine, a misleading request was also added, requesting a list of papers to be sent to the SSU by August 15, 2024. The emails also included an attachment called Dokumenty.zip, which contained what appeared to be a list of papers that were wanted. But in reality, the malware was delivered by means of this attachment.
This attack started about on July 12, 2024. The emails contained links to an MSI Windows installation file hosted on gbshost[.]net, which was used to infect the targeted PCs with malware. More than 100 compromised machines have been found by CERT-UA, which also notes that the attack has affected a number of federal, state, and local government organisations. The software gave the attackers—who were recognised as the threat group UAC-0198—covert access to the compromised computers.
The attack’s scope appears extensive, with CERT-UA indicating that these cyber intrusions may span beyond Ukraine and have been ongoing since at least July 2024. This incident highlights a broader trend of heightened cyber threats against Ukrainian institutions.
Meanwhile, Ukraine has recently been subjected to serious cyber threats. In one instance, in January 2024, over 600 apartment buildings in Lviv had a disruption in heating systems due to the FrostyGoop malware, which was linked to Russian threat actors. As a result, inhabitants endured frigid conditions without heat. The infamous Sandworm hacking group, which has been connected to Russian military activities, also attacked and, in some cases, hacked 20 crucial infrastructure organisations in Ukraine in April 2024, having an impact on the electricity, water, and heating sectors.
These attacks have been notable in both their frequency and severity; in December 2023, Sandworm also gained access to Kyivstar’s network and proceeded to wipe out thousands of systems. According to CERT-UA, starting May 2023, Sandworm has infiltrated the networks of eleven telecom service providers in Ukraine.
The Main Intelligence Directorate (GUR) of the Ukrainian Ministry of Defense countered by claiming that it was the group that broke into the Russian Ministry of Defense in March 2024. The Russian Federal Air Transport Agency and the Russian Center for Space Hydrometeorology were among the Russian organisations against whom GUR previously claimed to have successfully breached.
