25 February 2021

Ukrainian authorities warn of a cyberattack on government document management system


Ukrainian authorities warn of a cyberattack on government document management system

The National Coordination Center for Cybersecurity (NCCC) under the National Security and Defense Council of Ukraine (NSDC) has warned of a cyber attack aimed at the System of Electronic Interaction of Executive Bodies (SEI EB), a system used by the Ukrainian government agencies to share documents between each other.

According to a statement published by Ukraine's National Security and Defense Council, the agency has detected attempts to spread malware-laden e-documents via SEI EB, with the attackers’ goal being "the mass contamination of information resources of public authorities."

“The malicious documents contained a macro that secretly downloaded a program to remotely control a computer when opening the files. The methods and means of carrying out this cyberattack allow to connect it with one of the hacker spy groups fr om the Russian Federation,” the statement reads.

Based on its scenario, the officials believe that the breach attempt was a so-callled supply-chain attack wh ere hackers try to gain access to target organization via vulnerabilities in tools and services it uses.

NSDC did not attribute the attack to a specific Russia-linked APT group, but it provided IoCs (Indicators of Compromise) related to the breach. They are as follows:

  • Domains: enterox.ru

  • IP addresses: 109.68.212.97

  • Link (URL): http://109[.]68[.]212[.]97/infant[.]php

Back to the list

Latest Posts

Chinese hackers reportedly behind hundreds cyber attacks in Japan

Chinese hackers reportedly behind hundreds cyber attacks in Japan

The attacks targeted nearly 200 companies and organizations in Japan, including the country's space agency and defence firms.
20 April 2021
Lazarus APT has found a clever way to conceal its malicious code

Lazarus APT has found a clever way to conceal its malicious code

The hacker group is now using BMP images to drop its RAT.
20 April 2021
Reuters: Hundreds of customer networks breached in Codecov supply-chain attack

Reuters: Hundreds of customer networks breached in Codecov supply-chain attack

Hackers have used Bash Uploader to gain access to hundreds of networks belonging to the company’s customers.
20 April 2021